UbuntuUpdates.org

Package "curl"

Name: curl

Description:

command line tool for transferring data with URL syntax

Latest version: 7.47.0-1ubuntu2.11
Release: xenial (16.04)
Level: updates
Repository: main
Homepage: http://curl.haxx.se

Links

Save this URL for the latest version of "curl": https://www.ubuntuupdates.org/curl


Download "curl"


Other versions of "curl" in Xenial

Repository Area Version
base main 7.47.0-1ubuntu2
security main 7.47.0-1ubuntu2.11

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 7.47.0-1ubuntu2.11 2018-10-31 14:06:57 UTC

  curl (7.47.0-1ubuntu2.11) xenial-security; urgency=medium

  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in
      lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

 -- Marc Deslauriers <email address hidden> Mon, 29 Oct 2018 08:13:39 -0400

Source diff to previous version
CVE-2018-16839 SASL password overflow via integer overflow

Version: 7.47.0-1ubuntu2.9 2018-09-17 10:06:24 UTC

  curl (7.47.0-1ubuntu2.9) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2018-14618.patch: fix in
      lib/curl_ntlm_core.c.
    - CVE-2018-14618

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 13 Sep 2018 09:13:35 -0300

Source diff to previous version
CVE-2018-14618 curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multipl

Version: 7.47.0-1ubuntu2.8 2018-05-16 17:07:27 UTC

  curl (7.47.0-1ubuntu2.8) xenial-security; urgency=medium

  * SECURITY UPDATE: RTSP bad headers buffer over-read
    - debian/patches/CVE-2018-1000301.patch: restore buffer pointer when
      bad response-line is parsed in lib/http.c.
    - CVE-2018-1000301

 -- Marc Deslauriers <email address hidden> Tue, 08 May 2018 13:52:59 -0400

Source diff to previous version
CVE-2018-1000301 RTSP bad headers buffer over-read

Version: 7.47.0-1ubuntu2.7 2018-03-15 15:06:27 UTC

  curl (7.47.0-1ubuntu2.7) xenial-security; urgency=medium

  * SECURITY UPDATE: FTP path trickery leads to NIL byte OOB write
    - debian/patches/CVE-2018-1000120-pre1.patch: avoid using
      curl_easy_unescape() internally in lib/ftp.c.
    - debian/patches/CVE-2018-1000120-pre2.patch: URL decode path for dir
      listing in nocwd mode in lib/ftp.c, add test to tests/*.
    - debian/patches/CVE-2018-1000120-pre3.patch: remove dead code in
      ftp_done in lib/ftp.c.
    - debian/patches/CVE-2018-1000120-pre4.patch: don't clobber the passed
      in error code in lib/ftp.c.
    - debian/patches/CVE-2018-1000120.patch: reject path components with
      control codes in lib/ftp.c, add test to tests/*.
    - CVE-2018-1000120
  * SECURITY UPDATE: LDAP NULL pointer dereference
    - debian/patches/CVE-2018-1000121.patch: check ldap_get_attribute_ber()
      results for NULL before using in lib/openldap.c.
    - CVE-2018-1000121
  * SECURITY UPDATE: RTSP RTP buffer over-read
    - debian/patches/CVE-2018-1000122.patch: make sure excess reads don't
      go beyond buffer end in lib/transfer.c.
    - CVE-2018-1000122

 -- Marc Deslauriers <email address hidden> Wed, 14 Mar 2018 09:04:46 -0400

Source diff to previous version

Version: 7.47.0-1ubuntu2.6 2018-02-01 01:06:36 UTC

  curl (7.47.0-1ubuntu2.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read in code handling HTTP/2
    - debian/patches/CVE-2018-1000005.patch: fix incorrect
      trailer buffer size in lib/http2.c.
    - CVE-2018-1000005
  * SECURITY UPDATE: leak authentication data
    - debian/patches/CVE-2018-1000007.patch: prevent custom
      authorization headers in redirects in lib/http.c,
      lib/url.c, lib/urldata.h, tests/data/Makefile.in,
      tests/data/test317, tests/data/test318.
    - CVE-2018-1000007

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 29 Jan 2018 16:06:08 -0300




About   -   Send Feedback to @ubuntu_updates