Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

Oracle Linux 7 ELSA-2023-7743 Low Severity Curl Package Update

oracle
Calendar Grey December 14, 2023
Oracle Linux Logo Esm H88
Updated curl packages in Oracle Linux address minor security concerns and fixes for efficiency and stability.
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

Summary

[7.29.0-59.0.3.el7_9.2] - load CA certificates even with --insecure [Orabug: 32836997] - Fix TFTP small blocksize heap buffer overflow (: 30568724] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers (https://curl.se/docs/CVE-2016-8615.html) - CVE-2016-8616 case insensitive password comparison (https://curl.se/docs/CVE-2016-8616.html) - CVE-2016-8617 OOB write via unchecked multiplication (https://curl.se/docs/CVE-2016-8617.html) - CVE-2016-8618 double-free in curl_maprintf (https://curl.se/docs/CVE-2016-8618.html) - CVE-2016-8619 double-free in krb5 code (https://curl.se/docs/CVE-2016-8619.html) - CVE-2016-8621 curl_getdate read out of bounds (https://curl.se/docs/CVE-2016-8621.html) - CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.se/docs/CVE-2016-8622.html) - CVE-2016-8623 Use-after-free via shared cookies (https://curl.se/docs/CVE-2016-8623.html) - CVE-2016-8624 invalid URL parsing with # (https://curl.se/docs/CV...

Read the Full Advisory

SRPMs

https://oss.oracle.com:443/ol7/SRPMS-updates//curl-7.29.0-59.0.3.el7_9.2.src.rpm

x86_64

curl-7.29.0-59.0.3.el7_9.2.x86_64.rpm libcurl-7.29.0-59.0.3.el7_9.2.i686.rpm libcurl-7.29.0-59.0.3.el7_9.2.x86_64.rpm libcurl-devel-7.29.0-59.0.3.el7_9.2.i686.rpm libcurl-devel-7.29.0-59.0.3.el7_9.2.x86_64.rpm

aarch64

Severity
low
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2022-43552

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.