UbuntuUpdates.org

Package "curl"

Name: curl

Description:

command line tool for transferring data with URL syntax

Latest version: 7.55.1-1ubuntu2.6
Release: artful (17.10)
Level: updates
Repository: main
Homepage: http://curl.haxx.se

Links

Save this URL for the latest version of "curl": https://www.ubuntuupdates.org/curl


Download "curl"


Other versions of "curl" in Artful

Repository Area Version
base main 7.55.1-1ubuntu2
security main 7.55.1-1ubuntu2.6

Packages in group

Deleted packages are displayed in grey.

libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-doc libcurl4-gnutls-dev
libcurl4-nss-dev libcurl4-openssl-dev

Changelog

Version: 7.55.1-1ubuntu2.6 2018-07-11 14:07:14 UTC

  curl (7.55.1-1ubuntu2.6) artful-security; urgency=medium

  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

 -- Marc Deslauriers <email address hidden> Wed, 04 Jul 2018 10:20:21 -0400

Source diff to previous version
CVE-2018-0500 SMTP send heap buffer overflow

Version: 7.55.1-1ubuntu2.5 2018-05-16 17:07:29 UTC

  curl (7.55.1-1ubuntu2.5) artful-security; urgency=medium

  * SECURITY UPDATE: FTP shutdown response buffer overflow
    - debian/patches/CVE-2018-1000300.patch: check data size in
      lib/pingpong.c.
    - CVE-2018-1000303
  * SECURITY UPDATE: RTSP bad headers buffer over-read
    - debian/patches/CVE-2018-1000301.patch: restore buffer pointer when
      bad response-line is parsed in lib/http.c.
    - CVE-2018-1000301

 -- Marc Deslauriers <email address hidden> Tue, 08 May 2018 13:51:37 -0400

Source diff to previous version
CVE-2018-1000300 FTP shutdown response buffer overflow
CVE-2018-1000301 RTSP bad headers buffer over-read

Version: 7.55.1-1ubuntu2.4 2018-03-15 15:06:31 UTC

  curl (7.55.1-1ubuntu2.4) artful-security; urgency=medium

  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120-pre.patch: URL decode path for dir
      listing in nocwd mode in lib/ftp.c, add test to tests/*.
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

 -- Marc Deslauriers <email address hidden> Wed, 14 Mar 2018 08:47:46 -0400

Source diff to previous version

Version: 7.55.1-1ubuntu2.3 2018-02-01 01:06:37 UTC

  curl (7.55.1-1ubuntu2.3) artful-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read in code handling HTTP/2
    - debian/patches/CVE-2018-1000005.patch: fix incorrect
      trailer buffer size in lib/http2.c.
    - CVE-2018-1000005
  * SECURITY UPDATE: leak authentication data
    - debian/patches/CVE-2018-1000007.patch: prevent custom
      authorization headers in redirects in lib/http.c,
      lib/url.c, lib/urldata.h, tests/data/Makefile.in,
      tests/data/test317, tests/data/test318.
    - CVE-2018-1000007
  * Removing test that fails to check manpage after CVE-2018-1000007.

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 29 Jan 2018 16:54:19 -0300

Source diff to previous version

Version: 7.55.1-1ubuntu2.2 2017-11-29 16:06:56 UTC

  curl (7.55.1-1ubuntu2.2) artful-security; urgency=medium

  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

 -- Marc Deslauriers <email address hidden> Tue, 28 Nov 2017 07:59:20 -0500

CVE-2017-8816 NTLM buffer overflow via integer overflow
CVE-2017-8817 FTP wildcard out of bounds read



About   -   Send Feedback to @ubuntu_updates