ELSA-2023-7743 -- Oracle curl_libcurlID: oval:org.secpod.oval:def:1507194 | Date: (C)2023-12-27 (M)2024-04-03 |
Class: PATCH | Family: unix |
[7.29.0-59.0.3.el7_9.2] - load CA certificates even with --insecure [Orabug: 32836997] - Fix TFTP small blocksize heap buffer overflow [CVE-2019-5482][Orabug: 30568724] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers - CVE-2016-8616 case insensitive password comparison - CVE-2016-8617 OOB write via unchecked multiplication - CVE-2016-8618 double-free in curl_maprintf - CVE-2016-8619 double-free in krb5 code - CVE-2016-8621 curl_getdate read out of bounds - CVE-2016-8622 URL unescape heap overflow via integer truncation - CVE-2016-8623 Use-after-free via shared cookies - CVE-2016-8624 invalid URL parsing with # - Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch [7.29.0-59.el7_9.2] - fix HTTP proxy deny use after free - rebuild certs with 2048-bit RSA keys