UbuntuUpdates.org

Package "libcurl3"

Name: libcurl3

Description:

easy-to-use client-side URL transfer library (OpenSSL flavour)

Latest version: 7.52.1-4ubuntu1.4
Release: zesty (17.04)
Level: updates
Repository: main
Head package: curl
Homepage: http://curl.haxx.se

Links

Save this URL for the latest version of "libcurl3": https://www.ubuntuupdates.org/libcurl3


Download "libcurl3"


Other versions of "libcurl3" in Zesty

Repository Area Version
base main 7.52.1-4ubuntu1
security main 7.52.1-4ubuntu1.4

Changelog

Version: 7.52.1-4ubuntu1.4 2017-11-29 16:06:55 UTC

  curl (7.52.1-4ubuntu1.4) zesty-security; urgency=medium

  * SECURITY UPDATE: NTLM buffer overflow via integer overflow
    - debian/patches/CVE-2017-8816.patch: avoid integer overflow for malloc
      size in lib/curl_ntlm_core.c
    - CVE-2017-8816
  * SECURITY UPDATE: FTP wildcard out of bounds read
    - debian/patches/CVE-2017-8817.patch: fix heap buffer overflow in
      setcharset in lib/curl_fnmatch.c, added tests to
      tests/data/Makefile.inc, tests/data/test1163.
    - CVE-2017-8817

 -- Marc Deslauriers <email address hidden> Tue, 28 Nov 2017 08:02:21 -0500

Source diff to previous version
CVE-2017-8816 NTLM buffer overflow via integer overflow
CVE-2017-8817 FTP wildcard out of bounds read

Version: 7.52.1-4ubuntu1.3 2017-10-23 14:06:49 UTC

  curl (7.52.1-4ubuntu1.3) zesty-security; urgency=medium

  * SECURITY UPDATE: IMAP FETCH response out of bounds read
    - debian/patches/CVE-2017-1000257.patch: check size in lib/imap.c.
    - CVE-2017-1000257

 -- Marc Deslauriers <email address hidden> Tue, 17 Oct 2017 13:52:20 -0400

Source diff to previous version
CVE-2017-10002 Vulnerability in the Oracle Hospitality Inventory Management component of Oracle Hospitality Applications (subcomponent: Settings and Config). Suppor

Version: 7.52.1-4ubuntu1.2 2017-10-10 18:06:54 UTC

  curl (7.52.1-4ubuntu1.2) zesty-security; urgency=medium

  * SECURITY UPDATE: TFTP sends more than buffer size
    - debian/patches/CVE-2017-1000100.patch: reject file name lengths that
      don't fit in lib/tftp.c.
    - CVE-2017-1000100
  * SECURITY UPDATE: URL globbing out of bounds read
    - debian/patches/CVE-2017-1000101.patch: do not continue parsing after
      a strtoul() overflow range in src/tool_urlglob.c, added test to
      tests/data/Makefile.inc, tests/data/test1289.
    - CVE-2017-1000101
  * SECURITY UPDATE: FTP PWD response parser out of bounds read
    - debian/patches/CVE-2017-1000254.patch: zero terminate the entry path
      even on bad input in lib/ftp.c, added test to
      tests/data/Makefile.inc, tests/data/test1152.
    - CVE-2017-1000254
  * SECURITY UPDATE: --write-out out of buffer read
    - debian/patches/CVE-2017-7407-2.patch: check for end of input in
      src/tool_writeout.c added test to tests/data/Makefile.inc,
      tests/data/test1442.
    - CVE-2017-7407

 -- Marc Deslauriers <email address hidden> Wed, 04 Oct 2017 08:38:54 -0400

Source diff to previous version
CVE-2017-1000 RESERVED
CVE-2017-7407 The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process me

Version: 7.52.1-4ubuntu1.1 2017-04-21 00:07:17 UTC

  curl (7.52.1-4ubuntu1.1) zesty-security; urgency=medium

  * SECURITY UPDATE: TLS session resumption client cert bypass
    - debian/patches/CVE-2017-7468: Move the sessionid flag to
      ssl_primary_config so that ssl and proxy_ssl will each have
      their own sessionid flag.
    - CVE-2017-7468

 -- Steve Beattie <email address hidden> Mon, 17 Apr 2017 13:20:57 -0700




About   -   Send Feedback to @ubuntu_updates