Описание
Security update for curl
This update for curl fixes the following issues:
These security issues were fixed:
- CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332)
- CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
curl-7.19.7-1.69.1
libcurl4-7.19.7-1.69.1
libcurl4-32bit-7.19.7-1.69.1
libcurl4-x86-7.19.7-1.69.1
SUSE Linux Enterprise Server 11-SECURITY
curl-openssl1-7.19.7-1.69.1
libcurl4-openssl1-7.19.7-1.69.1
libcurl4-openssl1-32bit-7.19.7-1.69.1
libcurl4-openssl1-x86-7.19.7-1.69.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
curl-7.19.7-1.69.1
libcurl4-7.19.7-1.69.1
libcurl4-32bit-7.19.7-1.69.1
libcurl4-x86-7.19.7-1.69.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libcurl-devel-7.19.7-1.69.1
Ссылки
- Link for SUSE-SU-2017:1043-1
- E-Mail link for SUSE-SU-2017:1043-1
- SUSE Security Ratings
- SUSE Bug 1015332
- SUSE Bug 1032309
- SUSE CVE CVE-2016-9586 page
- SUSE CVE CVE-2017-7407 page
Описание
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.69.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.69.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.69.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.19.7-1.69.1
Ссылки
- CVE-2016-9586
- SUSE Bug 1015332
Описание
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.69.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.69.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.69.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.19.7-1.69.1
Ссылки
- CVE-2017-7407
- SUSE Bug 1032309