UbuntuUpdates.org

Package "curl"

Name: curl

Description:

command line tool for transferring data with URL syntax

Latest version: 7.58.0-2ubuntu3.5
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: http://curl.haxx.se

Links

Save this URL for the latest version of "curl": https://www.ubuntuupdates.org/curl


Download "curl"


Other versions of "curl" in Bionic

Repository Area Version
base main 7.58.0-2ubuntu3
security main 7.58.0-2ubuntu3.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 7.58.0-2ubuntu3.5 2018-10-31 14:06:59 UTC

  curl (7.58.0-2ubuntu3.5) bionic-security; urgency=medium

  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/vauth/cleartext.c.
    - debian/patches/CVE-2018-16839.patch: fix check in
      lib/vauth/cleartext.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

 -- Marc Deslauriers <email address hidden> Mon, 29 Oct 2018 08:10:57 -0400

Source diff to previous version
CVE-2018-16839 SASL password overflow via integer overflow

Version: 7.58.0-2ubuntu3.3 2018-09-17 10:06:29 UTC

  curl (7.58.0-2ubuntu3.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2018-14618.patch: fix in
      lib/curl_ntlm_core.c.
    - CVE-2018-14618

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 13 Sep 2018 13:06:47 -0300

Source diff to previous version
CVE-2018-14618 curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multipl

Version: 7.58.0-2ubuntu3.2 2018-07-11 14:07:16 UTC

  curl (7.58.0-2ubuntu3.2) bionic-security; urgency=medium

  * SECURITY UPDATE: SMTP send heap buffer overflow
    - debian/patches/CVE-2018-0500.patch: use the upload buffer size for
      scratch buffer malloc in lib/smtp.c.
    - CVE-2018-0500

 -- Marc Deslauriers <email address hidden> Wed, 04 Jul 2018 10:18:17 -0400

Source diff to previous version
CVE-2018-0500 SMTP send heap buffer overflow

Version: 7.58.0-2ubuntu3.1 2018-05-16 17:07:31 UTC

  curl (7.58.0-2ubuntu3.1) bionic-security; urgency=medium

  * SECURITY UPDATE: FTP shutdown response buffer overflow
    - debian/patches/CVE-2018-1000300.patch: check data size in
      lib/pingpong.c.
    - CVE-2018-1000303
  * SECURITY UPDATE: RTSP bad headers buffer over-read
    - debian/patches/CVE-2018-1000301.patch: restore buffer pointer when
      bad response-line is parsed in lib/http.c.
    - CVE-2018-1000301

 -- Marc Deslauriers <email address hidden> Tue, 08 May 2018 13:47:34 -0400

CVE-2018-1000300 FTP shutdown response buffer overflow
CVE-2018-1000301 RTSP bad headers buffer over-read



About   -   Send Feedback to @ubuntu_updates