| Name: | curl |
|---|---|
| Version: | 7.61.1 |
| Release: | 12.el8 |
| Architecture: | aarch64 |
| Group: | Unspecified |
| Size: | 733734 |
| License: | MIT |
| RPM: | curl-7.61.1-12.el8.aarch64.rpm |
| Source RPM: | curl-7.61.1-12.el8.src.rpm |
| Build Date: | Fri Feb 21 2020 |
| Build Host: | ca-arm-jenkins-builder-01 |
| Vendor: | Oracle America |
| URL: | https://curl.haxx.se/ |
| Summary: | A utility for getting files from remote servers (FTP, HTTP, and others) |
| Description: | curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. |
- double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) - fix TFTP receive buffer overflow (CVE-2019-5436)
- rebuild with updated annobin to prevent Execshield RPMDiff check from failing
- fix SMTP end-of-response out-of-bounds read (CVE-2019-3823) - fix NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822) - fix NTLM type-2 out-of-bounds buffer read (CVE-2018-16890) - xattr: strip credentials from any URL that is stored (CVE-2018-20483)
- do not let libssh create a new socket for SCP/SFTP (#1669156)
- curl -J: do not append to the destination file (#1660827)
- make the patch for CVE-2018-16842 apply properly (CVE-2018-16842)
- SASL password overflow via integer overflow (CVE-2018-16839) - fix use-after-free in handle close (CVE-2018-16840) - fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)
- enable TLS 1.3 post-handshake auth in OpenSSL (#1636900)
- make the built-in manual compressed again (#1620217)
- update the documentation of --tlsv1.0 in curl(1) man page (#1620217)