Fedora 22: curl Security Update
Summary
curl is a command line tool for transferring data with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.
Update Information:
- implement public key pinning for NSS backend (#1195771) - fix lingering HTTP credentials in connection re-use (CVE-2015-3236) - prevent SMB from sending off unrelated memory contents (CVE-2015-3237) - curl-config --libs now works on x86_64 without libcurl-devel.x86_64 (#1228363)
Change Log
* Wed Jun 17 2015 Kamil Dudka
References
[ 1 ] Bug #1233814 - CVE-2015-3237 curl: SMB send off unrelated memory contents https://bugzilla.redhat.com/show_bug.cgi?id=1233814 [ 2 ] Bug #1233816 - CVE-2015-3236 curl: lingering HTTP credentials in connection re-use https://bugzilla.redhat.com/show_bug.cgi?id=1233816
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update curl' at the command line. For more information, refer to "Managing Software with yum", available at .