Red Hat Product Errata RHSA-2017:0847 - Security Advisory

Issued:: 2017-03-29
Updated:: 2017-03-29

RHSA-2017:0847 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: curl security update

Type/Severity

Security Advisory: Moderate

Topic

An update for curl is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server. (CVE-2017-2628)

This issue was discovered by Paulo Andrade (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

BZ - 1422464 - CVE-2017-2628 curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148)

CVEs

CVE-2017-2628

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
curl-7.19.7-53.el6_9.src.rpm	SHA-256: 486e87605279ecf69e97a589f04d5cb857265241ec5f160719573ebe51f33ba2
x86_64
curl-7.19.7-53.el6_9.x86_64.rpm	SHA-256: eb8f6bf295264203e143cc7d13d5986cda3527a59d15821947f0fd72935bcf99
curl-debuginfo-7.19.7-53.el6_9.i686.rpm	SHA-256: fb71780c68c69472aec9cd35389c1915dd3096e94ac11ba0e4aef531bebd03b7
curl-debuginfo-7.19.7-53.el6_9.x86_64.rpm	SHA-256: 6ce627ab036ee8383794ad090668016b09399c1d7255e1b102ceb35488f28667
libcurl-7.19.7-53.el6_9.i686.rpm	SHA-256: 54034d55b09893998b2c2329cd94bd0e909b68164cfc71d682b7e7b4bb4fc17d
libcurl-7.19.7-53.el6_9.x86_64.rpm	SHA-256: c1dd39936707ddb865074db78adf97271c35464bdeb14b722f6774b747da5754
libcurl-devel-7.19.7-53.el6_9.i686.rpm	SHA-256: 456e348a6387ce2f671fa9f1a51e55779d180177a075ab0ce901c5747ce99164
libcurl-devel-7.19.7-53.el6_9.x86_64.rpm	SHA-256: d9879351fd5fd62d439e7d094fdba6458b47a46198da5a4eb0aec44f92cc80da
i386
curl-7.19.7-53.el6_9.i686.rpm	SHA-256: f54205a742a9e2122d3478722fa7385f62f8c6dd5b14095a2ba5b39842e84c00
curl-debuginfo-7.19.7-53.el6_9.i686.rpm	SHA-256: fb71780c68c69472aec9cd35389c1915dd3096e94ac11ba0e4aef531bebd03b7
libcurl-7.19.7-53.el6_9.i686.rpm	SHA-256: 54034d55b09893998b2c2329cd94bd0e909b68164cfc71d682b7e7b4bb4fc17d
libcurl-devel-7.19.7-53.el6_9.i686.rpm	SHA-256: 456e348a6387ce2f671fa9f1a51e55779d180177a075ab0ce901c5747ce99164

Red Hat Enterprise Linux Workstation 6

SRPM
curl-7.19.7-53.el6_9.src.rpm	SHA-256: 486e87605279ecf69e97a589f04d5cb857265241ec5f160719573ebe51f33ba2
x86_64
curl-7.19.7-53.el6_9.x86_64.rpm	SHA-256: eb8f6bf295264203e143cc7d13d5986cda3527a59d15821947f0fd72935bcf99
curl-debuginfo-7.19.7-53.el6_9.i686.rpm	SHA-256: fb71780c68c69472aec9cd35389c1915dd3096e94ac11ba0e4aef531bebd03b7
curl-debuginfo-7.19.7-53.el6_9.x86_64.rpm	SHA-256: 6ce627ab036ee8383794ad090668016b09399c1d7255e1b102ceb35488f28667
libcurl-7.19.7-53.el6_9.i686.rpm	SHA-256: 54034d55b09893998b2c2329cd94bd0e909b68164cfc71d682b7e7b4bb4fc17d
libcurl-7.19.7-53.el6_9.x86_64.rpm	SHA-256: c1dd39936707ddb865074db78adf97271c35464bdeb14b722f6774b747da5754
libcurl-devel-7.19.7-53.el6_9.i686.rpm	SHA-256: 456e348a6387ce2f671fa9f1a51e55779d180177a075ab0ce901c5747ce99164
libcurl-devel-7.19.7-53.el6_9.x86_64.rpm	SHA-256: d9879351fd5fd62d439e7d094fdba6458b47a46198da5a4eb0aec44f92cc80da
i386
curl-7.19.7-53.el6_9.i686.rpm	SHA-256: f54205a742a9e2122d3478722fa7385f62f8c6dd5b14095a2ba5b39842e84c00
curl-debuginfo-7.19.7-53.el6_9.i686.rpm	SHA-256: fb71780c68c69472aec9cd35389c1915dd3096e94ac11ba0e4aef531bebd03b7
libcurl-7.19.7-53.el6_9.i686.rpm	SHA-256: 54034d55b09893998b2c2329cd94bd0e909b68164cfc71d682b7e7b4bb4fc17d
libcurl-devel-7.19.7-53.el6_9.i686.rpm	SHA-256: 456e348a6387ce2f671fa9f1a51e55779d180177a075ab0ce901c5747ce99164

Red Hat Enterprise Linux Desktop 6

SRPM
curl-7.19.7-53.el6_9.src.rpm	SHA-256: 486e87605279ecf69e97a589f04d5cb857265241ec5f160719573ebe51f33ba2
x86_64
curl-7.19.7-53.el6_9.x86_64.rpm	SHA-256: eb8f6bf295264203e143cc7d13d5986cda3527a59d15821947f0fd72935bcf99
curl-debuginfo-7.19.7-53.el6_9.i686.rpm	SHA-256: fb71780c68c69472aec9cd35389c1915dd3096e94ac11ba0e4aef531bebd03b7
curl-debuginfo-7.19.7-53.el6_9.i686.rpm	SHA-256: fb71780c68c69472aec9cd35389c1915dd3096e94ac11ba0e4aef531bebd03b7
curl-debuginfo-7.19.7-53.el6_9.x86_64.rpm	SHA-256: 6ce627ab036ee8383794ad090668016b09399c1d7255e1b102ceb35488f28667
curl-debuginfo-7.19.7-53.el6_9.x86_64.rpm	SHA-256: 6ce627ab036ee8383794ad090668016b09399c1d7255e1b102ceb35488f28667
libcurl-7.19.7-53.el6_9.i686.rpm	SHA-256: 54034d55b09893998b2c2329cd94bd0e909b68164cfc71d682b7e7b4bb4fc17d
libcurl-7.19.7-53.el6_9.x86_64.rpm	SHA-256: c1dd39936707ddb865074db78adf97271c35464bdeb14b722f6774b747da5754
libcurl-devel-7.19.7-53.el6_9.i686.rpm	SHA-256: 456e348a6387ce2f671fa9f1a51e55779d180177a075ab0ce901c5747ce99164
libcurl-devel-7.19.7-53.el6_9.x86_64.rpm	SHA-256: d9879351fd5fd62d439e7d094fdba6458b47a46198da5a4eb0aec44f92cc80da
i386
curl-7.19.7-53.el6_9.i686.rpm	SHA-256: f54205a742a9e2122d3478722fa7385f62f8c6dd5b14095a2ba5b39842e84c00
curl-debuginfo-7.19.7-53.el6_9.i686.rpm	SHA-256: fb71780c68c69472aec9cd35389c1915dd3096e94ac11ba0e4aef531bebd03b7
curl-debuginfo-7.19.7-53.el6_9.i686.rpm	SHA-256: fb71780c68c69472aec9cd35389c1915dd3096e94ac11ba0e4aef531bebd03b7
libcurl-7.19.7-53.el6_9.i686.rpm	SHA-256: 54034d55b09893998b2c2329cd94bd0e909b68164cfc71d682b7e7b4bb4fc17d
libcurl-devel-7.19.7-53.el6_9.i686.rpm	SHA-256: 456e348a6387ce2f671fa9f1a51e55779d180177a075ab0ce901c5747ce99164

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
curl-7.19.7-53.el6_9.src.rpm	SHA-256: 486e87605279ecf69e97a589f04d5cb857265241ec5f160719573ebe51f33ba2
s390x
curl-7.19.7-53.el6_9.s390x.rpm	SHA-256: 493ac86bec4b1b05b43932b6036f985a9a39b1d8632c90a0a3a5dc29577da179
curl-debuginfo-7.19.7-53.el6_9.s390.rpm	SHA-256: fd8e58cd3b2199f10cbeda0f46c2c05c30ceaefd609ef8e02baf675409d71f8c
curl-debuginfo-7.19.7-53.el6_9.s390x.rpm	SHA-256: 4cc1edaefb3006b8516cb6f9941ca66acbf40588f7842845246a158a9dd9f88d
libcurl-7.19.7-53.el6_9.s390.rpm	SHA-256: da441d7c7ed99413c007fda50ea41797b676e5733989b7c3ac560cf7b7ee7691
libcurl-7.19.7-53.el6_9.s390x.rpm	SHA-256: 17dbb359fc7526b5176555c4fa2d562204e0d5336bf7544c3a059e376c125fb8
libcurl-devel-7.19.7-53.el6_9.s390.rpm	SHA-256: c13b0f9634a1f12af9ac90ddbbebde34dfbe13c11c5e7c6e7757e9f8b09984f8
libcurl-devel-7.19.7-53.el6_9.s390x.rpm	SHA-256: 0f5e26211b500ebfbb92cb34c9c65536af832a116c80210e6404be31100a3742

Red Hat Enterprise Linux for Power, big endian 6

SRPM
curl-7.19.7-53.el6_9.src.rpm	SHA-256: 486e87605279ecf69e97a589f04d5cb857265241ec5f160719573ebe51f33ba2
ppc64
curl-7.19.7-53.el6_9.ppc64.rpm	SHA-256: 12d20073a50dbba26f52e2a98654043a96ed455486619a97c2abe691ce419f48
curl-debuginfo-7.19.7-53.el6_9.ppc.rpm	SHA-256: 374477002c1a53314a6a1a340b2df78332ca23af0cd4aa8ad41da5a61d5e331d
curl-debuginfo-7.19.7-53.el6_9.ppc64.rpm	SHA-256: fec040e051a863526d6f921ea6073e299b2018cdffde92cdb2d20117ebf194df
libcurl-7.19.7-53.el6_9.ppc.rpm	SHA-256: 26fa4a9b7ce1944cc94291944fcbd5e5723d7bbef3d315057ac8063a006f341f
libcurl-7.19.7-53.el6_9.ppc64.rpm	SHA-256: 22dd95d7f0c84ad015e6d5f1f1650dcc042703ff3872fb87fe1da9afdf2aa4a0
libcurl-devel-7.19.7-53.el6_9.ppc.rpm	SHA-256: 232726101edd67d7512b126d2eacaed2a2f10a768aa02ca3d6108635efcb4b19
libcurl-devel-7.19.7-53.el6_9.ppc64.rpm	SHA-256: 08c9942274f13d29581a413b8fed6ac4cce9658836561e4dfbdfe459b2b72176

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
curl-7.19.7-53.el6_9.src.rpm	SHA-256: 486e87605279ecf69e97a589f04d5cb857265241ec5f160719573ebe51f33ba2
x86_64
curl-7.19.7-53.el6_9.x86_64.rpm	SHA-256: eb8f6bf295264203e143cc7d13d5986cda3527a59d15821947f0fd72935bcf99
curl-debuginfo-7.19.7-53.el6_9.i686.rpm	SHA-256: fb71780c68c69472aec9cd35389c1915dd3096e94ac11ba0e4aef531bebd03b7
curl-debuginfo-7.19.7-53.el6_9.i686.rpm	SHA-256: fb71780c68c69472aec9cd35389c1915dd3096e94ac11ba0e4aef531bebd03b7
curl-debuginfo-7.19.7-53.el6_9.x86_64.rpm	SHA-256: 6ce627ab036ee8383794ad090668016b09399c1d7255e1b102ceb35488f28667
curl-debuginfo-7.19.7-53.el6_9.x86_64.rpm	SHA-256: 6ce627ab036ee8383794ad090668016b09399c1d7255e1b102ceb35488f28667
libcurl-7.19.7-53.el6_9.i686.rpm	SHA-256: 54034d55b09893998b2c2329cd94bd0e909b68164cfc71d682b7e7b4bb4fc17d
libcurl-7.19.7-53.el6_9.x86_64.rpm	SHA-256: c1dd39936707ddb865074db78adf97271c35464bdeb14b722f6774b747da5754
libcurl-devel-7.19.7-53.el6_9.i686.rpm	SHA-256: 456e348a6387ce2f671fa9f1a51e55779d180177a075ab0ce901c5747ce99164
libcurl-devel-7.19.7-53.el6_9.x86_64.rpm	SHA-256: d9879351fd5fd62d439e7d094fdba6458b47a46198da5a4eb0aec44f92cc80da

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories