Name: | libcurl |
---|---|
Version: | 7.61.1 |
Release: | 12.el8 |
Architecture: | x86_64 |
Group: | Unspecified |
Size: | 735032 |
License: | MIT |
RPM: | libcurl-7.61.1-12.el8.x86_64.rpm |
Source RPM: | curl-7.61.1-12.el8.src.rpm |
Build Date: | Sat Feb 15 2020 |
Build Host: | jenkins-10-147-72-125-edfe0f07-3a1d-48b4-98ff-dbe87689a92c.appad1iad.osdevelopmeniad.oraclevcn.com |
Vendor: | Oracle America |
URL: | https://curl.haxx.se/ |
Summary: | A library for getting files from web servers |
Description: | libcurl is a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer resume, http proxy tunneling and more. |
- double free due to subsequent call of realloc() (CVE-2019-5481) - fix heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) - fix TFTP receive buffer overflow (CVE-2019-5436)
- rebuild with updated annobin to prevent Execshield RPMDiff check from failing
- fix SMTP end-of-response out-of-bounds read (CVE-2019-3823) - fix NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822) - fix NTLM type-2 out-of-bounds buffer read (CVE-2018-16890) - xattr: strip credentials from any URL that is stored (CVE-2018-20483)
- do not let libssh create a new socket for SCP/SFTP (#1669156)
- curl -J: do not append to the destination file (#1660827)
- make the patch for CVE-2018-16842 apply properly (CVE-2018-16842)
- SASL password overflow via integer overflow (CVE-2018-16839) - fix use-after-free in handle close (CVE-2018-16840) - fix bad arethmetic when outputting warnings to stderr (CVE-2018-16842)
- enable TLS 1.3 post-handshake auth in OpenSSL (#1636900)
- make the built-in manual compressed again (#1620217)
- update the documentation of --tlsv1.0 in curl(1) man page (#1620217)