Oracle Linux Security Advisory ELSA-2024-1601

https://linux.oracle.com/errata/ELSA-2024-1601.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
curl-7.61.1-33.el8_9.5.x86_64.rpm
libcurl-7.61.1-33.el8_9.5.i686.rpm
libcurl-7.61.1-33.el8_9.5.x86_64.rpm
libcurl-devel-7.61.1-33.el8_9.5.i686.rpm
libcurl-devel-7.61.1-33.el8_9.5.x86_64.rpm
libcurl-minimal-7.61.1-33.el8_9.5.i686.rpm
libcurl-minimal-7.61.1-33.el8_9.5.x86_64.rpm

aarch64:
curl-7.61.1-33.el8_9.5.aarch64.rpm
libcurl-7.61.1-33.el8_9.5.aarch64.rpm
libcurl-devel-7.61.1-33.el8_9.5.aarch64.rpm
libcurl-minimal-7.61.1-33.el8_9.5.aarch64.rpm


SRPMS:
https://oss.oracle.com:443/ol8/SRPMS-updates//curl-7.61.1-33.el8_9.5.src.rpm

Related CVEs:

CVE-2023-28322
CVE-2023-38546
CVE-2023-46218




Description of changes:

[7.61.1-33.5]
- cap SFTP packet size sent (RHEL-5485)
- when keyboard-interactive auth fails, try password (#2229800)
- unify the upload/method handling (CVE-2023-28322)
- fix cookie injection with none file (CVE-2023-38546)
- lowercase the domain names before PSL checks (CVE-2023-46218)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata