[Oraclevm-errata] OVMSA-2020-0035 Important: Oracle VM 3.4 curl security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Tue Sep 1 08:11:58 PDT 2020
Oracle VM Security Advisory OVMSA-2020-0035
The following updated rpms for Oracle VM 3.4 have been uploaded to the
Unbreakable Linux Network:
x86_64:
curl-7.19.7-54.0.2.el6_10.x86_64.rpm
libcurl-7.19.7-54.0.2.el6_10.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/curl-7.19.7-54.0.2.el6_10.src.rpm
Description of changes:
[7.19.7-54.0.2]
- Fix TFTP small blocksize heap buffer overflow
(https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug:30568724]
462
[7.19.7-54.0.1]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers
(https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison
(https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication
(https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf
(https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code
(https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds
(https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8623 Use-after-free via shared cookies
(https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with #
(https://curl.haxx.se/docs/CVE-2016-8624.html)
- use PK11_CreateManagedGenericObject in libcurl to prevent memory leak
[orabug 28666473]
[7.19.7-54]
- fix auth failure with duplicated WWW-Authenticate header (#1757643)
More information about the Oraclevm-errata
mailing list