[Oraclevm-errata] OVMSA-2020-0035 Important: Oracle VM 3.4 curl security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue Sep 1 08:11:58 PDT 2020

Oracle VM Security Advisory OVMSA-2020-0035

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- Fix TFTP small blocksize heap buffer overflow 

- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers 
- CVE-2016-8616 case insensitive password comparison 
- CVE-2016-8617 OOB write via unchecked multiplication 
- CVE-2016-8618 double-free in curl_maprintf 
- CVE-2016-8619 double-free in krb5 code 
- CVE-2016-8621 curl_getdate read out of bounds 
- CVE-2016-8623 Use-after-free via shared cookies 
- CVE-2016-8624 invalid URL parsing with # 
- use PK11_CreateManagedGenericObject in libcurl to prevent memory leak 
[orabug 28666473]

- fix auth failure with duplicated WWW-Authenticate header (#1757643)

More information about the Oraclevm-errata mailing list