Red Hat Product Errata RHSA-2021:0877 - Security Advisory

Issued:: 2021-03-16
Updated:: 2021-03-16

RHSA-2021:0877 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: curl security update

Type/Severity

Security Advisory: Moderate

Topic

An update for curl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

BZ - 1749652 - CVE-2019-5482 curl: heap buffer overflow in function tftp_receive_packet()

CVEs

CVE-2019-5482

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6

SRPM
curl-7.29.0-51.el7_6.4.src.rpm	SHA-256: 98eea574ff9a83cf101b83790aad1c1942bf538d40a438c3bd3ac4e8aa0cd603
x86_64
curl-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: df62442ed3a6f999fe6412121d5c48702f8c1a8607f5f915beeb74691a7f6fad
curl-debuginfo-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 4c94f2ca629c7f09a1699e2dd87252535335dbbaea217f2d33710b99cd88740c
curl-debuginfo-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: 0e3e1ce1263f83a40e9b9f7772d7c21ce9bfc32afb4708a9328037424f695f28
libcurl-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 30273bc35ecdac91fa2454383e4ca46ca121cff77ccd534c13fdf19035cbbf1e
libcurl-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: 88f1a76a503abf2ddb84affc05ccf75c3088602b0b0a80a9a5a9a7fcf78ebbf0
libcurl-devel-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 0db391fdfe599ba7535762d7766cb475155c759c59043ea431348882a943b4f9
libcurl-devel-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: e5cda739285a0f629d9b798498dd1d364073af21fede634336e14211f80e5f3b

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
curl-7.29.0-51.el7_6.4.src.rpm	SHA-256: 98eea574ff9a83cf101b83790aad1c1942bf538d40a438c3bd3ac4e8aa0cd603
x86_64
curl-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: df62442ed3a6f999fe6412121d5c48702f8c1a8607f5f915beeb74691a7f6fad
curl-debuginfo-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 4c94f2ca629c7f09a1699e2dd87252535335dbbaea217f2d33710b99cd88740c
curl-debuginfo-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: 0e3e1ce1263f83a40e9b9f7772d7c21ce9bfc32afb4708a9328037424f695f28
libcurl-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 30273bc35ecdac91fa2454383e4ca46ca121cff77ccd534c13fdf19035cbbf1e
libcurl-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: 88f1a76a503abf2ddb84affc05ccf75c3088602b0b0a80a9a5a9a7fcf78ebbf0
libcurl-devel-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 0db391fdfe599ba7535762d7766cb475155c759c59043ea431348882a943b4f9
libcurl-devel-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: e5cda739285a0f629d9b798498dd1d364073af21fede634336e14211f80e5f3b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6

SRPM
curl-7.29.0-51.el7_6.4.src.rpm	SHA-256: 98eea574ff9a83cf101b83790aad1c1942bf538d40a438c3bd3ac4e8aa0cd603
s390x
curl-7.29.0-51.el7_6.4.s390x.rpm	SHA-256: ef550b398bdf35a6d4141f9a2a6b024f18c72b656f37bae210bd2c549e829939
curl-debuginfo-7.29.0-51.el7_6.4.s390.rpm	SHA-256: 4a53b3ee79a80898ced80063d0f630f8ea19939dccda6c361bb429828cdff5af
curl-debuginfo-7.29.0-51.el7_6.4.s390x.rpm	SHA-256: d8c62c8a0a6138ce435006789102cf897468e68d4d25fd407f71052e6e1da51d
libcurl-7.29.0-51.el7_6.4.s390.rpm	SHA-256: 679a6513ce92a11d8eea19a0c83c502aeb95617364d735ef341a1aea0fda34a0
libcurl-7.29.0-51.el7_6.4.s390x.rpm	SHA-256: 3db63d4dc490aaed9e346b98cca15abf99fc1df16924e3bfee5eeb037a8f29d4
libcurl-devel-7.29.0-51.el7_6.4.s390.rpm	SHA-256: 190ce7986b824c2eda3df62787e4287aeed3a77a8d0d7c624d2d4ba28e1e3b5d
libcurl-devel-7.29.0-51.el7_6.4.s390x.rpm	SHA-256: f4ea2c5d18aab427ac6ff12fc73f08e9515050479853f624aefd23b4112aeb16

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6

SRPM
curl-7.29.0-51.el7_6.4.src.rpm	SHA-256: 98eea574ff9a83cf101b83790aad1c1942bf538d40a438c3bd3ac4e8aa0cd603
ppc64
curl-7.29.0-51.el7_6.4.ppc64.rpm	SHA-256: 057627737a301477a736b362afe16786c1d2e8d0f746507304781a344a3d9e05
curl-debuginfo-7.29.0-51.el7_6.4.ppc.rpm	SHA-256: 433252dfdaa5a807df4fb9a24075a3c04635e0ee0bc056fd159652a21f25a8d4
curl-debuginfo-7.29.0-51.el7_6.4.ppc64.rpm	SHA-256: 5ec6399a72b8111437219fcf616c22885378e9f3cee2e28fe728523d08aa3467
libcurl-7.29.0-51.el7_6.4.ppc.rpm	SHA-256: a058dfdbd2c0886ee0bce12474fb8176fdbcf08a54ad4acfdb4d2fbb62bf9799
libcurl-7.29.0-51.el7_6.4.ppc64.rpm	SHA-256: e5c3ecc35741d77f1b6043e2e2bba3635a107ac73b16628aaacb8399ed889a86
libcurl-devel-7.29.0-51.el7_6.4.ppc.rpm	SHA-256: 01f6d6d1252eb7f632e9b29bbd0fe6ee9957ed5fb39e653a4dbe762162f75e97
libcurl-devel-7.29.0-51.el7_6.4.ppc64.rpm	SHA-256: 5c9f41ad59cf149b82a1d9404aa49139954186a754d38bc57ef4d338c8a1e7c9

Red Hat Enterprise Linux EUS Compute Node 7.6

SRPM
curl-7.29.0-51.el7_6.4.src.rpm	SHA-256: 98eea574ff9a83cf101b83790aad1c1942bf538d40a438c3bd3ac4e8aa0cd603
x86_64
curl-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: df62442ed3a6f999fe6412121d5c48702f8c1a8607f5f915beeb74691a7f6fad
curl-debuginfo-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 4c94f2ca629c7f09a1699e2dd87252535335dbbaea217f2d33710b99cd88740c
curl-debuginfo-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 4c94f2ca629c7f09a1699e2dd87252535335dbbaea217f2d33710b99cd88740c
curl-debuginfo-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: 0e3e1ce1263f83a40e9b9f7772d7c21ce9bfc32afb4708a9328037424f695f28
curl-debuginfo-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: 0e3e1ce1263f83a40e9b9f7772d7c21ce9bfc32afb4708a9328037424f695f28
libcurl-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 30273bc35ecdac91fa2454383e4ca46ca121cff77ccd534c13fdf19035cbbf1e
libcurl-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: 88f1a76a503abf2ddb84affc05ccf75c3088602b0b0a80a9a5a9a7fcf78ebbf0
libcurl-devel-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 0db391fdfe599ba7535762d7766cb475155c759c59043ea431348882a943b4f9
libcurl-devel-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: e5cda739285a0f629d9b798498dd1d364073af21fede634336e14211f80e5f3b

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
curl-7.29.0-51.el7_6.4.src.rpm	SHA-256: 98eea574ff9a83cf101b83790aad1c1942bf538d40a438c3bd3ac4e8aa0cd603
ppc64le
curl-7.29.0-51.el7_6.4.ppc64le.rpm	SHA-256: c6fa6fddf8a64e439e7e1220f240f9002ae48ec198631764c5ee9f68c4d9c6cb
curl-debuginfo-7.29.0-51.el7_6.4.ppc64le.rpm	SHA-256: 225c1e5bf0eb251518d93fdc72d9aad61ef0dfb2e49f027404a9cb06ba031f71
libcurl-7.29.0-51.el7_6.4.ppc64le.rpm	SHA-256: dd044d797ef9856003770b9f2fb683fb16316a0026100faa37e867cc9bdf768c
libcurl-devel-7.29.0-51.el7_6.4.ppc64le.rpm	SHA-256: 04acd26d85303a0ad0ec82dedf3f8972e9d271491d3910aa63d385466ec5bd78

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
curl-7.29.0-51.el7_6.4.src.rpm	SHA-256: 98eea574ff9a83cf101b83790aad1c1942bf538d40a438c3bd3ac4e8aa0cd603
x86_64
curl-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: df62442ed3a6f999fe6412121d5c48702f8c1a8607f5f915beeb74691a7f6fad
curl-debuginfo-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 4c94f2ca629c7f09a1699e2dd87252535335dbbaea217f2d33710b99cd88740c
curl-debuginfo-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: 0e3e1ce1263f83a40e9b9f7772d7c21ce9bfc32afb4708a9328037424f695f28
libcurl-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 30273bc35ecdac91fa2454383e4ca46ca121cff77ccd534c13fdf19035cbbf1e
libcurl-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: 88f1a76a503abf2ddb84affc05ccf75c3088602b0b0a80a9a5a9a7fcf78ebbf0
libcurl-devel-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 0db391fdfe599ba7535762d7766cb475155c759c59043ea431348882a943b4f9
libcurl-devel-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: e5cda739285a0f629d9b798498dd1d364073af21fede634336e14211f80e5f3b

Red Hat Enterprise Linux for Power 9 7

SRPM
curl-7.29.0-51.el7_6.4.src.rpm	SHA-256: 98eea574ff9a83cf101b83790aad1c1942bf538d40a438c3bd3ac4e8aa0cd603
ppc64le
curl-7.29.0-51.el7_6.4.ppc64le.rpm	SHA-256: c6fa6fddf8a64e439e7e1220f240f9002ae48ec198631764c5ee9f68c4d9c6cb
curl-debuginfo-7.29.0-51.el7_6.4.ppc64le.rpm	SHA-256: 225c1e5bf0eb251518d93fdc72d9aad61ef0dfb2e49f027404a9cb06ba031f71
libcurl-7.29.0-51.el7_6.4.ppc64le.rpm	SHA-256: dd044d797ef9856003770b9f2fb683fb16316a0026100faa37e867cc9bdf768c
libcurl-devel-7.29.0-51.el7_6.4.ppc64le.rpm	SHA-256: 04acd26d85303a0ad0ec82dedf3f8972e9d271491d3910aa63d385466ec5bd78

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6

SRPM
curl-7.29.0-51.el7_6.4.src.rpm	SHA-256: 98eea574ff9a83cf101b83790aad1c1942bf538d40a438c3bd3ac4e8aa0cd603
ppc64le
curl-7.29.0-51.el7_6.4.ppc64le.rpm	SHA-256: c6fa6fddf8a64e439e7e1220f240f9002ae48ec198631764c5ee9f68c4d9c6cb
curl-debuginfo-7.29.0-51.el7_6.4.ppc64le.rpm	SHA-256: 225c1e5bf0eb251518d93fdc72d9aad61ef0dfb2e49f027404a9cb06ba031f71
libcurl-7.29.0-51.el7_6.4.ppc64le.rpm	SHA-256: dd044d797ef9856003770b9f2fb683fb16316a0026100faa37e867cc9bdf768c
libcurl-devel-7.29.0-51.el7_6.4.ppc64le.rpm	SHA-256: 04acd26d85303a0ad0ec82dedf3f8972e9d271491d3910aa63d385466ec5bd78

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6

SRPM
curl-7.29.0-51.el7_6.4.src.rpm	SHA-256: 98eea574ff9a83cf101b83790aad1c1942bf538d40a438c3bd3ac4e8aa0cd603
x86_64
curl-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: df62442ed3a6f999fe6412121d5c48702f8c1a8607f5f915beeb74691a7f6fad
curl-debuginfo-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 4c94f2ca629c7f09a1699e2dd87252535335dbbaea217f2d33710b99cd88740c
curl-debuginfo-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: 0e3e1ce1263f83a40e9b9f7772d7c21ce9bfc32afb4708a9328037424f695f28
libcurl-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 30273bc35ecdac91fa2454383e4ca46ca121cff77ccd534c13fdf19035cbbf1e
libcurl-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: 88f1a76a503abf2ddb84affc05ccf75c3088602b0b0a80a9a5a9a7fcf78ebbf0
libcurl-devel-7.29.0-51.el7_6.4.i686.rpm	SHA-256: 0db391fdfe599ba7535762d7766cb475155c759c59043ea431348882a943b4f9
libcurl-devel-7.29.0-51.el7_6.4.x86_64.rpm	SHA-256: e5cda739285a0f629d9b798498dd1d364073af21fede634336e14211f80e5f3b

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
curl-7.29.0-51.el7_6.4.src.rpm	SHA-256: 98eea574ff9a83cf101b83790aad1c1942bf538d40a438c3bd3ac4e8aa0cd603
s390x
curl-7.29.0-51.el7_6.4.s390x.rpm	SHA-256: ef550b398bdf35a6d4141f9a2a6b024f18c72b656f37bae210bd2c549e829939
curl-debuginfo-7.29.0-51.el7_6.4.s390.rpm	SHA-256: 4a53b3ee79a80898ced80063d0f630f8ea19939dccda6c361bb429828cdff5af
curl-debuginfo-7.29.0-51.el7_6.4.s390x.rpm	SHA-256: d8c62c8a0a6138ce435006789102cf897468e68d4d25fd407f71052e6e1da51d
libcurl-7.29.0-51.el7_6.4.s390.rpm	SHA-256: 679a6513ce92a11d8eea19a0c83c502aeb95617364d735ef341a1aea0fda34a0
libcurl-7.29.0-51.el7_6.4.s390x.rpm	SHA-256: 3db63d4dc490aaed9e346b98cca15abf99fc1df16924e3bfee5eeb037a8f29d4
libcurl-devel-7.29.0-51.el7_6.4.s390.rpm	SHA-256: 190ce7986b824c2eda3df62787e4287aeed3a77a8d0d7c624d2d4ba28e1e3b5d
libcurl-devel-7.29.0-51.el7_6.4.s390x.rpm	SHA-256: f4ea2c5d18aab427ac6ff12fc73f08e9515050479853f624aefd23b4112aeb16

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories