Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2020:3916 - Security Advisory
Issued:
2020-09-29
Updated:
2020-09-29

RHSA-2020:3916 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: curl security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for curl is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1749652 - CVE-2019-5482 curl: heap buffer overflow in function tftp_receive_packet()
  • BZ - 1836773 - POST followed by a GET with large headers on the same connection leads to a NULL dereference

CVEs

  • CVE-2019-5482

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
curl-7.29.0-59.el7.src.rpm SHA-256: 4c8949c0e7a774af187d9003d9503d4f902d82a3970fd8a4a3db1c06b9e2315a
x86_64
curl-7.29.0-59.el7.x86_64.rpm SHA-256: d71df169d5e155914ece85b1b4506c61238812a2ad331371e07950c09575093e
curl-debuginfo-7.29.0-59.el7.i686.rpm SHA-256: 91fbee05110ebc52ddb6beb5f1d5018069f13c6f90ed1055c6beb136270d1375
curl-debuginfo-7.29.0-59.el7.x86_64.rpm SHA-256: e944429e14e8a52495dc7837c60c5c014a441561fe9d96725accc46868e469b3
libcurl-7.29.0-59.el7.i686.rpm SHA-256: ab871e6c32c42d525ece1016f6c00b243e542b58088f0cc4350ca38838cfbbfc
libcurl-7.29.0-59.el7.x86_64.rpm SHA-256: a5ca0ac5ee32aa9c2ba4a02e37fb6cdb7d65df0a7df1a6b795c294b3ed6e242d
libcurl-devel-7.29.0-59.el7.i686.rpm SHA-256: 7e76de9cb32d65e75c9db32117aa7a670701345ab94a83e167a6fad5cb5a87c7
libcurl-devel-7.29.0-59.el7.x86_64.rpm SHA-256: 5e8ac24b23c842c95046ce0a310f22d28833438e9188664af6f515b8753b5381

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
curl-7.29.0-59.el7.src.rpm SHA-256: 4c8949c0e7a774af187d9003d9503d4f902d82a3970fd8a4a3db1c06b9e2315a
x86_64
curl-7.29.0-59.el7.x86_64.rpm SHA-256: d71df169d5e155914ece85b1b4506c61238812a2ad331371e07950c09575093e
curl-debuginfo-7.29.0-59.el7.i686.rpm SHA-256: 91fbee05110ebc52ddb6beb5f1d5018069f13c6f90ed1055c6beb136270d1375
curl-debuginfo-7.29.0-59.el7.x86_64.rpm SHA-256: e944429e14e8a52495dc7837c60c5c014a441561fe9d96725accc46868e469b3
libcurl-7.29.0-59.el7.i686.rpm SHA-256: ab871e6c32c42d525ece1016f6c00b243e542b58088f0cc4350ca38838cfbbfc
libcurl-7.29.0-59.el7.x86_64.rpm SHA-256: a5ca0ac5ee32aa9c2ba4a02e37fb6cdb7d65df0a7df1a6b795c294b3ed6e242d
libcurl-devel-7.29.0-59.el7.i686.rpm SHA-256: 7e76de9cb32d65e75c9db32117aa7a670701345ab94a83e167a6fad5cb5a87c7
libcurl-devel-7.29.0-59.el7.x86_64.rpm SHA-256: 5e8ac24b23c842c95046ce0a310f22d28833438e9188664af6f515b8753b5381

Red Hat Enterprise Linux Workstation 7

SRPM
curl-7.29.0-59.el7.src.rpm SHA-256: 4c8949c0e7a774af187d9003d9503d4f902d82a3970fd8a4a3db1c06b9e2315a
x86_64
curl-7.29.0-59.el7.x86_64.rpm SHA-256: d71df169d5e155914ece85b1b4506c61238812a2ad331371e07950c09575093e
curl-debuginfo-7.29.0-59.el7.i686.rpm SHA-256: 91fbee05110ebc52ddb6beb5f1d5018069f13c6f90ed1055c6beb136270d1375
curl-debuginfo-7.29.0-59.el7.x86_64.rpm SHA-256: e944429e14e8a52495dc7837c60c5c014a441561fe9d96725accc46868e469b3
libcurl-7.29.0-59.el7.i686.rpm SHA-256: ab871e6c32c42d525ece1016f6c00b243e542b58088f0cc4350ca38838cfbbfc
libcurl-7.29.0-59.el7.x86_64.rpm SHA-256: a5ca0ac5ee32aa9c2ba4a02e37fb6cdb7d65df0a7df1a6b795c294b3ed6e242d
libcurl-devel-7.29.0-59.el7.i686.rpm SHA-256: 7e76de9cb32d65e75c9db32117aa7a670701345ab94a83e167a6fad5cb5a87c7
libcurl-devel-7.29.0-59.el7.x86_64.rpm SHA-256: 5e8ac24b23c842c95046ce0a310f22d28833438e9188664af6f515b8753b5381

Red Hat Enterprise Linux Desktop 7

SRPM
curl-7.29.0-59.el7.src.rpm SHA-256: 4c8949c0e7a774af187d9003d9503d4f902d82a3970fd8a4a3db1c06b9e2315a
x86_64
curl-7.29.0-59.el7.x86_64.rpm SHA-256: d71df169d5e155914ece85b1b4506c61238812a2ad331371e07950c09575093e
curl-debuginfo-7.29.0-59.el7.i686.rpm SHA-256: 91fbee05110ebc52ddb6beb5f1d5018069f13c6f90ed1055c6beb136270d1375
curl-debuginfo-7.29.0-59.el7.i686.rpm SHA-256: 91fbee05110ebc52ddb6beb5f1d5018069f13c6f90ed1055c6beb136270d1375
curl-debuginfo-7.29.0-59.el7.x86_64.rpm SHA-256: e944429e14e8a52495dc7837c60c5c014a441561fe9d96725accc46868e469b3
curl-debuginfo-7.29.0-59.el7.x86_64.rpm SHA-256: e944429e14e8a52495dc7837c60c5c014a441561fe9d96725accc46868e469b3
libcurl-7.29.0-59.el7.i686.rpm SHA-256: ab871e6c32c42d525ece1016f6c00b243e542b58088f0cc4350ca38838cfbbfc
libcurl-7.29.0-59.el7.x86_64.rpm SHA-256: a5ca0ac5ee32aa9c2ba4a02e37fb6cdb7d65df0a7df1a6b795c294b3ed6e242d
libcurl-devel-7.29.0-59.el7.i686.rpm SHA-256: 7e76de9cb32d65e75c9db32117aa7a670701345ab94a83e167a6fad5cb5a87c7
libcurl-devel-7.29.0-59.el7.x86_64.rpm SHA-256: 5e8ac24b23c842c95046ce0a310f22d28833438e9188664af6f515b8753b5381

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
curl-7.29.0-59.el7.src.rpm SHA-256: 4c8949c0e7a774af187d9003d9503d4f902d82a3970fd8a4a3db1c06b9e2315a
s390x
curl-7.29.0-59.el7.s390x.rpm SHA-256: 0fe962a4fd4eb7196768bd733789a0d9fcdee678b1963512f53aceea9c6f34e8
curl-debuginfo-7.29.0-59.el7.s390.rpm SHA-256: 8931bd3b245e3782ae12a58e78a594edc8ef6802d044f2bceddcbcb62cf28da9
curl-debuginfo-7.29.0-59.el7.s390x.rpm SHA-256: cd4e604c82b01200d21e1d903793b2ad4ab4c7fb004fc8cd91e5566615f4cfd1
libcurl-7.29.0-59.el7.s390.rpm SHA-256: 154c0ab4e758848830a9e9766d7ebfd0388c50ac984eceee3fc0c48708af7a9c
libcurl-7.29.0-59.el7.s390x.rpm SHA-256: e5edee0413aeda1d79471e37b613b3053ad69dacdb9e58510300808fb11a85d9
libcurl-devel-7.29.0-59.el7.s390.rpm SHA-256: b39943d09c88d5c85cfc5dd0367ac40d12b7602e72f55437534563b30e6c383a
libcurl-devel-7.29.0-59.el7.s390x.rpm SHA-256: 35cf11d8a8301bd01ca9cafff1a1c9d8de1dc170cc84b4952131827408564565

Red Hat Enterprise Linux for Power, big endian 7

SRPM
curl-7.29.0-59.el7.src.rpm SHA-256: 4c8949c0e7a774af187d9003d9503d4f902d82a3970fd8a4a3db1c06b9e2315a
ppc64
curl-7.29.0-59.el7.ppc64.rpm SHA-256: 7768fc94c732fd4177f2622f02bd1b0c32ee83c79e40f2d08d552f0fa252eb77
curl-debuginfo-7.29.0-59.el7.ppc.rpm SHA-256: cf45ed9573b9713a8ee4add275de17059fa6405a52f1609699ebc4511e5d97e2
curl-debuginfo-7.29.0-59.el7.ppc64.rpm SHA-256: 77ba2ee6261ccc6e9cbc5733c7dfbea24c18215aaba4898ca2e0b37df1575c30
libcurl-7.29.0-59.el7.ppc.rpm SHA-256: 8063a94a337c921335181b8c70013d451d139ec3aa5bd0feb8e9c75bc6f64fed
libcurl-7.29.0-59.el7.ppc64.rpm SHA-256: 43753d5643d0d910e36df6cfda54d0c8a18da54553567a3ed13fd0b04e3c96f0
libcurl-devel-7.29.0-59.el7.ppc.rpm SHA-256: f70fe85538b2dee43fe79bea721b2e1b08c444671c32d1bf16f5faf0a2cbd43b
libcurl-devel-7.29.0-59.el7.ppc64.rpm SHA-256: b9a0fa1705b7f040e49e3b39069042f1288690d4bce45657c09b1561d477be74

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
curl-7.29.0-59.el7.src.rpm SHA-256: 4c8949c0e7a774af187d9003d9503d4f902d82a3970fd8a4a3db1c06b9e2315a
x86_64
curl-7.29.0-59.el7.x86_64.rpm SHA-256: d71df169d5e155914ece85b1b4506c61238812a2ad331371e07950c09575093e
curl-debuginfo-7.29.0-59.el7.i686.rpm SHA-256: 91fbee05110ebc52ddb6beb5f1d5018069f13c6f90ed1055c6beb136270d1375
curl-debuginfo-7.29.0-59.el7.i686.rpm SHA-256: 91fbee05110ebc52ddb6beb5f1d5018069f13c6f90ed1055c6beb136270d1375
curl-debuginfo-7.29.0-59.el7.x86_64.rpm SHA-256: e944429e14e8a52495dc7837c60c5c014a441561fe9d96725accc46868e469b3
curl-debuginfo-7.29.0-59.el7.x86_64.rpm SHA-256: e944429e14e8a52495dc7837c60c5c014a441561fe9d96725accc46868e469b3
libcurl-7.29.0-59.el7.i686.rpm SHA-256: ab871e6c32c42d525ece1016f6c00b243e542b58088f0cc4350ca38838cfbbfc
libcurl-7.29.0-59.el7.x86_64.rpm SHA-256: a5ca0ac5ee32aa9c2ba4a02e37fb6cdb7d65df0a7df1a6b795c294b3ed6e242d
libcurl-devel-7.29.0-59.el7.i686.rpm SHA-256: 7e76de9cb32d65e75c9db32117aa7a670701345ab94a83e167a6fad5cb5a87c7
libcurl-devel-7.29.0-59.el7.x86_64.rpm SHA-256: 5e8ac24b23c842c95046ce0a310f22d28833438e9188664af6f515b8753b5381

Red Hat Enterprise Linux for Power, little endian 7

SRPM
curl-7.29.0-59.el7.src.rpm SHA-256: 4c8949c0e7a774af187d9003d9503d4f902d82a3970fd8a4a3db1c06b9e2315a
ppc64le
curl-7.29.0-59.el7.ppc64le.rpm SHA-256: ff8b0031360f82df89974dce61af62552b7133f7fa042221a652745888a80d10
curl-debuginfo-7.29.0-59.el7.ppc64le.rpm SHA-256: 186cdaeaf08e65505899831b587f42d6522a92785aeb438fffeaef53605bc3dc
libcurl-7.29.0-59.el7.ppc64le.rpm SHA-256: 24dfbcb74ef18a855f7f21ff4312164736bd8df7fd8529f1d927e41f82953782
libcurl-devel-7.29.0-59.el7.ppc64le.rpm SHA-256: 04263a7829bcf8b4e065ec705b4389c37588b83a65c3f9117896d03451990877

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
curl-7.29.0-59.el7.src.rpm SHA-256: 4c8949c0e7a774af187d9003d9503d4f902d82a3970fd8a4a3db1c06b9e2315a
s390x
curl-7.29.0-59.el7.s390x.rpm SHA-256: 0fe962a4fd4eb7196768bd733789a0d9fcdee678b1963512f53aceea9c6f34e8
curl-debuginfo-7.29.0-59.el7.s390.rpm SHA-256: 8931bd3b245e3782ae12a58e78a594edc8ef6802d044f2bceddcbcb62cf28da9
curl-debuginfo-7.29.0-59.el7.s390x.rpm SHA-256: cd4e604c82b01200d21e1d903793b2ad4ab4c7fb004fc8cd91e5566615f4cfd1
libcurl-7.29.0-59.el7.s390.rpm SHA-256: 154c0ab4e758848830a9e9766d7ebfd0388c50ac984eceee3fc0c48708af7a9c
libcurl-7.29.0-59.el7.s390x.rpm SHA-256: e5edee0413aeda1d79471e37b613b3053ad69dacdb9e58510300808fb11a85d9
libcurl-devel-7.29.0-59.el7.s390.rpm SHA-256: b39943d09c88d5c85cfc5dd0367ac40d12b7602e72f55437534563b30e6c383a
libcurl-devel-7.29.0-59.el7.s390x.rpm SHA-256: 35cf11d8a8301bd01ca9cafff1a1c9d8de1dc170cc84b4952131827408564565

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
curl-7.29.0-59.el7.src.rpm SHA-256: 4c8949c0e7a774af187d9003d9503d4f902d82a3970fd8a4a3db1c06b9e2315a
ppc64
curl-7.29.0-59.el7.ppc64.rpm SHA-256: 7768fc94c732fd4177f2622f02bd1b0c32ee83c79e40f2d08d552f0fa252eb77
curl-debuginfo-7.29.0-59.el7.ppc.rpm SHA-256: cf45ed9573b9713a8ee4add275de17059fa6405a52f1609699ebc4511e5d97e2
curl-debuginfo-7.29.0-59.el7.ppc64.rpm SHA-256: 77ba2ee6261ccc6e9cbc5733c7dfbea24c18215aaba4898ca2e0b37df1575c30
libcurl-7.29.0-59.el7.ppc.rpm SHA-256: 8063a94a337c921335181b8c70013d451d139ec3aa5bd0feb8e9c75bc6f64fed
libcurl-7.29.0-59.el7.ppc64.rpm SHA-256: 43753d5643d0d910e36df6cfda54d0c8a18da54553567a3ed13fd0b04e3c96f0
libcurl-devel-7.29.0-59.el7.ppc.rpm SHA-256: f70fe85538b2dee43fe79bea721b2e1b08c444671c32d1bf16f5faf0a2cbd43b
libcurl-devel-7.29.0-59.el7.ppc64.rpm SHA-256: b9a0fa1705b7f040e49e3b39069042f1288690d4bce45657c09b1561d477be74

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
curl-7.29.0-59.el7.src.rpm SHA-256: 4c8949c0e7a774af187d9003d9503d4f902d82a3970fd8a4a3db1c06b9e2315a
ppc64le
curl-7.29.0-59.el7.ppc64le.rpm SHA-256: ff8b0031360f82df89974dce61af62552b7133f7fa042221a652745888a80d10
curl-debuginfo-7.29.0-59.el7.ppc64le.rpm SHA-256: 186cdaeaf08e65505899831b587f42d6522a92785aeb438fffeaef53605bc3dc
libcurl-7.29.0-59.el7.ppc64le.rpm SHA-256: 24dfbcb74ef18a855f7f21ff4312164736bd8df7fd8529f1d927e41f82953782
libcurl-devel-7.29.0-59.el7.ppc64le.rpm SHA-256: 04263a7829bcf8b4e065ec705b4389c37588b83a65c3f9117896d03451990877

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility