[ol8_u8_baseos_base] libcurl-7.61.1-30.el8.i686

Name:	libcurl
Version:	7.61.1
Release:	30.el8
Architecture:	i686
Group:	Unspecified
Size:	662624
License:	MIT
RPM:	libcurl-7.61.1-30.el8.i686.rpm
Source RPM:	curl-7.61.1-30.el8.src.rpm
Build Date:	Sat Apr 01 2023
Build Host:	build-ol8-i386.oracle.com
Vendor:	Oracle America
URL:	https://curl.haxx.se/
Summary:	A library for getting files from web servers
Description:	libcurl is a free and easy-to-use client-side URL transfer library, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, Kerberos4), file transfer resume, http proxy tunneling and more.

Changelog (Show File list) (Show related packages)

Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-30

- fix HTTP multi-header compression denial of service (CVE-2023-23916)

Tue Feb 07 2023 Kamil Dudka <kdudka@redhat.com> - 7.61.1-29
```
- h2: lower initial window size to 32 MiB (#2166254)
```

Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-28

- smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)

Fri Nov 18 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-27

- upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 (#2139337)

Fri Sep 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-26

- control code in cookie denial of service (CVE-2022-35252)

Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-25

- setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION (#2063703)
- fix HTTP compression denial of service (CVE-2022-32206)
- fix FTP-KRB bad message verification (CVE-2022-32208)

Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-24

- fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
- fix invalid type in printf() argument detected by Coverity

Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.61.1-23

- fix credential leak on redirect (CVE-2022-27774)
- fix auth/cookie leak on redirect (CVE-2022-27776)
- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

Fri Sep 17 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-22

- fix STARTTLS protocol injection via MITM (CVE-2021-22947)
- fix protocol downgrade required TLS bypass (CVE-2021-22946)

Thu Aug 05 2021 Kamil Dudka <kdudka@redhat.com> - 7.61.1-21

- fix TELNET stack contents disclosure again (CVE-2021-22925)
- fix TELNET stack contents disclosure (CVE-2021-22898)
- fix bad connection reuse due to flawed path name checks (CVE-2021-22924)
- disable metalink support to fix the following vulnerabilities
    CVE-2021-22923 - metalink download sends credentials
    CVE-2021-22922 - wrong content via metalink not discarded