Oracle alert ELSA-2018-3157 (curl and nss-pem)
From: | Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> | |
To: | el-errata@oss.oracle.com | |
Subject: | [El-errata] ELSA-2018-3157 Moderate: Oracle Linux 7 curl and nss-pem security and bug fix update | |
Date: | Tue, 6 Nov 2018 15:06:05 -0800 | |
Message-ID: | <c0ce2366-e6cb-6f2f-9cca-973e08151f10@oracle.com> |
Oracle Linux Security Advisory ELSA-2018-3157 http://linux.oracle.com/errata/ELSA-2018-3157.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: curl-7.29.0-51.el7.x86_64.rpm libcurl-7.29.0-51.el7.i686.rpm libcurl-7.29.0-51.el7.x86_64.rpm libcurl-devel-7.29.0-51.el7.i686.rpm libcurl-devel-7.29.0-51.el7.x86_64.rpm nss-pem-1.0.3-5.el7.i686.rpm nss-pem-1.0.3-5.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/curl-7.29.0-51.el... http://oss.oracle.com/ol7/SRPMS-updates/nss-pem-1.0.3-5.e... Description of changes: curl [7.29.0-51] - require a new enough version of nss-pem to avoid regression in yum (#1610998) [7.29.0-50] - remove dead code, detected by Coverity Analysis - remove unused variable, detected by GCC and Clang [7.29.0-49] - make curl --speed-limit work with TFTP (#1584750) [7.29.0-48] - fix RTSP bad headers buffer over-read (CVE-2018-1000301) - fix FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120) - fix LDAP NULL pointer dereference (CVE-2018-1000121) - fix RTSP RTP buffer over-read (CVE-2018-1000122) - http: prevent custom Authorization headers in redirects (CVE-2018-1000007) - doc: --tlsauthtype works only if built with TLS-SRP support (#1542256) - update certificates in the test-suite because they expire soon (#1572723) [7.29.0-47] - make NSS deallocate PKCS #11 objects early enough (#1510247) nss-pem [1.0.3-5] - update object ID while reusing a certificate (#1610998) _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata