[ol8_baseos_latest] libcurl-7.61.1-18.el8_4.1.i686

Name:	libcurl
Version:	7.61.1
Release:	18.el8_4.1
Architecture:	i686
Group:	Unspecified
Size:	658448
License:	MIT
RPM:	libcurl-7.61.1-18.el8_4.1.i686.rpm
Source RPM:	curl-7.61.1-18.el8_4.1.src.rpm
Build Date:	Tue Sep 21 2021
Build Host:	host-100-100-224-35.blddevtest1iad.osdevelopmeniad.oraclevcn.com
Vendor:	Oracle America
URL:	https://curl.haxx.se/
Summary:	A library for getting files from web servers
Description:	libcurl is a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer resume, http proxy tunneling and more.

Changelog (Show File list) (Show related packages)

Thu Aug 05 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18.el8_4.1

- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
    CVE-2021-22923 - metalink download sends credentials
    CVE-2021-22922 - wrong content via metalink not discarded

Thu Jan 28 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-18

- http: send payload when (proxy) authentication is done (#1918692)
- curl: Inferior OCSP verification (CVE-2020-8286)
- libcurl: FTP wildcard stack overflow (CVE-2020-8285)
- curl: trusting FTP PASV responses (CVE-2020-8284)

Thu Nov 12 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-17

- validate an ssl connection using an intermediate certificate (#1895355)

Fri Nov 06 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-16
```
- fix multiarch conflicts in libcurl-minimal (#1895391)
```

Tue Nov 03 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-15

- do not crash when HTTPS_PROXY and NO_PROXY are used together (#1873327)
- libcurl: wrong connect-only connection (CVE-2020-8231)

Tue Jul 28 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-14
```
- avoid overwriting a local file with -J (CVE-2020-8177)
```
Wed Jul 15 2020 Kamil Dudka <kdudka@redhat.com> - 7.61.1-13
```
- load built-in openssl engines (#1854369)
```

Wed Sep 11 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-12

- double free due to subsequent call of realloc() (CVE-2019-5481)
- fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482)
- fix TFTP receive buffer overflow (CVE-2019-5436)

Mon May 13 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-11

- rebuild with updated annobin to prevent Execshield RPMDiff check from failing

Fri May 10 2019 Kamil Dudka <kdudka@redhat.com> - 7.61.1-10

- fix SMTP end-of-response out-of-bounds read (CVE-2019-3823)
- fix NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)
- fix NTLM type-2 out-of-bounds buffer read (CVE-2018-16890)
- xattr: strip credentials from any URL that is stored (CVE-2018-20483)