Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2020:0544 - Security Advisory
Issued:
2020-02-18
Updated:
2020-02-18

RHSA-2020:0544 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: curl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for curl is now available for Red Hat Enterprise Linux 7.5 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: HTTP authentication leak in redirects (CVE-2018-1000007)
  • curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)
  • curl: RTSP RTP buffer over-read (CVE-2018-1000122)
  • curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service (CVE-2018-1000301)
  • curl: LDAP NULL pointer dereference (CVE-2018-1000121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le
  • Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64

Fixes

  • BZ - 1537125 - CVE-2018-1000007 curl: HTTP authentication leak in redirects
  • BZ - 1552628 - CVE-2018-1000120 curl: FTP path trickery leads to NIL byte out of bounds write
  • BZ - 1552631 - CVE-2018-1000121 curl: LDAP NULL pointer dereference
  • BZ - 1553398 - CVE-2018-1000122 curl: RTSP RTP buffer over-read
  • BZ - 1575536 - CVE-2018-1000301 curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service

CVEs

  • CVE-2018-1000007
  • CVE-2018-1000120
  • CVE-2018-1000121
  • CVE-2018-1000122
  • CVE-2018-1000301

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5

SRPM
curl-7.29.0-46.el7_5.1.src.rpm SHA-256: a01fe410c8788e0497c154598b6eaa8c1ada1ae0c53a792c01b4c51af8da6be6
x86_64
curl-7.29.0-46.el7_5.1.x86_64.rpm SHA-256: 82d578403a421be8fa7488dd95b27c2a5dfbfbe3148a24f997150d4c61fd7e5f
curl-debuginfo-7.29.0-46.el7_5.1.i686.rpm SHA-256: a38f87a606eded4084585922e3e148ad40567fc6f25262c53c83b4ec318b16c5
curl-debuginfo-7.29.0-46.el7_5.1.x86_64.rpm SHA-256: edae66bcad4e27cff263c0b3bed58e2be9bb3dcbffed80c569e63f2a7e2be624
libcurl-7.29.0-46.el7_5.1.i686.rpm SHA-256: 2ef88c32c0b7186ac279e5ce7e7ea043d7dbe18f5bb0f4d85185e4f25036c958
libcurl-7.29.0-46.el7_5.1.x86_64.rpm SHA-256: 32a72f3e6c6b7919f0243143eb7a63054c891a9a656a55d2b6ec30b675f8fcc3
libcurl-devel-7.29.0-46.el7_5.1.i686.rpm SHA-256: 583c81d41c7bc30fa82bd289c3892d8b5867ed374908bbd4bc55a97ad7b641b6
libcurl-devel-7.29.0-46.el7_5.1.x86_64.rpm SHA-256: ad8d4a022581d741b1c27655fb529f7f97215d9bdb14c0f8284db179e121f287

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5

SRPM
curl-7.29.0-46.el7_5.1.src.rpm SHA-256: a01fe410c8788e0497c154598b6eaa8c1ada1ae0c53a792c01b4c51af8da6be6
s390x
curl-7.29.0-46.el7_5.1.s390x.rpm SHA-256: b8c6c4cccc38ea8e7daf00f785308329f8c217875c815bb2155aa2b6dd583862
curl-debuginfo-7.29.0-46.el7_5.1.s390.rpm SHA-256: 183572d193fc3bb642c86def2cdd5cbaceb24ed44aa4162c66436c03aa3a6317
curl-debuginfo-7.29.0-46.el7_5.1.s390x.rpm SHA-256: d965163256557fd1d32b9f284e0c5e6096f56b842f9d0d7d8cd6e9cb9a733f2b
libcurl-7.29.0-46.el7_5.1.s390.rpm SHA-256: 911ea2c53c734866763ccaf712a32c7c29e8dba3ea3cbeb584a57659b18e0c6d
libcurl-7.29.0-46.el7_5.1.s390x.rpm SHA-256: 0c7cfc1ca791011b46d2c077de67a9a0202901d1791b7d955a3f734bd7ed2581
libcurl-devel-7.29.0-46.el7_5.1.s390.rpm SHA-256: b21917715ef00fdc5ca15be2a06de321da9cc806e37ec0a0280ff11482498b16
libcurl-devel-7.29.0-46.el7_5.1.s390x.rpm SHA-256: 839fdf31d66296e0d81825388508b08ad796343481d51584f4bc4b13fcd64036

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5

SRPM
curl-7.29.0-46.el7_5.1.src.rpm SHA-256: a01fe410c8788e0497c154598b6eaa8c1ada1ae0c53a792c01b4c51af8da6be6
ppc64
curl-7.29.0-46.el7_5.1.ppc64.rpm SHA-256: ee7b55b74ccf863fef79d11b8215082a04f45ca82028e1fbabf1724099f0cb37
curl-debuginfo-7.29.0-46.el7_5.1.ppc.rpm SHA-256: 227c10c027f5103473e04ae2aa8b58dc0625e00a88e85d1c443021dc6ce04b47
curl-debuginfo-7.29.0-46.el7_5.1.ppc64.rpm SHA-256: d7233d86ad81a6694273ad18e01fd98f470f51795571a2a156cbc5a67038e138
libcurl-7.29.0-46.el7_5.1.ppc.rpm SHA-256: c5ad8315b742e18dfce8773a92e1a46969947badab41a70d2d14bc9960048e2d
libcurl-7.29.0-46.el7_5.1.ppc64.rpm SHA-256: abaea881c0915643cd10473ea7001c4de1b282bda49f058bf83ad89be8200b6a
libcurl-devel-7.29.0-46.el7_5.1.ppc.rpm SHA-256: d4e8445f078a5a1c3c6332b1b3e21ec321d7bec0b51895c15ae0fe0e7bfbc9ad
libcurl-devel-7.29.0-46.el7_5.1.ppc64.rpm SHA-256: 5bfc495822ee2de0a9653324c1025f43d114458697dbfb4bfe9d3a9eec02ee61

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5

SRPM
curl-7.29.0-46.el7_5.1.src.rpm SHA-256: a01fe410c8788e0497c154598b6eaa8c1ada1ae0c53a792c01b4c51af8da6be6
ppc64le
curl-7.29.0-46.el7_5.1.ppc64le.rpm SHA-256: 85070e027e7f6454b28f18eb756ad4011ee4f36bf2af8601982650c4dbc868de
curl-debuginfo-7.29.0-46.el7_5.1.ppc64le.rpm SHA-256: 272abe98667f888ed1f4336270c89ae19a4902e144d6683e2e069f0642a995b7
libcurl-7.29.0-46.el7_5.1.ppc64le.rpm SHA-256: 019fb1978529ffa948f04bda45281d916d76cc30768487b56a2c10da1739343e
libcurl-devel-7.29.0-46.el7_5.1.ppc64le.rpm SHA-256: 919e0b801a82055cc21b5abc5733c91025060f20c2e5b6d2f1161d5b3bb34b35

Red Hat Enterprise Linux EUS Compute Node 7.5

SRPM
curl-7.29.0-46.el7_5.1.src.rpm SHA-256: a01fe410c8788e0497c154598b6eaa8c1ada1ae0c53a792c01b4c51af8da6be6
x86_64
curl-7.29.0-46.el7_5.1.x86_64.rpm SHA-256: 82d578403a421be8fa7488dd95b27c2a5dfbfbe3148a24f997150d4c61fd7e5f
curl-debuginfo-7.29.0-46.el7_5.1.i686.rpm SHA-256: a38f87a606eded4084585922e3e148ad40567fc6f25262c53c83b4ec318b16c5
curl-debuginfo-7.29.0-46.el7_5.1.i686.rpm SHA-256: a38f87a606eded4084585922e3e148ad40567fc6f25262c53c83b4ec318b16c5
curl-debuginfo-7.29.0-46.el7_5.1.x86_64.rpm SHA-256: edae66bcad4e27cff263c0b3bed58e2be9bb3dcbffed80c569e63f2a7e2be624
curl-debuginfo-7.29.0-46.el7_5.1.x86_64.rpm SHA-256: edae66bcad4e27cff263c0b3bed58e2be9bb3dcbffed80c569e63f2a7e2be624
libcurl-7.29.0-46.el7_5.1.i686.rpm SHA-256: 2ef88c32c0b7186ac279e5ce7e7ea043d7dbe18f5bb0f4d85185e4f25036c958
libcurl-7.29.0-46.el7_5.1.x86_64.rpm SHA-256: 32a72f3e6c6b7919f0243143eb7a63054c891a9a656a55d2b6ec30b675f8fcc3
libcurl-devel-7.29.0-46.el7_5.1.i686.rpm SHA-256: 583c81d41c7bc30fa82bd289c3892d8b5867ed374908bbd4bc55a97ad7b641b6
libcurl-devel-7.29.0-46.el7_5.1.x86_64.rpm SHA-256: ad8d4a022581d741b1c27655fb529f7f97215d9bdb14c0f8284db179e121f287

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat X (formerly Twitter)

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility