Oracle Linux 6263 Published by

A curl bug fix update (aarch64) has been released for Oracle Linux 7.



Oracle Linux Bug Fix Advisory ELBA-2020-0372

  http://linux.oracle.com/errata/ELBA-2020-0372.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

aarch64:
curl-7.29.0-54.0.3.el7_7.2.aarch64.rpm
libcurl-7.29.0-54.0.3.el7_7.2.aarch64.rpm
libcurl-devel-7.29.0-54.0.3.el7_7.2.aarch64.rpm

SRPMS:
  http://oss.oracle.com/ol7/SRPMS-updates/curl-7.29.0-54.0.3.el7_7.2.src.rpm


Description of changes:

[7.29.0-54.0.3.el7_7.2]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers
(  https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison
(  https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication
(  https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf
(  https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code
(  https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds
(  https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation
(  https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies
(  https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with #
(  https://curl.haxx.se/docs/CVE-2016-8624.html)

[7.29.0-54.el7_7.2]
- allow curl to POST from a char device (#1769307)