Red Hat Customer Portal

Skip to main content

Main Navigation

  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Automation Platform
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Advanced Cluster Management for Kubernetes
      • Red Hat Quay
      • Red Hat CodeReady Workspaces
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Red Hat build of Quarkus
      • Red Hat CodeReady Studio
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Process Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Support
    • Production Support
    • Development Support
    • Product Life Cycles
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem Catalog
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Solution Engine
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
Red Hat Customer Portal
  • Products & Services
    • Back
    • View All Products
    • Infrastructure and Management
      • Back
      • Red Hat Enterprise Linux
      • Red Hat Virtualization
      • Red Hat Identity Management
      • Red Hat Directory Server
      • Red Hat Certificate System
      • Red Hat Satellite
      • Red Hat Subscription Management
      • Red Hat Update Infrastructure
      • Red Hat Insights
      • Red Hat Ansible Automation Platform
    • Cloud Computing
      • Back
      • Red Hat CloudForms
      • Red Hat OpenStack Platform
      • Red Hat OpenShift Container Platform
      • Red Hat OpenShift Online
      • Red Hat OpenShift Dedicated
      • Red Hat Advanced Cluster Management for Kubernetes
      • Red Hat Quay
      • Red Hat CodeReady Workspaces
    • Storage
      • Back
      • Red Hat Gluster Storage
      • Red Hat Hyperconverged Infrastructure
      • Red Hat Ceph Storage
      • Red Hat Openshift Container Storage
    • Runtimes
      • Back
      • Red Hat Runtimes
      • Red Hat JBoss Enterprise Application Platform
      • Red Hat Data Grid
      • Red Hat JBoss Web Server
      • Red Hat Single Sign On
      • Red Hat support for Spring Boot
      • Red Hat build of Node.js
      • Red Hat build of Thorntail
      • Red Hat build of Eclipse Vert.x
      • Red Hat build of OpenJDK
      • Red Hat build of Quarkus
      • Red Hat CodeReady Studio
    • Integration and Automation
      • Back
      • Red Hat Integration
      • Red Hat Fuse
      • Red Hat AMQ
      • Red Hat 3scale API Management
      • Red Hat JBoss Data Virtualization
      • Red Hat Process Automation
      • Red Hat Process Automation Manager
      • Red Hat Decision Manager
    • Support
    • Production Support
    • Development Support
    • Product Life Cycles
    • Documentation
    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    • Services
    • Consulting
    • Technical Account Management
    • Training & Certifications
    • Ecosystem Catalog
    • Partner Resources
    • Red Hat in the Public Cloud
  • Tools
    • Back
    • Red Hat Insights
    • Tools
    • Solution Engine
    • Packages
    • Errata
    • Customer Portal Labs
    • Explore Labs
    • Configuration
    • Deployment
    • Security
    • Troubleshooting
  • Security
    • Back
    • Product Security Center
    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Security Labs
    • Resources
    • Overview
    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community
    • Back
    • Customer Portal Community
    • Discussions
    • Blogs
    • Private Groups
    • Community Activity
    • Customer Events
    • Red Hat Convergence
    • Red Hat Summit
    • Stories
    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Account
    • Back
    • Log In
    • Register
    • Red Hat Account Number:
    • Account Details
    • User Management
    • Account Maintenance
    • My Profile
    • Notifications
    • Help
    • Log Out
  • Language
    • Back
    • English
    • 한국어
    • 日本語
    • 中文 (中国)
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Search
  • Log In
  • Language
Or troubleshoot an issue.

Log in to Your Red Hat Account

Log In

Your Red Hat account gives you access to your profile, preferences, and services, depending on your status.

Register

If you are a new customer, register now for access to product evaluations and purchasing capabilities.

Need access to an account?

If your company has an existing Red Hat account, your organization administrator can grant you access.

If you have any questions, please contact customer service.

Red Hat Account Number:

Red Hat Account

  • Account Details
  • User Management
  • Account Maintenance
  • Account Team

Customer Portal

  • My Profile
  • Notifications
  • Help

For your security, if you’re on a public computer and have finished using your Red Hat services, please be sure to log out.

Log Out

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)
Red Hat Customer Portal Red Hat Customer Portal
  • Products & Services
  • Tools
  • Security
  • Community
  • Infrastructure and Management

  • Cloud Computing

  • Storage

  • Runtimes

  • Integration and Automation

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS
  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat Openshift Container Storage
  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio
  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
View All Products
  • Support
  • Production Support
  • Development Support
  • Product Life Cycles

Services

  • Consulting
  • Technical Account Management
  • Training & Certifications
  • Documentation
  • Red Hat Enterprise Linux
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Ecosystem Catalog
  • Red Hat in the Public Cloud
  • Partner Resources

Tools

  • Solution Engine
  • Packages
  • Errata
  • Customer Portal Labs
  • Configuration
  • Deployment
  • Security
  • Troubleshooting

Red Hat Insights

Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

  • Learn more
  • Go to Insights

Red Hat Product Security Center

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

Security Updates

  • Security Advisories
  • Red Hat CVE Database
  • Security Labs

Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

  • View Responses

Resources

  • Overview
  • Security Blog
  • Security Measurement
  • Severity Ratings
  • Backporting Policies
  • Product Signing (GPG) Keys

Customer Portal Community

  • Discussions
  • Blogs
  • Private Groups
  • Community Activity

Customer Events

  • Red Hat Convergence
  • Red Hat Summit

Stories

  • Red Hat Subscription Value
  • You Asked. We Acted.
  • Open Source Communities
Red Hat Product Errata RHSA-2019:3701 - Security Advisory
Issued:
2019-11-05
Updated:
2019-11-05

RHSA-2019:3701 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: curl security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An update for curl is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)
  • wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)
  • curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)
  • curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 1662705 - CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c
  • BZ - 1669156 - connection re-use does not work for SCP and SFTP
  • BZ - 1670252 - CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read
  • BZ - 1670254 - CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow
  • BZ - 1670256 - CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read

CVEs

  • CVE-2018-16890
  • CVE-2018-20483
  • CVE-2019-3822
  • CVE-2019-3823

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
  • Note: More recent versions of these packages may be available. Click a package name for more details.

    Red Hat Enterprise Linux for x86_64 8

    SRPM
    curl-7.61.1-11.el8.src.rpm SHA-256: e736527900a8da770f5a2c4174fbbdbb4b2d09592c20aa29e93f3aae8f9ffb91
    x86_64
    curl-7.61.1-11.el8.x86_64.rpm SHA-256: 85b697bf958cd13b98ebcb8806fd8bdecf4bd997fe9a15be099ff3598dc3ba90
    curl-debuginfo-7.61.1-11.el8.i686.rpm SHA-256: d5bcc4bf888cc2b7dc9ef4d22e6e281811f80ef5ed65c2c56bd17d2563e02bf5
    curl-debuginfo-7.61.1-11.el8.x86_64.rpm SHA-256: ab8e59eaa22ecf8a1cfdee7e3f8d8086ceb621523db30666329d8b9f915264dd
    curl-debugsource-7.61.1-11.el8.i686.rpm SHA-256: 521080f5cddad675d17c60b45f34f8f218de86446ef4e0ed531694c199aad7ba
    curl-debugsource-7.61.1-11.el8.x86_64.rpm SHA-256: 1f513d871d9d83b55b31fbae86d1f358d06801f02f31f118c98b82fb51d1d74b
    curl-minimal-debuginfo-7.61.1-11.el8.i686.rpm SHA-256: cbfd437b29a6cfb55c4781e9d1ee5c9b49e4db0a9e49782472700d679713ff18
    curl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm SHA-256: 36f47056cbcc4a88da56e5195e1a121af730af54ac1b6954ea32e8b1bd3b90ab
    libcurl-7.61.1-11.el8.i686.rpm SHA-256: 62781f398d173f6b559577dd10d99962774ba4249482b2dccf78ac9a2617eecc
    libcurl-7.61.1-11.el8.x86_64.rpm SHA-256: ead2e7ca1bc4c0fe293da0602dbece3ac0542b9b3692a8670e5d3913b81dd70c
    libcurl-debuginfo-7.61.1-11.el8.i686.rpm SHA-256: 3a4f3f2c64dab7560f0ff7573ddbcf7ca5d94430aaec9a7a6377a30c764098e2
    libcurl-debuginfo-7.61.1-11.el8.x86_64.rpm SHA-256: 10bcda98d5d2eaf4cf38121f89be643e1a0b80b8b7764edd44c7527f1842bb01
    libcurl-devel-7.61.1-11.el8.i686.rpm SHA-256: 2fcfb18fd8e449df48dd6c909f01e9b71638adb7c2f06aaccdfdfd824cab5342
    libcurl-devel-7.61.1-11.el8.x86_64.rpm SHA-256: 5fd74253d6b7913c31cefb3755b14880c8be2f0e4a2d2a7b0a08454cb8de87e1
    libcurl-minimal-7.61.1-11.el8.i686.rpm SHA-256: 49f7a2602548625b24d588d13f03a62353a12529b5a229bfb07852075cb37d39
    libcurl-minimal-7.61.1-11.el8.x86_64.rpm SHA-256: 4a43f5007636cd584edb47214aefd83d9e575c8bf0032b8a2907a8f3a96bf1e4
    libcurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm SHA-256: ffd1d222f46c8a40642f889909926795f9728626e019e32d9d58b1db7df31ebc
    libcurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm SHA-256: adcd47819898571bf882f6238df13f432d406720fd180d563cd246a07f90ec0c

    Red Hat Enterprise Linux for IBM z Systems 8

    SRPM
    curl-7.61.1-11.el8.src.rpm SHA-256: e736527900a8da770f5a2c4174fbbdbb4b2d09592c20aa29e93f3aae8f9ffb91
    s390x
    curl-7.61.1-11.el8.s390x.rpm SHA-256: 5b4360f4c672902434ac73d7e24e68bdc2198e6ed4021f6792b9b8eaba7e5818
    curl-debuginfo-7.61.1-11.el8.s390x.rpm SHA-256: 52ca652e70674a62595a8bcb89f923243c5d0cb3a622dff8a86691cdce7b0d02
    curl-debugsource-7.61.1-11.el8.s390x.rpm SHA-256: bf33a40bde0268ab4620cb5d1df3ebd6449f810b570bfb0fe2f28d99c4744ed6
    curl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm SHA-256: f76270d0da95b72171bca0778272abc00ab172a6a46985b181e2bc2c16480346
    libcurl-7.61.1-11.el8.s390x.rpm SHA-256: 89d4d024de38d9a54a929c7e0f941e82b7fe2c472be1ae0f72fb209d988a1fd5
    libcurl-debuginfo-7.61.1-11.el8.s390x.rpm SHA-256: 0a7c9a0bda441b22243dc05cf34fbb29a9099d29876f915bc80e9a028d2266d0
    libcurl-devel-7.61.1-11.el8.s390x.rpm SHA-256: d84701cf18b347d6a6e9ddaf33deef7a945d11abd1237126cd4249ae3053ea05
    libcurl-minimal-7.61.1-11.el8.s390x.rpm SHA-256: baa560ccd861500b85c4ee97c454413d3866b7b52164803cbb8a0788fabfe6f4
    libcurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm SHA-256: 10644e99f1497d013c24d1137a8d698da4ea8a055c3e9531584d299ee9f6fb37

    Red Hat Enterprise Linux for Power, little endian 8

    SRPM
    curl-7.61.1-11.el8.src.rpm SHA-256: e736527900a8da770f5a2c4174fbbdbb4b2d09592c20aa29e93f3aae8f9ffb91
    ppc64le
    curl-7.61.1-11.el8.ppc64le.rpm SHA-256: 3cfc7efa179eedf33bf4e79e16a5289207ab71c479db314a4c70867c0e4843d6
    curl-debuginfo-7.61.1-11.el8.ppc64le.rpm SHA-256: 4edb6a3a3231a60c7a5cdf208600cd8afa51100605338e748b1e598b27ffb25b
    curl-debugsource-7.61.1-11.el8.ppc64le.rpm SHA-256: 94b64e7796f323ce19c268fc0f558eac707e0ec486d4a3420bc41a37e0b4c02a
    curl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm SHA-256: f13b8822a424c475014c13e7af4df003d8442eba6e54f94bda745a56a2e06ecd
    libcurl-7.61.1-11.el8.ppc64le.rpm SHA-256: 3f0e767b6df54250946254f05268cff811d4427b9d0612752764779fd8b5036f
    libcurl-debuginfo-7.61.1-11.el8.ppc64le.rpm SHA-256: b7ccb974a94d4777b98d2431f08ccfd8ce7ed2b1df2ec365e1d6de22ebb3b1c2
    libcurl-devel-7.61.1-11.el8.ppc64le.rpm SHA-256: 7ee0180115bd9f7660ebe15fab07cb6ca40f2726a9824fba81fbcbe020b23ed3
    libcurl-minimal-7.61.1-11.el8.ppc64le.rpm SHA-256: 47b1697f5ebb9bb3296f6e8ab6b5dedafcd128cc97890779a0ef079bbc2e3122
    libcurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm SHA-256: 72248cdd551dcc05c4d0d11f6df9583aef5de499dab27867e442f916835e0237

    Red Hat Enterprise Linux for ARM 64 8

    SRPM
    curl-7.61.1-11.el8.src.rpm SHA-256: e736527900a8da770f5a2c4174fbbdbb4b2d09592c20aa29e93f3aae8f9ffb91
    aarch64
    curl-7.61.1-11.el8.aarch64.rpm SHA-256: b85f9a32f8b411b85835c77e156681c71bc85a0ab0240fe968132ee6608e77d7
    curl-debuginfo-7.61.1-11.el8.aarch64.rpm SHA-256: 57afbe4d61bfabf241ee7ec92660681c041f1c56112abddce857569309f630ae
    curl-debugsource-7.61.1-11.el8.aarch64.rpm SHA-256: e43aae0018077fd4faaf8127b683aad5b3748dc9856fa3416aff9955072c7601
    curl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm SHA-256: 79869072637a1a9f927f9c81375693667c91eba686be8c9a27dd690c104f77f8
    libcurl-7.61.1-11.el8.aarch64.rpm SHA-256: 824dcd55e071d0f80aee1c10b2e4617189985574d4e8b8e12956a59b04b1085c
    libcurl-debuginfo-7.61.1-11.el8.aarch64.rpm SHA-256: a6fa0344ce4cd325866b7e5ee419659ed7737a952a624197587850c49f6e8540
    libcurl-devel-7.61.1-11.el8.aarch64.rpm SHA-256: 9b0a4f25aa6b1035f416cfe08e7bb0ae235bf48f9f16acffe73367c11b1f2a30
    libcurl-minimal-7.61.1-11.el8.aarch64.rpm SHA-256: 7f04ba6e9c036e8d4d6a1237cd56d41da00f7d14def5c5b3001792bfeea820c5
    libcurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm SHA-256: 4f82a5205b3fddab0a604df64d374be687ea49cf89acda4660f13b48ccf4f35b

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

    Red Hat

    Quick Links

    • Downloads
    • Subscriptions
    • Support Cases
    • Customer Service
    • Product Documentation

    Help

    • Contact Us
    • Customer Portal FAQ
    • Log-in Assistance

    Site Info

    • Trust Red Hat
    • Browser Support Policy
    • Accessibility
    • Awards and Recognition
    • Colophon

    Related Sites

    • redhat.com
    • openshift.com
    • developers.redhat.com
    • connect.redhat.com

    About

    • Red Hat Subscription Value
    • About Red Hat
    • Red Hat Jobs
    Copyright © 2021 Red Hat, Inc.
    • Privacy Statement
    • Customer Portal Terms of Use
    • All Policies and Guidelines
    Red Hat Summit
    Twitter Facebook