|
|
Log in / Subscribe / Register

Oracle alert ELSA-2017-2016 (curl)



From:
    	      Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> 


To:
    	      el-errata@oss.oracle.com 


Subject:
    	      [El-errata] ELSA-2017-2016 Moderate: Oracle Linux 7 curl security, bug fix, and enhancement update 


Date:
    	      Tue, 8 Aug 2017 13:51:09 -0700


Message-ID:
    	      <c2a3724f-1565-c391-9761-86e73df1a3bb@oracle.com>


Oracle Linux Security Advisory ELSA-2017-2016

http://linux.oracle.com/errata/ELSA-2017-2016.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
curl-7.29.0-42.el7.x86_64.rpm
libcurl-7.29.0-42.el7.i686.rpm
libcurl-7.29.0-42.el7.x86_64.rpm
libcurl-devel-7.29.0-42.el7.i686.rpm
libcurl-devel-7.29.0-42.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/curl-7.29.0-42.el...



Description of changes:

[7.29.0-42]
- fix use of uninitialized variable detected by Covscan

[7.29.0-41]
- make FTPS work with --proxytunnel (#1420327)

[7.29.0-40]
- make FTPS work with --proxytunnel (#1420327)

[7.29.0-39]
- work around race condition in PK11_FindSlotByName() in NSS (#1404815)

[7.29.0-38]
- make FTPS work with --proxytunnel (#1420327)

[7.29.0-37]
- fix tight loop in non-blocking TLS handhsake over proxy (#1388162)
- handle cookies with numerical IPv6 address (#1341503)
- make libcurl recognize chacha20-poly1305 and SHA384 cipher-suites 
(#1374740)
- curl -E: allow to escape ':' in cert nickname (#1376062)
- run automake in %prep to avoid patching Makefile.in files from now on

[7.29.0-36]
- reject negative string lengths in curl_easy_[un]escape() (CVE-2016-7167)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds