|
|
Subscribe / Log in / New account

Oracle alert ELSA-2015-2159 (curl)



From:
    	      Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
    	      el-errata@oss.oracle.com 


Subject:
    	      [El-errata] ELSA-2015-2159 Moderate: Oracle Linux 7 curl security, bug fix, and enhancement update 


Date:
    	      Mon, 23 Nov 2015 18:59:52 -0800


Message-ID:
    	      <5653D2A8.5040709@oracle.com>


Oracle Linux Security Advisory ELSA-2015-2159

http://linux.oracle.com/errata/ELSA-2015-2159.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
curl-7.29.0-25.0.1.el7.x86_64.rpm
libcurl-7.29.0-25.0.1.el7.i686.rpm
libcurl-7.29.0-25.0.1.el7.x86_64.rpm
libcurl-devel-7.29.0-25.0.1.el7.i686.rpm
libcurl-devel-7.29.0-25.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/curl-7.29.0-25.0....



Description of changes:

[7.29.0-25.0.1]
- disable check to make build pass

[7.29.0-25]
- fix spurious failure of test 1500 on ppc64le (#1218272)

[7.29.0-24]
- use the default min/max TLS version provided by NSS (#1170339)
- improve handling of timeouts and blocking direction to speed up FTP 
(#1218272)

[7.29.0-23]
- require credentials to match for NTLM re-use (CVE-2015-3143)
- close Negotiate connections when done (CVE-2015-3148)

[7.29.0-22]
- reject CRLFs in URLs passed to proxy (CVE-2014-8150)

[7.29.0-21]
- use only full matches for hosts used as IP address in cookies 
(CVE-2014-3613)
- fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle 
(CVE-2014-3707)

[7.29.0-20]
- eliminate unnecessary delay when resolving host from /etc/hosts (#1130239)
- allow to enable/disable new AES cipher-suites (#1066065)
- call PR_Cleanup() on curl tool exit if NSPR is used (#1071254)
- implement non-blocking TLS handshake (#1091429)
- fix limited connection re-use for unencrypted HTTP (#1101092)
- disable libcurl-level downgrade to SSLv3 (#1154060)
- include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161182)
- ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1166264)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds