Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2020:1020 - Security Advisory
Issued:
2020-03-31
Updated:
2020-03-31

RHSA-2020:1020 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: curl security and bug fix update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for curl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1710620 - CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function
  • BZ - 1754736 - curl does not send Authorization header when receiving WWW-Authenticate header twice
  • BZ - 1769307 - curl fails while attempting to POST a char device

CVEs

  • CVE-2019-5436

References

  • https://access.redhat.com/security/updates/classification/#low
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
x86_64
curl-7.29.0-57.el7.x86_64.rpm SHA-256: d1aa84c42b1bfe203a47307b6e3e461861aa3f32df18b77de031b5ae877fbfa0
curl-debuginfo-7.29.0-57.el7.i686.rpm SHA-256: 629a53a09a7284bdc1b51f801f7ee184e6f0365da74d9ac3cf63fc646a989c06
curl-debuginfo-7.29.0-57.el7.x86_64.rpm SHA-256: fb151319977dbd3ab9dfe3a5850304e99d09200db08ca264886d5084b83a2f34
libcurl-7.29.0-57.el7.i686.rpm SHA-256: 0766ea971cecf41e212823336275a539b5265b1e01507c92925909afe4799c57
libcurl-7.29.0-57.el7.x86_64.rpm SHA-256: 751164e3fbdadbec6232889b9d9920991d278d8b21792bacd888702a263bec54
libcurl-devel-7.29.0-57.el7.i686.rpm SHA-256: 4fee10d4d4894e44ba2a7e36884932dfdc0fc6b3f17bd9052793cc2e3583273b
libcurl-devel-7.29.0-57.el7.x86_64.rpm SHA-256: c0a341ac8b799c297496d037db2f3bec72a366e95c43ddf6ad95105f347c96c0

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
x86_64
curl-7.29.0-57.el7.x86_64.rpm SHA-256: d1aa84c42b1bfe203a47307b6e3e461861aa3f32df18b77de031b5ae877fbfa0
curl-debuginfo-7.29.0-57.el7.i686.rpm SHA-256: 629a53a09a7284bdc1b51f801f7ee184e6f0365da74d9ac3cf63fc646a989c06
curl-debuginfo-7.29.0-57.el7.x86_64.rpm SHA-256: fb151319977dbd3ab9dfe3a5850304e99d09200db08ca264886d5084b83a2f34
libcurl-7.29.0-57.el7.i686.rpm SHA-256: 0766ea971cecf41e212823336275a539b5265b1e01507c92925909afe4799c57
libcurl-7.29.0-57.el7.x86_64.rpm SHA-256: 751164e3fbdadbec6232889b9d9920991d278d8b21792bacd888702a263bec54
libcurl-devel-7.29.0-57.el7.i686.rpm SHA-256: 4fee10d4d4894e44ba2a7e36884932dfdc0fc6b3f17bd9052793cc2e3583273b
libcurl-devel-7.29.0-57.el7.x86_64.rpm SHA-256: c0a341ac8b799c297496d037db2f3bec72a366e95c43ddf6ad95105f347c96c0

Red Hat Enterprise Linux Workstation 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
x86_64
curl-7.29.0-57.el7.x86_64.rpm SHA-256: d1aa84c42b1bfe203a47307b6e3e461861aa3f32df18b77de031b5ae877fbfa0
curl-debuginfo-7.29.0-57.el7.i686.rpm SHA-256: 629a53a09a7284bdc1b51f801f7ee184e6f0365da74d9ac3cf63fc646a989c06
curl-debuginfo-7.29.0-57.el7.x86_64.rpm SHA-256: fb151319977dbd3ab9dfe3a5850304e99d09200db08ca264886d5084b83a2f34
libcurl-7.29.0-57.el7.i686.rpm SHA-256: 0766ea971cecf41e212823336275a539b5265b1e01507c92925909afe4799c57
libcurl-7.29.0-57.el7.x86_64.rpm SHA-256: 751164e3fbdadbec6232889b9d9920991d278d8b21792bacd888702a263bec54
libcurl-devel-7.29.0-57.el7.i686.rpm SHA-256: 4fee10d4d4894e44ba2a7e36884932dfdc0fc6b3f17bd9052793cc2e3583273b
libcurl-devel-7.29.0-57.el7.x86_64.rpm SHA-256: c0a341ac8b799c297496d037db2f3bec72a366e95c43ddf6ad95105f347c96c0

Red Hat Enterprise Linux Desktop 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
x86_64
curl-7.29.0-57.el7.x86_64.rpm SHA-256: d1aa84c42b1bfe203a47307b6e3e461861aa3f32df18b77de031b5ae877fbfa0
curl-debuginfo-7.29.0-57.el7.i686.rpm SHA-256: 629a53a09a7284bdc1b51f801f7ee184e6f0365da74d9ac3cf63fc646a989c06
curl-debuginfo-7.29.0-57.el7.i686.rpm SHA-256: 629a53a09a7284bdc1b51f801f7ee184e6f0365da74d9ac3cf63fc646a989c06
curl-debuginfo-7.29.0-57.el7.x86_64.rpm SHA-256: fb151319977dbd3ab9dfe3a5850304e99d09200db08ca264886d5084b83a2f34
curl-debuginfo-7.29.0-57.el7.x86_64.rpm SHA-256: fb151319977dbd3ab9dfe3a5850304e99d09200db08ca264886d5084b83a2f34
libcurl-7.29.0-57.el7.i686.rpm SHA-256: 0766ea971cecf41e212823336275a539b5265b1e01507c92925909afe4799c57
libcurl-7.29.0-57.el7.x86_64.rpm SHA-256: 751164e3fbdadbec6232889b9d9920991d278d8b21792bacd888702a263bec54
libcurl-devel-7.29.0-57.el7.i686.rpm SHA-256: 4fee10d4d4894e44ba2a7e36884932dfdc0fc6b3f17bd9052793cc2e3583273b
libcurl-devel-7.29.0-57.el7.x86_64.rpm SHA-256: c0a341ac8b799c297496d037db2f3bec72a366e95c43ddf6ad95105f347c96c0

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
s390x
curl-7.29.0-57.el7.s390x.rpm SHA-256: 52b26426d2d44a8ca2c8d5997af4843711df1183c66f079311fddf294e9a65da
curl-debuginfo-7.29.0-57.el7.s390.rpm SHA-256: 9908ce95b247a4fc6113fc547a9a2b26b61e5d7c3ba771496b6ccd3a6b3ccf9f
curl-debuginfo-7.29.0-57.el7.s390x.rpm SHA-256: 7c5975bc37f371c23921a0f0d29241281398577e4e9f76a3d7b58e501d1bbcfc
libcurl-7.29.0-57.el7.s390.rpm SHA-256: 24ec866c85f877fd55903b7ad0e90423e1c0ce48b3e882b7ed88dbca813aef25
libcurl-7.29.0-57.el7.s390x.rpm SHA-256: 14df614c64ec461a46f7470abd88ddbea159c38a120ceb06334f3adad1bc647e
libcurl-devel-7.29.0-57.el7.s390.rpm SHA-256: 358b5eec4f55a6a22fcaa890dc76571fbbac02dd71c272877f95d0653af9a204
libcurl-devel-7.29.0-57.el7.s390x.rpm SHA-256: 9557f2db4ac3f448b9bcd59c9766a5b69f6d9090d852f2e697a90a8bf2c6a023

Red Hat Enterprise Linux for Power, big endian 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
ppc64
curl-7.29.0-57.el7.ppc64.rpm SHA-256: fa05f4f275eba906ac5fe902f4ef9d8bf912beae34a2940cc3131ccc404dfd73
curl-debuginfo-7.29.0-57.el7.ppc.rpm SHA-256: 0411dd01fd6d930c5277c6afc6b93baab464feaea9b7ff6f4b6d9d073347789c
curl-debuginfo-7.29.0-57.el7.ppc64.rpm SHA-256: 2a565de450c70a7f741f41003825e541185e366bfb896149e7e687b7541a4c90
libcurl-7.29.0-57.el7.ppc.rpm SHA-256: 57c2bf0bca50006d974002074494c0ca312e7cbb04ef99ed42cce03066e833b1
libcurl-7.29.0-57.el7.ppc64.rpm SHA-256: 9890da164b07dd5dd83527d23e1584bac373338a5ba9bb2df1f0e8020620661d
libcurl-devel-7.29.0-57.el7.ppc.rpm SHA-256: bfaa3903ea59785dc600e2fab1c248c4a7b24af58d1f4e34447f6f6c81539320
libcurl-devel-7.29.0-57.el7.ppc64.rpm SHA-256: 3e3d967c6dc1289e5ad8cda78f2acb18ad1800a77713a71368a8bf2c3711f172

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
x86_64
curl-7.29.0-57.el7.x86_64.rpm SHA-256: d1aa84c42b1bfe203a47307b6e3e461861aa3f32df18b77de031b5ae877fbfa0
curl-debuginfo-7.29.0-57.el7.i686.rpm SHA-256: 629a53a09a7284bdc1b51f801f7ee184e6f0365da74d9ac3cf63fc646a989c06
curl-debuginfo-7.29.0-57.el7.i686.rpm SHA-256: 629a53a09a7284bdc1b51f801f7ee184e6f0365da74d9ac3cf63fc646a989c06
curl-debuginfo-7.29.0-57.el7.x86_64.rpm SHA-256: fb151319977dbd3ab9dfe3a5850304e99d09200db08ca264886d5084b83a2f34
curl-debuginfo-7.29.0-57.el7.x86_64.rpm SHA-256: fb151319977dbd3ab9dfe3a5850304e99d09200db08ca264886d5084b83a2f34
libcurl-7.29.0-57.el7.i686.rpm SHA-256: 0766ea971cecf41e212823336275a539b5265b1e01507c92925909afe4799c57
libcurl-7.29.0-57.el7.x86_64.rpm SHA-256: 751164e3fbdadbec6232889b9d9920991d278d8b21792bacd888702a263bec54
libcurl-devel-7.29.0-57.el7.i686.rpm SHA-256: 4fee10d4d4894e44ba2a7e36884932dfdc0fc6b3f17bd9052793cc2e3583273b
libcurl-devel-7.29.0-57.el7.x86_64.rpm SHA-256: c0a341ac8b799c297496d037db2f3bec72a366e95c43ddf6ad95105f347c96c0

Red Hat Enterprise Linux for Power, little endian 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
ppc64le
curl-7.29.0-57.el7.ppc64le.rpm SHA-256: ae38700d0017900bc6befd566ce1fbd2b22ecf50148f131fd3938aecb792e195
curl-debuginfo-7.29.0-57.el7.ppc64le.rpm SHA-256: 0b7d78d91dc53ee859806972f34e07e366fb66016bf5d6e515c2ac634ee08af5
libcurl-7.29.0-57.el7.ppc64le.rpm SHA-256: dcaa16740fc50a7dd20c757205c7d343ba095de9d5b2bdeb772487a701a16c98
libcurl-devel-7.29.0-57.el7.ppc64le.rpm SHA-256: e1aa75675b3b16a527e454cc74bc5d436768a116586cf66e5e4cb7b8523e0578

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
s390x
curl-7.29.0-57.el7.s390x.rpm SHA-256: 52b26426d2d44a8ca2c8d5997af4843711df1183c66f079311fddf294e9a65da
curl-debuginfo-7.29.0-57.el7.s390.rpm SHA-256: 9908ce95b247a4fc6113fc547a9a2b26b61e5d7c3ba771496b6ccd3a6b3ccf9f
curl-debuginfo-7.29.0-57.el7.s390x.rpm SHA-256: 7c5975bc37f371c23921a0f0d29241281398577e4e9f76a3d7b58e501d1bbcfc
libcurl-7.29.0-57.el7.s390.rpm SHA-256: 24ec866c85f877fd55903b7ad0e90423e1c0ce48b3e882b7ed88dbca813aef25
libcurl-7.29.0-57.el7.s390x.rpm SHA-256: 14df614c64ec461a46f7470abd88ddbea159c38a120ceb06334f3adad1bc647e
libcurl-devel-7.29.0-57.el7.s390.rpm SHA-256: 358b5eec4f55a6a22fcaa890dc76571fbbac02dd71c272877f95d0653af9a204
libcurl-devel-7.29.0-57.el7.s390x.rpm SHA-256: 9557f2db4ac3f448b9bcd59c9766a5b69f6d9090d852f2e697a90a8bf2c6a023

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
ppc64
curl-7.29.0-57.el7.ppc64.rpm SHA-256: fa05f4f275eba906ac5fe902f4ef9d8bf912beae34a2940cc3131ccc404dfd73
curl-debuginfo-7.29.0-57.el7.ppc.rpm SHA-256: 0411dd01fd6d930c5277c6afc6b93baab464feaea9b7ff6f4b6d9d073347789c
curl-debuginfo-7.29.0-57.el7.ppc64.rpm SHA-256: 2a565de450c70a7f741f41003825e541185e366bfb896149e7e687b7541a4c90
libcurl-7.29.0-57.el7.ppc.rpm SHA-256: 57c2bf0bca50006d974002074494c0ca312e7cbb04ef99ed42cce03066e833b1
libcurl-7.29.0-57.el7.ppc64.rpm SHA-256: 9890da164b07dd5dd83527d23e1584bac373338a5ba9bb2df1f0e8020620661d
libcurl-devel-7.29.0-57.el7.ppc.rpm SHA-256: bfaa3903ea59785dc600e2fab1c248c4a7b24af58d1f4e34447f6f6c81539320
libcurl-devel-7.29.0-57.el7.ppc64.rpm SHA-256: 3e3d967c6dc1289e5ad8cda78f2acb18ad1800a77713a71368a8bf2c3711f172

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
ppc64le
curl-7.29.0-57.el7.ppc64le.rpm SHA-256: ae38700d0017900bc6befd566ce1fbd2b22ecf50148f131fd3938aecb792e195
curl-debuginfo-7.29.0-57.el7.ppc64le.rpm SHA-256: 0b7d78d91dc53ee859806972f34e07e366fb66016bf5d6e515c2ac634ee08af5
libcurl-7.29.0-57.el7.ppc64le.rpm SHA-256: dcaa16740fc50a7dd20c757205c7d343ba095de9d5b2bdeb772487a701a16c98
libcurl-devel-7.29.0-57.el7.ppc64le.rpm SHA-256: e1aa75675b3b16a527e454cc74bc5d436768a116586cf66e5e4cb7b8523e0578

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility