Name: | curl |
---|---|
Version: | 7.29.0 |
Release: | 51.0.1.el7_6.3 |
Architecture: | x86_64 |
Group: | Applications/Internet |
Size: | 540317 |
License: | MIT |
RPM: | curl-7.29.0-51.0.1.el7_6.3.x86_64.rpm |
Source RPM: | curl-7.29.0-51.0.1.el7_6.3.src.rpm |
Build Date: | Tue Jul 30 2019 |
Build Host: | x86-ol7-builder-01.us.oracle.com |
Vendor: | Oracle America |
URL: | http://curl.haxx.se/ |
Summary: | A utility for getting files from remote servers (FTP, HTTP, and others) |
Description: | curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. |
- Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html) - CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html) - CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html) - CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html) - CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html) - CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html) - CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html) - CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html) - CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)
- fix NTLM password overflow via integer overflow (CVE-2018-14618)
- prevent curl --rate-limit from crashing on https URLs (#1683292)
- prevent curl --rate-limit from hanging on file URLs (#1281969)
- require a new enough version of nss-pem to avoid regression in yum (#1610998)
- remove dead code, detected by Coverity Analysis - remove unused variable, detected by GCC and Clang
- make curl --speed-limit work with TFTP (#1584750)
- fix RTSP bad headers buffer over-read (CVE-2018-1000301) - fix FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120) - fix LDAP NULL pointer dereference (CVE-2018-1000121) - fix RTSP RTP buffer over-read (CVE-2018-1000122) - http: prevent custom Authorization headers in redirects (CVE-2018-1000007) - doc: --tlsauthtype works only if built with TLS-SRP support (#1542256) - update certificates in the test-suite because they expire soon (#1572723)
- make NSS deallocate PKCS #11 objects early enough (#1510247)
- reset authentication state when HTTP transfer is done (#1511523)