Lucene search
OracleLinuxELSA-2016-2575HistoryNov 09, 2016 - 12:00 a.m.
curl security, bug fix, and enhancement update
2016-11-0900:00:00
linux.oracle.com
27
0.005 Low
EPSS
Percentile
76.4%
[7.29.0-35]
- fix incorrect use of a previously loaded certificate from file
(related to CVE-2016-5420)
[7.29.0-34] - acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option
(required by the fix for CVE-2016-5419)
[7.29.0-33] - fix re-using connections with wrong client cert (CVE-2016-5420)
- fix TLS session resumption client cert bypass (CVE-2016-5419)
[7.29.0-32] - configure: improve detection of GCCβs -fvisibility= flag
[7.29.0-31] - prevent curl_multi_wait() from missing an event (#1347904)
[7.29.0-30] - curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts (#1305974)
[7.29.0-29] - SSH: make CURLOPT_SSH_PUBLIC_KEYFILE treat ββ as NULL (#1275769)
[7.29.0-28] - prevent NSS from incorrectly re-using a session (#1269855)
- call PR_Cleanup() in the upstream test-suite if NSPR is used (#1243324)
- disable unreliable upstream test-case 2032 (#1241168)
[7.29.0-27] - SSH: do not require public key file for user authentication (#1275769)
[7.29.0-26] - implement βcurl --unix-socketβ and CURLOPT_UNIX_SOCKET_PATH (#1263318)
- improve parsing of URL-encoded user name and password (#1260178)
- prevent test46 from failing due to expired cookie (#1258834)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 7 | src | curl | <Β 7.29.0-35.el7 | curl-7.29.0-35.el7.src.rpm |
| oracle linux | 7 | x86_64 | curl | <Β 7.29.0-35.el7 | curl-7.29.0-35.el7.x86_64.rpm |
| oracle linux | 7 | i686 | libcurl | <Β 7.29.0-35.el7 | libcurl-7.29.0-35.el7.i686.rpm |
| oracle linux | 7 | x86_64 | libcurl | <Β 7.29.0-35.el7 | libcurl-7.29.0-35.el7.x86_64.rpm |
| oracle linux | 7 | i686 | libcurl-devel | <Β 7.29.0-35.el7 | libcurl-devel-7.29.0-35.el7.i686.rpm |
| oracle linux | 7 | x86_64 | libcurl-devel | <Β 7.29.0-35.el7 | libcurl-devel-7.29.0-35.el7.x86_64.rpm |
Related
openvas
openvas
RedHat Update for curl RHSA-2016:2575-02
2016-11-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2449-1)
2021-06-09 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2016-1074)
2020-01-23 00:00:00
redhat
redhat
centos
centos
curl, libcurl security update
2016-11-25 15:56:44
nessus
nessus
Scientific Linux Security Update : curl on SL7.x x86_64 (20161103)
2016-12-15 00:00:00
SUSE SLES11 Security Update : curl (SUSE-SU-2016:2449-1)
2016-10-05 00:00:00
EulerOS 2.0 SP1 : curl (EulerOS-SA-2016-1074)
2017-05-01 00:00:00
ibm
ibm
cve
cve
prion
prion
Authentication flaw
2016-10-03 21:59:00
Authentication flaw
2016-08-10 14:59:00
Session fixation
2016-08-10 14:59:00
debiancve
debiancve
cvelist
cvelist
alpinelinux
alpinelinux
nvd
nvd
ubuntucve
ubuntucve
osv
osv
curl - security update
2016-08-04 00:00:00
curl - security update
2016-08-03 00:00:00
CVE-2016-5420
2016-08-10 14:59:00
debian
debian
[SECURITY] [DLA 586-1] curl security update
2016-08-04 17:47:12
[SECURITY] [DSA 3638-1] curl security update
2016-08-03 12:53:27
[SECURITY] [DLA 616-1] curl security update
2016-09-09 11:48:43
amazon
amazon
Low: curl
2016-09-27 10:30:00
Medium: curl
2016-08-17 13:30:00
kaspersky
kaspersky
KLA10859 Security bypass vulnerabilities in cURL
2016-08-03 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: curl-7.43.0-8.fc23
2016-08-16 22:24:26
[SECURITY] Fedora 24 Update: curl-7.47.1-6.fc24
2016-08-05 20:56:11
archlinux
archlinux
curl: multiple issues
2016-08-08 00:00:00
[ASA-201704-12] curl: certificate verification bypass
2017-04-29 00:00:00
cloudfoundry
cloudfoundry
USN-3048-1 curl vulnerability | Cloud Foundry
2016-08-25 00:00:00
USN-3123-1: curl vulnerabilities | Cloud Foundry
2016-12-13 00:00:00
slackware
slackware
[slackware-security] curl
2016-08-06 21:10:00
freebsd
freebsd
Vulnerabilities in Curl
2016-08-03 00:00:00
cURL -- TLS session resumption client cert bypass (again)
2017-04-19 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2016-08-08 00:00:00
curl vulnerabilities
2016-11-03 00:00:00
mageia
mageia
Updated curl packages fix security vulnerability
2016-08-31 18:32:33
redhatcve
redhatcve
veracode
veracode
Session Hijacking
2019-05-02 05:51:10
TLS Session Resumption Client Certificate Bypass
2019-01-15 09:14:08
TLS Session Resumption Client Certificate Bypass
2018-07-20 08:31:52
broadcom
broadcom
BSA-2017-216
2017-03-31 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.54.0-alt1
2017-04-19 00:00:00
suse
suse
Security update for curl (important)
2016-11-02 16:09:54
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
gentoo
gentoo
cURL: Multiple vulnerabilities
2017-01-19 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0420
2023-07-05 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0603
2023-06-26 00:00:00
apple
apple
androidsecurity
androidsecurity
Android Security BulletinβDecember 2016
2016-12-05 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00