UbuntuUpdates.org

Package "curl"

Name: curl

Description:

command line tool for transferring data with URL syntax

Latest version: 7.47.0-1ubuntu2.19
Release: xenial (16.04)
Level: security
Repository: main
Homepage: http://curl.haxx.se

Links


Download "curl"


Other versions of "curl" in Xenial

Repository Area Version
base main 7.47.0-1ubuntu2
updates main 7.47.0-1ubuntu2.19

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 7.47.0-1ubuntu2.13 2019-05-22 22:06:21 UTC

  curl (7.47.0-1ubuntu2.13) xenial-security; urgency=medium

  * SECURITY UPDATE: TFTP receive buffer overflow
    - debian/patches/CVE-2019-5346.patch: use the current blksize in
      lib/tftp.c.
    - CVE-2019-5346

 -- Marc Deslauriers <email address hidden> Thu, 16 May 2019 08:41:16 -0400

Source diff to previous version
CVE-2019-5346 RESERVED

Version: 7.47.0-1ubuntu2.12 2019-02-06 16:08:03 UTC

  curl (7.47.0-1ubuntu2.12) xenial-security; urgency=medium

  * SECURITY UPDATE: NTLM type-2 out-of-bounds buffer read
    - debian/patches/CVE-2018-16890.patch: fix size check condition for
      type2 received data in lib/curl_ntlm_msgs.c.
    - CVE-2018-16890
  * SECURITY UPDATE: NTLMv2 type-3 header stack buffer overflow
    - debian/patches/CVE-2019-3822.patch: ix *_type3_message size check to
      avoid buffer overflow in lib/curl_ntlm_msgs.c.
    - CVE-2019-3822
  * SECURITY UPDATE: SMTP end-of-response out-of-bounds read
    - debian/patches/CVE-2019-3823.patch: avoid risk of buffer overflow in
      strtol in lib/smtp.c.
    - CVE-2019-3823

 -- Marc Deslauriers <email address hidden> Tue, 29 Jan 2019 08:58:54 -0500

Source diff to previous version
CVE-2018-16890 curl: NTLM type-2 out-of-bounds buffer read
CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow
CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read

Version: 7.47.0-1ubuntu2.11 2018-10-31 13:06:22 UTC

  curl (7.47.0-1ubuntu2.11) xenial-security; urgency=medium

  * SECURITY UPDATE: SASL password overflow via integer overflow
    - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in
      lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check
      in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c.
    - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c.
    - CVE-2018-16839
  * SECURITY UPDATE: warning message out-of-buffer read
    - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c.
    - CVE number pending

 -- Marc Deslauriers <email address hidden> Mon, 29 Oct 2018 08:13:39 -0400

Source diff to previous version
CVE-2018-16839 SASL password overflow via integer overflow

Version: 7.47.0-1ubuntu2.9 2018-09-17 08:06:35 UTC

  curl (7.47.0-1ubuntu2.9) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2018-14618.patch: fix in
      lib/curl_ntlm_core.c.
    - CVE-2018-14618

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 13 Sep 2018 09:13:35 -0300

Source diff to previous version
CVE-2018-14618 curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multipl

Version: 7.47.0-1ubuntu2.8 2018-05-16 16:07:06 UTC

  curl (7.47.0-1ubuntu2.8) xenial-security; urgency=medium

  * SECURITY UPDATE: RTSP bad headers buffer over-read
    - debian/patches/CVE-2018-1000301.patch: restore buffer pointer when
      bad response-line is parsed in lib/http.c.
    - CVE-2018-1000301

 -- Marc Deslauriers <email address hidden> Tue, 08 May 2018 13:52:59 -0400

CVE-2018-1000301 RTSP bad headers buffer over-read



About   -   Send Feedback to @ubuntu_updates