Lucene search
OracleLinuxELSA-2017-2016HistoryAug 07, 2017 - 12:00 a.m.
curl security, bug fix, and enhancement update
2017-08-0700:00:00
linux.oracle.com
27
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
87.9%
[7.29.0-42]
- fix use of uninitialized variable detected by Covscan
[7.29.0-41] - make FTPS work with --proxytunnel (#1420327)
[7.29.0-40] - make FTPS work with --proxytunnel (#1420327)
[7.29.0-39] - work around race condition in PK11_FindSlotByName() in NSS (#1404815)
[7.29.0-38] - make FTPS work with --proxytunnel (#1420327)
[7.29.0-37] - fix tight loop in non-blocking TLS handhsake over proxy (#1388162)
- handle cookies with numerical IPv6 address (#1341503)
- make libcurl recognize chacha20-poly1305 and SHA384 cipher-suites (#1374740)
- curl -E: allow to escape ‘:’ in cert nickname (#1376062)
- run automake in %prep to avoid patching Makefile.in files from now on
[7.29.0-36] - reject negative string lengths in curl_easy_[un]escape() (CVE-2016-7167)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 7 | src | curl | < 7.29.0-42.el7 | curl-7.29.0-42.el7.src.rpm |
| oracle linux | 7 | aarch64 | curl | < 7.29.0-42.el7 | curl-7.29.0-42.el7.aarch64.rpm |
| oracle linux | 7 | aarch64 | libcurl | < 7.29.0-42.el7 | libcurl-7.29.0-42.el7.aarch64.rpm |
| oracle linux | 7 | aarch64 | libcurl-devel | < 7.29.0-42.el7 | libcurl-devel-7.29.0-42.el7.aarch64.rpm |
| oracle linux | 7 | src | curl | < 7.29.0-42.el7 | curl-7.29.0-42.el7.src.rpm |
| oracle linux | 7 | x86_64 | curl | < 7.29.0-42.el7 | curl-7.29.0-42.el7.x86_64.rpm |
| oracle linux | 7 | i686 | libcurl | < 7.29.0-42.el7 | libcurl-7.29.0-42.el7.i686.rpm |
| oracle linux | 7 | x86_64 | libcurl | < 7.29.0-42.el7 | libcurl-7.29.0-42.el7.x86_64.rpm |
| oracle linux | 7 | i686 | libcurl-devel | < 7.29.0-42.el7 | libcurl-devel-7.29.0-42.el7.i686.rpm |
| oracle linux | 7 | x86_64 | libcurl-devel | < 7.29.0-42.el7 | libcurl-devel-7.29.0-42.el7.x86_64.rpm |
Related
nessus
nessus
Scientific Linux Security Update : curl on SL7.x x86_64 (20170801)
2017-08-22 00:00:00
Fedora 24 : curl (2016-7a2ed52d41)
2016-09-16 00:00:00
alpinelinux
alpinelinux
CVE-2016-7167
2016-10-07 14:59:00
osv
osv
curl - security update
2016-09-17 00:00:00
curl - security update
2018-11-06 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar Network Security is affected by a vulnerability in Curl (CVE-2016-7167)
2018-06-16 22:02:07
Security Bulletin: IBM Security Access Manager Appliance is affected by a cURL vulnerability (CVE-2016-7167)
2018-06-16 22:05:00
Security Bulletin: A vulnerability in curl affects PowerKVM
2018-06-18 01:37:29
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:18:26
archlinux
archlinux
[ASA-201609-19] curl: denial of service
2016-09-20 00:00:00
[ASA-201609-18] lib32-curl: denial of service
2016-09-20 00:00:00
cve
cve
CVE-2016-7167
2016-10-07 14:59:00
freebsd
freebsd
cURL -- Escape and unescape integer overflows
2016-09-14 00:00:00
openvas
openvas
Fedora Update for curl FEDORA-2016-80f4f71eff
2016-10-05 00:00:00
Slackware: Security Advisory (SSA:2016-259-01)
2022-04-21 00:00:00
Debian: Security Advisory (DLA-625-1)
2023-03-08 00:00:00
debian
debian
[SECURITY] [DLA 625-1] curl security update
2016-09-17 18:28:27
[SECURITY] [DLA 1568-1] curl security update
2018-11-06 21:01:10
fedora
fedora
[SECURITY] Fedora 24 Update: curl-7.47.1-8.fc24
2016-09-15 22:53:43
[SECURITY] Fedora 23 Update: curl-7.43.0-10.fc23
2016-09-29 23:08:15
[SECURITY] Fedora 25 Update: curl-7.50.3-1.fc25
2016-09-17 22:35:35
ubuntucve
ubuntucve
CVE-2016-7167
2016-10-07 00:00:00
slackware
slackware
[slackware-security] curl
2016-09-16 00:31:23
redhat
redhat
(RHSA-2017:2016) Moderate: curl security, bug fix, and enhancement update
2017-08-01 05:57:16
(RHSA-2018:2486) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
2018-08-16 16:05:21
(RHSA-2018:3558) Moderate: httpd24 security, bug fix, and enhancement update
2018-11-13 08:00:33
mageia
mageia
Updated curl packages fix security vulnerability
2016-09-21 23:38:22
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.50.3-alt1
2016-09-14 00:00:00
redhatcve
redhatcve
CVE-2016-7167
2016-09-14 08:48:34
debiancve
debiancve
CVE-2016-7167
2016-10-07 14:59:00
prion
prion
Integer overflow
2016-10-07 14:59:00
centos
centos
curl, libcurl security update
2017-08-24 01:36:34
amazon
amazon
Low: curl
2016-09-27 10:30:00
suse
suse
Security update for curl (important)
2016-11-02 16:07:53
Security update for curl (important)
2016-11-10 17:06:47
Security update for curl (important)
2016-11-03 15:08:42
cloudfoundry
cloudfoundry
USN-3123-1: curl vulnerabilities | Cloud Foundry
2016-12-13 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2016-11-03 00:00:00
ics
ics
Hitachi Energy MSM Product
2022-08-30 12:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2017-01-19 00:00:00
apple
apple
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
87.9%
Related for ELSA-2017-2016