UbuntuUpdates.org

Package "curl"

Name: curl

Description:

command line tool for transferring data with URL syntax
Latest version: 7.68.0-1ubuntu2.22
Release: focal (20.04)
Level: security
Repository: main
Homepage: http://curl.haxx.se

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "curl"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "curl" in Focal

Repository Area Version
base main 7.68.0-1ubuntu2
updates main 7.68.0-1ubuntu2.22

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 7.68.0-1ubuntu2.16 2023-02-27 14:07:00 UTC

  curl (7.68.0-1ubuntu2.16) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP multi-header compression denial of service
    - debian/patches/CVE-2023-23916.patch: do not reset stage counter for
      each header in lib/content_encoding.c, lib/urldata.h,
      tests/data/Makefile.inc, tests/data/test418.
    - CVE-2023-23916

 -- Marc Deslauriers <email address hidden> Wed, 15 Feb 2023 08:31:00 -0500
Source diff to previous version
CVE-2023-23916 An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, mea

Version: 7.68.0-1ubuntu2.15 2023-01-05 19:07:29 UTC

  curl (7.68.0-1ubuntu2.15) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP Proxy deny use-after-free
    - debian/patches/CVE-2022-43552.patch: do not free the protocol struct
      in *_done() in lib/smb.c, lib/telnet.c.
    - CVE-2022-43552

 -- Marc Deslauriers <email address hidden> Wed, 04 Jan 2023 12:03:45 -0500
Source diff to previous version
CVE-2022-43552 HTTP Proxy deny use-after-free

Version: 7.68.0-1ubuntu2.14 2022-10-26 19:07:21 UTC

  curl (7.68.0-1ubuntu2.14) focal-security; urgency=medium

  * SECURITY UPDATE: POST following PUT confusion
    - debian/patches/CVE-2022-32221.patch: when POST is set, reset the
      'upload' field in lib/setopt.c.
    - CVE-2022-32221

 -- Marc Deslauriers <email address hidden> Tue, 18 Oct 2022 12:44:11 -0400
Source diff to previous version
CVE-2022-32221 POST following PUT confusion

Version: 7.68.0-1ubuntu2.13 2022-09-01 22:06:20 UTC

  curl (7.68.0-1ubuntu2.13) focal-security; urgency=medium

  * SECURITY UPDATE: when curl sends back cookies with control bytes a
    HTTP(S) server may return a 400 response
    - debian/patches/CVE-2022-35252.patch: adds invalid_octets function
      to lib/cookie.c to reject cookies with control bytes
    - CVE-2022-35252

 -- Mark Esler <email address hidden> Wed, 31 Aug 2022 14:18:34 -0500
Source diff to previous version

Version: 7.68.0-1ubuntu2.12 2022-06-27 16:06:24 UTC

  curl (7.68.0-1ubuntu2.12) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP compression denial of service
    - debian/patches/CVE-2022-32206.patch: return error on too many
      compression steps in lib/content_encoding.c.
    - CVE-2022-32206
  * SECURITY UPDATE: FTP-KRB bad msg verification
    - debian/patches/CVE-2022-32208.patch: return error properly
      on decode errors in lib/krb5.c.
    - CVE-2022-32208

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 22 Jun 2022 11:49:28 -0300


About   -   Send Feedback to @ubuntu_updates