Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2020:1020 - Security Advisory
Issued:
2020-03-31
Updated:
2020-03-31

RHSA-2020:1020 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: curl security and bug fix update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for curl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1710620 - CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function
  • BZ - 1754736 - curl does not send Authorization header when receiving WWW-Authenticate header twice
  • BZ - 1769307 - curl fails while attempting to POST a char device

CVEs

  • CVE-2019-5436

References

  • https://access.redhat.com/security/updates/classification/#low
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
x86_64
curl-7.29.0-57.el7.x86_64.rpm SHA-256: d1aa84c42b1bfe203a47307b6e3e461861aa3f32df18b77de031b5ae877fbfa0
curl-debuginfo-7.29.0-57.el7.i686.rpm SHA-256: 629a53a09a7284bdc1b51f801f7ee184e6f0365da74d9ac3cf63fc646a989c06
curl-debuginfo-7.29.0-57.el7.x86_64.rpm SHA-256: fb151319977dbd3ab9dfe3a5850304e99d09200db08ca264886d5084b83a2f34
libcurl-7.29.0-57.el7.i686.rpm SHA-256: 0766ea971cecf41e212823336275a539b5265b1e01507c92925909afe4799c57
libcurl-7.29.0-57.el7.x86_64.rpm SHA-256: 751164e3fbdadbec6232889b9d9920991d278d8b21792bacd888702a263bec54
libcurl-devel-7.29.0-57.el7.i686.rpm SHA-256: 4fee10d4d4894e44ba2a7e36884932dfdc0fc6b3f17bd9052793cc2e3583273b
libcurl-devel-7.29.0-57.el7.x86_64.rpm SHA-256: c0a341ac8b799c297496d037db2f3bec72a366e95c43ddf6ad95105f347c96c0

Red Hat Enterprise Linux Workstation 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
x86_64
curl-7.29.0-57.el7.x86_64.rpm SHA-256: d1aa84c42b1bfe203a47307b6e3e461861aa3f32df18b77de031b5ae877fbfa0
curl-debuginfo-7.29.0-57.el7.i686.rpm SHA-256: 629a53a09a7284bdc1b51f801f7ee184e6f0365da74d9ac3cf63fc646a989c06
curl-debuginfo-7.29.0-57.el7.x86_64.rpm SHA-256: fb151319977dbd3ab9dfe3a5850304e99d09200db08ca264886d5084b83a2f34
libcurl-7.29.0-57.el7.i686.rpm SHA-256: 0766ea971cecf41e212823336275a539b5265b1e01507c92925909afe4799c57
libcurl-7.29.0-57.el7.x86_64.rpm SHA-256: 751164e3fbdadbec6232889b9d9920991d278d8b21792bacd888702a263bec54
libcurl-devel-7.29.0-57.el7.i686.rpm SHA-256: 4fee10d4d4894e44ba2a7e36884932dfdc0fc6b3f17bd9052793cc2e3583273b
libcurl-devel-7.29.0-57.el7.x86_64.rpm SHA-256: c0a341ac8b799c297496d037db2f3bec72a366e95c43ddf6ad95105f347c96c0

Red Hat Enterprise Linux Desktop 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
x86_64
curl-7.29.0-57.el7.x86_64.rpm SHA-256: d1aa84c42b1bfe203a47307b6e3e461861aa3f32df18b77de031b5ae877fbfa0
curl-debuginfo-7.29.0-57.el7.i686.rpm SHA-256: 629a53a09a7284bdc1b51f801f7ee184e6f0365da74d9ac3cf63fc646a989c06
curl-debuginfo-7.29.0-57.el7.i686.rpm SHA-256: 629a53a09a7284bdc1b51f801f7ee184e6f0365da74d9ac3cf63fc646a989c06
curl-debuginfo-7.29.0-57.el7.x86_64.rpm SHA-256: fb151319977dbd3ab9dfe3a5850304e99d09200db08ca264886d5084b83a2f34
curl-debuginfo-7.29.0-57.el7.x86_64.rpm SHA-256: fb151319977dbd3ab9dfe3a5850304e99d09200db08ca264886d5084b83a2f34
libcurl-7.29.0-57.el7.i686.rpm SHA-256: 0766ea971cecf41e212823336275a539b5265b1e01507c92925909afe4799c57
libcurl-7.29.0-57.el7.x86_64.rpm SHA-256: 751164e3fbdadbec6232889b9d9920991d278d8b21792bacd888702a263bec54
libcurl-devel-7.29.0-57.el7.i686.rpm SHA-256: 4fee10d4d4894e44ba2a7e36884932dfdc0fc6b3f17bd9052793cc2e3583273b
libcurl-devel-7.29.0-57.el7.x86_64.rpm SHA-256: c0a341ac8b799c297496d037db2f3bec72a366e95c43ddf6ad95105f347c96c0

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
s390x
curl-7.29.0-57.el7.s390x.rpm SHA-256: 52b26426d2d44a8ca2c8d5997af4843711df1183c66f079311fddf294e9a65da
curl-debuginfo-7.29.0-57.el7.s390.rpm SHA-256: 9908ce95b247a4fc6113fc547a9a2b26b61e5d7c3ba771496b6ccd3a6b3ccf9f
curl-debuginfo-7.29.0-57.el7.s390x.rpm SHA-256: 7c5975bc37f371c23921a0f0d29241281398577e4e9f76a3d7b58e501d1bbcfc
libcurl-7.29.0-57.el7.s390.rpm SHA-256: 24ec866c85f877fd55903b7ad0e90423e1c0ce48b3e882b7ed88dbca813aef25
libcurl-7.29.0-57.el7.s390x.rpm SHA-256: 14df614c64ec461a46f7470abd88ddbea159c38a120ceb06334f3adad1bc647e
libcurl-devel-7.29.0-57.el7.s390.rpm SHA-256: 358b5eec4f55a6a22fcaa890dc76571fbbac02dd71c272877f95d0653af9a204
libcurl-devel-7.29.0-57.el7.s390x.rpm SHA-256: 9557f2db4ac3f448b9bcd59c9766a5b69f6d9090d852f2e697a90a8bf2c6a023

Red Hat Enterprise Linux for Power, big endian 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
ppc64
curl-7.29.0-57.el7.ppc64.rpm SHA-256: fa05f4f275eba906ac5fe902f4ef9d8bf912beae34a2940cc3131ccc404dfd73
curl-debuginfo-7.29.0-57.el7.ppc.rpm SHA-256: 0411dd01fd6d930c5277c6afc6b93baab464feaea9b7ff6f4b6d9d073347789c
curl-debuginfo-7.29.0-57.el7.ppc64.rpm SHA-256: 2a565de450c70a7f741f41003825e541185e366bfb896149e7e687b7541a4c90
libcurl-7.29.0-57.el7.ppc.rpm SHA-256: 57c2bf0bca50006d974002074494c0ca312e7cbb04ef99ed42cce03066e833b1
libcurl-7.29.0-57.el7.ppc64.rpm SHA-256: 9890da164b07dd5dd83527d23e1584bac373338a5ba9bb2df1f0e8020620661d
libcurl-devel-7.29.0-57.el7.ppc.rpm SHA-256: bfaa3903ea59785dc600e2fab1c248c4a7b24af58d1f4e34447f6f6c81539320
libcurl-devel-7.29.0-57.el7.ppc64.rpm SHA-256: 3e3d967c6dc1289e5ad8cda78f2acb18ad1800a77713a71368a8bf2c3711f172

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
x86_64
curl-7.29.0-57.el7.x86_64.rpm SHA-256: d1aa84c42b1bfe203a47307b6e3e461861aa3f32df18b77de031b5ae877fbfa0
curl-debuginfo-7.29.0-57.el7.i686.rpm SHA-256: 629a53a09a7284bdc1b51f801f7ee184e6f0365da74d9ac3cf63fc646a989c06
curl-debuginfo-7.29.0-57.el7.i686.rpm SHA-256: 629a53a09a7284bdc1b51f801f7ee184e6f0365da74d9ac3cf63fc646a989c06
curl-debuginfo-7.29.0-57.el7.x86_64.rpm SHA-256: fb151319977dbd3ab9dfe3a5850304e99d09200db08ca264886d5084b83a2f34
curl-debuginfo-7.29.0-57.el7.x86_64.rpm SHA-256: fb151319977dbd3ab9dfe3a5850304e99d09200db08ca264886d5084b83a2f34
libcurl-7.29.0-57.el7.i686.rpm SHA-256: 0766ea971cecf41e212823336275a539b5265b1e01507c92925909afe4799c57
libcurl-7.29.0-57.el7.x86_64.rpm SHA-256: 751164e3fbdadbec6232889b9d9920991d278d8b21792bacd888702a263bec54
libcurl-devel-7.29.0-57.el7.i686.rpm SHA-256: 4fee10d4d4894e44ba2a7e36884932dfdc0fc6b3f17bd9052793cc2e3583273b
libcurl-devel-7.29.0-57.el7.x86_64.rpm SHA-256: c0a341ac8b799c297496d037db2f3bec72a366e95c43ddf6ad95105f347c96c0

Red Hat Enterprise Linux for Power, little endian 7

SRPM
curl-7.29.0-57.el7.src.rpm SHA-256: ec94d7929cfcf0b79d247b06894c611172bc14970501c0994d7ef027477969f2
ppc64le
curl-7.29.0-57.el7.ppc64le.rpm SHA-256: ae38700d0017900bc6befd566ce1fbd2b22ecf50148f131fd3938aecb792e195
curl-debuginfo-7.29.0-57.el7.ppc64le.rpm SHA-256: 0b7d78d91dc53ee859806972f34e07e366fb66016bf5d6e515c2ac634ee08af5
libcurl-7.29.0-57.el7.ppc64le.rpm SHA-256: dcaa16740fc50a7dd20c757205c7d343ba095de9d5b2bdeb772487a701a16c98
libcurl-devel-7.29.0-57.el7.ppc64le.rpm SHA-256: e1aa75675b3b16a527e454cc74bc5d436768a116586cf66e5e4cb7b8523e0578

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter