[ol8_baseos_latest] curl-7.61.1-18.el8_4.2.aarch64

Name:	curl
Version:	7.61.1
Release:	18.el8_4.2
Architecture:	aarch64
Group:	Unspecified
Size:	733653
License:	MIT
RPM:	curl-7.61.1-18.el8_4.2.aarch64.rpm
Source RPM:	curl-7.61.1-18.el8_4.2.src.rpm
Build Date:	Tue Nov 02 2021
Build Host:	build-ol8-aarch64.oracle.com
Vendor:	Oracle America
URL:	https://curl.haxx.se/
Summary:	A utility for getting files from remote servers (FTP, HTTP, and others)
Description:	curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks.

Changelog (Show File list) (Show related packages)

Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18.el8_4.2

- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
- fix protocol downgrade required TLS bypass (CVE-2021-22946)

Thu Aug 05 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18.el8_4.1

- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
    CVE-2021-22923 - metalink download sends credentials
    CVE-2021-22922 - wrong content via metalink not discarded

Thu Jan 28 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18

- http: send payload when (proxy) authentication is done (#1918692)
- curl: Inferior OCSP verification (CVE-2020-8286)
- libcurl: FTP wildcard stack overflow (CVE-2020-8285)
- curl: trusting FTP PASV responses (CVE-2020-8284)

Thu Nov 12 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-17

- validate an ssl connection using an intermediate certificate (#1895355)

Fri Nov 06 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-16
```
- fix multiarch conflicts in libcurl-minimal (#1895391)
```

Tue Nov 03 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-15

- do not crash when HTTPS_PROXY and NO_PROXY are used together (#1873327)
- libcurl: wrong connect-only connection (CVE-2020-8231)

Tue Jul 28 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-14
```
- avoid overwriting a local file with -J (CVE-2020-8177)
```
Wed Jul 15 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-13
```
- load built-in openssl engines (#1854369)
```

Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-12

- double free due to subsequent call of realloc() (CVE-2019-5481)
- fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)
- fix TFTP receive buffer overflow (CVE-2019-5436)

Mon May 13 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-11

- rebuild with updated annobin to prevent Execshield RPMDiff check from failing