Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2020:2505 - Security Advisory
Issued:
2020-06-10
Updated:
2020-06-10

RHSA-2020:2505 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: curl security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for curl is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64
  • Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
  • Red Hat Enterprise Linux Server - TUS 7.7 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7 x86_64

Fixes

  • BZ - 1710620 - CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function

CVEs

  • CVE-2019-5436

References

  • https://access.redhat.com/security/updates/classification/#low
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7

SRPM
curl-7.29.0-54.el7_7.3.src.rpm SHA-256: 315dbba69bd417cf6087dec3f991df790c784763c60bddc9beec76fc5d891992
x86_64
curl-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: 69c14bc294fdf22689b0b3b61cb4afd317c0a66748905c9decdf7848ba1a3c41
curl-debuginfo-7.29.0-54.el7_7.3.i686.rpm SHA-256: 380117c4d9768c5574ec02e10e3a0f7773eea5e31f9c262c9ff0e0c811d23a6c
curl-debuginfo-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: ad2442ec8db4fc915d89c0eaf047a4b8493ebf84a999a3ea321d9aa77a1a0d9d
libcurl-7.29.0-54.el7_7.3.i686.rpm SHA-256: dc9413cef5e5fd18c2d7b11e0e664ce750641972840b5bd5a1c31c47e1c9bcc3
libcurl-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: caa8d46279865939dea2844e4d75c1e6ac4c44d203423155633b17ad4dad2cc4
libcurl-devel-7.29.0-54.el7_7.3.i686.rpm SHA-256: e66f343167f6999ff69c354828f6aaa006fe2a4c85c4945e0a581be7ed5fabd7
libcurl-devel-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: e5c0a925ac94c86f34a57c64048edd991ba8b0ac94ba6663820bc94ed85e7bef

Red Hat Enterprise Linux Server - AUS 7.7

SRPM
curl-7.29.0-54.el7_7.3.src.rpm SHA-256: 315dbba69bd417cf6087dec3f991df790c784763c60bddc9beec76fc5d891992
x86_64
curl-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: 69c14bc294fdf22689b0b3b61cb4afd317c0a66748905c9decdf7848ba1a3c41
curl-debuginfo-7.29.0-54.el7_7.3.i686.rpm SHA-256: 380117c4d9768c5574ec02e10e3a0f7773eea5e31f9c262c9ff0e0c811d23a6c
curl-debuginfo-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: ad2442ec8db4fc915d89c0eaf047a4b8493ebf84a999a3ea321d9aa77a1a0d9d
libcurl-7.29.0-54.el7_7.3.i686.rpm SHA-256: dc9413cef5e5fd18c2d7b11e0e664ce750641972840b5bd5a1c31c47e1c9bcc3
libcurl-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: caa8d46279865939dea2844e4d75c1e6ac4c44d203423155633b17ad4dad2cc4
libcurl-devel-7.29.0-54.el7_7.3.i686.rpm SHA-256: e66f343167f6999ff69c354828f6aaa006fe2a4c85c4945e0a581be7ed5fabd7
libcurl-devel-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: e5c0a925ac94c86f34a57c64048edd991ba8b0ac94ba6663820bc94ed85e7bef

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7

SRPM
curl-7.29.0-54.el7_7.3.src.rpm SHA-256: 315dbba69bd417cf6087dec3f991df790c784763c60bddc9beec76fc5d891992
s390x
curl-7.29.0-54.el7_7.3.s390x.rpm SHA-256: 4dbae52bdcb3676dd6490d772574021ba9eec46597b40e20d8c07a47c5028d7e
curl-debuginfo-7.29.0-54.el7_7.3.s390.rpm SHA-256: e47e1db14a4848840a8b5be10da3c019ddcda574f97332c5577aacedc57d2875
curl-debuginfo-7.29.0-54.el7_7.3.s390x.rpm SHA-256: bd53a18e98b322add5c80f4eb84858abd9ec5af08d1cdef01d9c2e40a7083a85
libcurl-7.29.0-54.el7_7.3.s390.rpm SHA-256: 0fb6bcf48d9a1ba2ad00c87745e2db97b06a8c7b953476b635e24dd63052a167
libcurl-7.29.0-54.el7_7.3.s390x.rpm SHA-256: dc5693d7628e429e20430ddbabaf13029662b767034a409b8a81b4cb71f457ad
libcurl-devel-7.29.0-54.el7_7.3.s390.rpm SHA-256: 79545cdb9615d9e995801d863b7be9d2f8d41cc0883dad015399ccce53276cf0
libcurl-devel-7.29.0-54.el7_7.3.s390x.rpm SHA-256: a05cc6f65543e775f26f86a4270768038375e19730ce59bcbcd61eb8bc324ef8

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7

SRPM
curl-7.29.0-54.el7_7.3.src.rpm SHA-256: 315dbba69bd417cf6087dec3f991df790c784763c60bddc9beec76fc5d891992
ppc64
curl-7.29.0-54.el7_7.3.ppc64.rpm SHA-256: 9385582c38a726389b7501fc2708bce54533474b2416af98518b782ead5ecee6
curl-debuginfo-7.29.0-54.el7_7.3.ppc.rpm SHA-256: 90121bf9268a3e36707389791733097175ba04850bd6eca8a455e8b648207e4e
curl-debuginfo-7.29.0-54.el7_7.3.ppc64.rpm SHA-256: 8d0d72f650b84735f120504d2e9f8eb65e369ea8037c06c7ca82ee4708f28dd6
libcurl-7.29.0-54.el7_7.3.ppc.rpm SHA-256: 8d327c64276a699728f525444c9fd5749c4057edf665274b561c656442aaf037
libcurl-7.29.0-54.el7_7.3.ppc64.rpm SHA-256: e696e81a1fa09e633b6c35cdd09512aacf405582033dd7bbefccd8cc286356ce
libcurl-devel-7.29.0-54.el7_7.3.ppc.rpm SHA-256: 460d47af6f2220456f098a18e2e28091b1513da523a29f7bbb4d6189fa362b05
libcurl-devel-7.29.0-54.el7_7.3.ppc64.rpm SHA-256: 527fbf3252b02536222aca7245b38fec02ded0354567aeece1ba4f8864d94d2a

Red Hat Enterprise Linux EUS Compute Node 7.7

SRPM
curl-7.29.0-54.el7_7.3.src.rpm SHA-256: 315dbba69bd417cf6087dec3f991df790c784763c60bddc9beec76fc5d891992
x86_64
curl-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: 69c14bc294fdf22689b0b3b61cb4afd317c0a66748905c9decdf7848ba1a3c41
curl-debuginfo-7.29.0-54.el7_7.3.i686.rpm SHA-256: 380117c4d9768c5574ec02e10e3a0f7773eea5e31f9c262c9ff0e0c811d23a6c
curl-debuginfo-7.29.0-54.el7_7.3.i686.rpm SHA-256: 380117c4d9768c5574ec02e10e3a0f7773eea5e31f9c262c9ff0e0c811d23a6c
curl-debuginfo-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: ad2442ec8db4fc915d89c0eaf047a4b8493ebf84a999a3ea321d9aa77a1a0d9d
curl-debuginfo-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: ad2442ec8db4fc915d89c0eaf047a4b8493ebf84a999a3ea321d9aa77a1a0d9d
libcurl-7.29.0-54.el7_7.3.i686.rpm SHA-256: dc9413cef5e5fd18c2d7b11e0e664ce750641972840b5bd5a1c31c47e1c9bcc3
libcurl-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: caa8d46279865939dea2844e4d75c1e6ac4c44d203423155633b17ad4dad2cc4
libcurl-devel-7.29.0-54.el7_7.3.i686.rpm SHA-256: e66f343167f6999ff69c354828f6aaa006fe2a4c85c4945e0a581be7ed5fabd7
libcurl-devel-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: e5c0a925ac94c86f34a57c64048edd991ba8b0ac94ba6663820bc94ed85e7bef

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7

SRPM
curl-7.29.0-54.el7_7.3.src.rpm SHA-256: 315dbba69bd417cf6087dec3f991df790c784763c60bddc9beec76fc5d891992
ppc64le
curl-7.29.0-54.el7_7.3.ppc64le.rpm SHA-256: 88e96b13c1048039605b64f527a05d8a11f43f4a030d49e4ea718c8a8bf0a179
curl-debuginfo-7.29.0-54.el7_7.3.ppc64le.rpm SHA-256: f4dab6e9c040bc899a7fc83bc6600e2ba292e267bf19bd24bee8b019650514a1
libcurl-7.29.0-54.el7_7.3.ppc64le.rpm SHA-256: 177719b0e4b9f047dd304041ff7dbc63b77f82f0c9a731180e1965df71adb760
libcurl-devel-7.29.0-54.el7_7.3.ppc64le.rpm SHA-256: ee2b9857b358faa6e6a9278a1daac750dc70b80c9182d260cecbf2d35be40dce

Red Hat Enterprise Linux Server - TUS 7.7

SRPM
curl-7.29.0-54.el7_7.3.src.rpm SHA-256: 315dbba69bd417cf6087dec3f991df790c784763c60bddc9beec76fc5d891992
x86_64
curl-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: 69c14bc294fdf22689b0b3b61cb4afd317c0a66748905c9decdf7848ba1a3c41
curl-debuginfo-7.29.0-54.el7_7.3.i686.rpm SHA-256: 380117c4d9768c5574ec02e10e3a0f7773eea5e31f9c262c9ff0e0c811d23a6c
curl-debuginfo-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: ad2442ec8db4fc915d89c0eaf047a4b8493ebf84a999a3ea321d9aa77a1a0d9d
libcurl-7.29.0-54.el7_7.3.i686.rpm SHA-256: dc9413cef5e5fd18c2d7b11e0e664ce750641972840b5bd5a1c31c47e1c9bcc3
libcurl-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: caa8d46279865939dea2844e4d75c1e6ac4c44d203423155633b17ad4dad2cc4
libcurl-devel-7.29.0-54.el7_7.3.i686.rpm SHA-256: e66f343167f6999ff69c354828f6aaa006fe2a4c85c4945e0a581be7ed5fabd7
libcurl-devel-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: e5c0a925ac94c86f34a57c64048edd991ba8b0ac94ba6663820bc94ed85e7bef

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7

SRPM
curl-7.29.0-54.el7_7.3.src.rpm SHA-256: 315dbba69bd417cf6087dec3f991df790c784763c60bddc9beec76fc5d891992
ppc64le
curl-7.29.0-54.el7_7.3.ppc64le.rpm SHA-256: 88e96b13c1048039605b64f527a05d8a11f43f4a030d49e4ea718c8a8bf0a179
curl-debuginfo-7.29.0-54.el7_7.3.ppc64le.rpm SHA-256: f4dab6e9c040bc899a7fc83bc6600e2ba292e267bf19bd24bee8b019650514a1
libcurl-7.29.0-54.el7_7.3.ppc64le.rpm SHA-256: 177719b0e4b9f047dd304041ff7dbc63b77f82f0c9a731180e1965df71adb760
libcurl-devel-7.29.0-54.el7_7.3.ppc64le.rpm SHA-256: ee2b9857b358faa6e6a9278a1daac750dc70b80c9182d260cecbf2d35be40dce

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7

SRPM
curl-7.29.0-54.el7_7.3.src.rpm SHA-256: 315dbba69bd417cf6087dec3f991df790c784763c60bddc9beec76fc5d891992
x86_64
curl-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: 69c14bc294fdf22689b0b3b61cb4afd317c0a66748905c9decdf7848ba1a3c41
curl-debuginfo-7.29.0-54.el7_7.3.i686.rpm SHA-256: 380117c4d9768c5574ec02e10e3a0f7773eea5e31f9c262c9ff0e0c811d23a6c
curl-debuginfo-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: ad2442ec8db4fc915d89c0eaf047a4b8493ebf84a999a3ea321d9aa77a1a0d9d
libcurl-7.29.0-54.el7_7.3.i686.rpm SHA-256: dc9413cef5e5fd18c2d7b11e0e664ce750641972840b5bd5a1c31c47e1c9bcc3
libcurl-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: caa8d46279865939dea2844e4d75c1e6ac4c44d203423155633b17ad4dad2cc4
libcurl-devel-7.29.0-54.el7_7.3.i686.rpm SHA-256: e66f343167f6999ff69c354828f6aaa006fe2a4c85c4945e0a581be7ed5fabd7
libcurl-devel-7.29.0-54.el7_7.3.x86_64.rpm SHA-256: e5c0a925ac94c86f34a57c64048edd991ba8b0ac94ba6663820bc94ed85e7bef

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Twitter Facebook