UbuntuUpdates.org

Package "libcurl3-gnutls"

Name: libcurl3-gnutls

Description:

easy-to-use client-side URL transfer library (GnuTLS flavour)

Latest version: 7.58.0-2ubuntu3.8
Release: bionic (18.04)
Level: security
Repository: main
Head package: curl
Homepage: http://curl.haxx.se

Links

Save this URL for the latest version of "libcurl3-gnutls": https://www.ubuntuupdates.org/libcurl3-gnutls


Download "libcurl3-gnutls"


Other versions of "libcurl3-gnutls" in Bionic

Repository Area Version
base main 7.58.0-2ubuntu3
updates main 7.58.0-2ubuntu3.8

Changelog

Version: 7.58.0-2ubuntu3.8 2019-09-11 08:06:53 UTC
No changelog available yet.
Source diff to previous version

Version: 7.58.0-2ubuntu3.7 2019-05-22 14:06:49 UTC

  curl (7.58.0-2ubuntu3.7) bionic-security; urgency=medium

  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5346.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5346

 -- Marc Deslauriers <email address hidden> Thu, 16 May 2019 08:40:17 -0400

Source diff to previous version
CVE-2019-5346 RESERVED

Version: 7.58.0-2ubuntu3.6 2019-02-06 17:06:47 UTC

  curl (7.58.0-2ubuntu3.6) bionic-security; urgency=medium

  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/vauth/ntlm.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/vauth/ntlm.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

 -- Marc Deslauriers <email address hidden> Tue, 29 Jan 2019 08:48:30 -0500

Source diff to previous version
CVE-2018-16890 curl: NTLM type-2 out-of-bounds buffer read
CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow
CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read

Version: 7.58.0-2ubuntu3.5 2018-10-31 13:06:24 UTC

  curl (7.58.0-2ubuntu3.5) bionic-security; urgency=medium

  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/vauth/cleartext.c.
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

 -- Marc Deslauriers <email address hidden> Mon, 29 Oct 2018 08:10:57 -0400

Source diff to previous version
CVE-2018-16839 SASL password overflow via integer overflow

Version: 7.58.0-2ubuntu3.3 2018-09-17 08:06:37 UTC

  curl (7.58.0-2ubuntu3.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2018-14618.patch: fix in
      lib/curl_ntlm_core.c.
    - CVE-2018-14618

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 13 Sep 2018 13:06:47 -0300

CVE-2018-14618 curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multipl



About   -   Send Feedback to @ubuntu_updates