UbuntuUpdates.org

Package "libcurl4-openssl-dev"

Name: libcurl4-openssl-dev

Description:

development files and documentation for libcurl (OpenSSL flavour)

Latest version: 8.5.0-2ubuntu10.4
Release: noble (24.04)
Level: security
Repository: main
Head package: curl
Homepage: https://curl.se/

Links


Download "libcurl4-openssl-dev"


Other versions of "libcurl4-openssl-dev" in Noble

Repository Area Version
base main 8.5.0-2ubuntu10
updates main 8.5.0-2ubuntu10.4

Changelog

Version: 8.5.0-2ubuntu10.4 2024-09-16 15:07:09 UTC

  curl (8.5.0-2ubuntu10.4) noble-security; urgency=medium

  * SECURITY UPDATE: OCSP stapling bypass with GnuTLS
    - debian/patches/CVE-2024-8096.patch: fix OCSP stapling management in
      lib/vtls/gtls.c.
    - CVE-2024-8096

 -- Marc Deslauriers <email address hidden> Fri, 06 Sep 2024 07:27:11 -0400

Source diff to previous version
CVE-2024-8096 When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is v

Version: 8.5.0-2ubuntu10.2 2024-08-05 14:07:13 UTC

  curl (8.5.0-2ubuntu10.2) noble-security; urgency=medium

  * SECURITY UPDATE: ASN.1 date parser overread
    - debian/patches/CVE-2024-7264-pre1.patch: clean up GTime2str in
      lib/vtls/x509asn1.c.
    - debian/patches/CVE-2024-7264.patch: unittests and fixes for gtime2str
      in lib/vtls/x509asn1.c, lib/vtls/x509asn1.h, tests/data/Makefile.inc,
      tests/data/test1656, tests/unit/Makefile.inc, tests/unit/unit1656.c.
    - CVE-2024-7264

 -- Marc Deslauriers <email address hidden> Thu, 01 Aug 2024 09:43:08 -0400

Source diff to previous version
CVE-2024-7264 libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect fiel

Version: 8.5.0-2ubuntu10.1 2024-04-29 13:07:04 UTC

  curl (8.5.0-2ubuntu10.1) noble-security; urgency=medium

  * SECURITY UPDATE: Usage of disabled protocol
    - debian/patches/CVE-2024-2004-pre1.patch: test1474: removed.
    - debian/patches/CVE-2024-2004.patch: fix disabling all protocols in
      lib/setopt.c, tests/data/Makefile.inc, tests/data/test1474.
    - CVE-2024-2004
  * SECURITY UPDATE: HTTP/2 push headers memory-leak
    - debian/patches/CVE-2024-2398.patch: push headers better cleanup in
      lib/http2.c.
    - CVE-2024-2398

 -- Marc Deslauriers <email address hidden> Mon, 22 Apr 2024 12:00:57 -0400

CVE-2024-2004 Usage of disabled protocol
CVE-2024-2398 HTTP/2 push headers memory-leak



About   -   Send Feedback to @ubuntu_updates