Name: | libcurl |
---|---|
Version: | 7.29.0 |
Release: | 59.0.3.el7_9.2 |
Architecture: | i686 |
Group: | Development/Libraries |
Size: | 433412 |
License: | MIT |
RPM: | libcurl-7.29.0-59.0.3.el7_9.2.i686.rpm |
Source RPM: | curl-7.29.0-59.0.3.el7_9.2.src.rpm |
Build Date: | Tue Dec 12 2023 |
Build Host: | build-ol7-i386.oracle.com |
Vendor: | Oracle America |
URL: | http://curl.haxx.se/ |
Summary: | A library for getting files from web servers |
Description: | libcurl is a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer resume, http proxy tunneling and more. |
- load CA certificates even with --insecure [Orabug: 32836997] - Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724] - Security Fixes [OraBug: 28939992] - CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html) - CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html) - CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html) - CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html) - CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html) - CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html) - CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html) - CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html) - CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html) - Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch
- fix HTTP proxy deny use after free (CVE-2022-43552) - rebuild certs with 2048-bit RSA keys
- avoid overwriting a local file with -J (CVE-2020-8177)
- http: free protocol-specific struct in setup_connection callback (#1836773)
- fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)
- allow curl to POST from a char device (#1769307)
- fix auth failure with duplicated WWW-Authenticate header (#1754736)
- fix TFTP receive buffer overflow (CVE-2019-5436)
- make `curl --tlsv1` backward compatible (#1672639)
- backport the --tls-max option of curl and TLS 1.3 ciphers (#1672639)