Описание
Security update for curl
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code (bsc#1069226).
- CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function (bsc#1069222).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
curl-7.37.0-37.11.3
libcurl4-7.37.0-37.11.3
libcurl4-32bit-7.37.0-37.11.3
SUSE Linux Enterprise Desktop 12 SP3
curl-7.37.0-37.11.3
libcurl4-7.37.0-37.11.3
libcurl4-32bit-7.37.0-37.11.3
SUSE Linux Enterprise Server 12 SP2
curl-7.37.0-37.11.3
libcurl4-7.37.0-37.11.3
libcurl4-32bit-7.37.0-37.11.3
SUSE Linux Enterprise Server 12 SP3
curl-7.37.0-37.11.3
libcurl4-7.37.0-37.11.3
libcurl4-32bit-7.37.0-37.11.3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
curl-7.37.0-37.11.3
libcurl4-7.37.0-37.11.3
SUSE Linux Enterprise Server for SAP Applications 12 SP2
curl-7.37.0-37.11.3
libcurl4-7.37.0-37.11.3
libcurl4-32bit-7.37.0-37.11.3
SUSE Linux Enterprise Server for SAP Applications 12 SP3
curl-7.37.0-37.11.3
libcurl4-7.37.0-37.11.3
libcurl4-32bit-7.37.0-37.11.3
SUSE Linux Enterprise Software Development Kit 12 SP2
libcurl-devel-7.37.0-37.11.3
SUSE Linux Enterprise Software Development Kit 12 SP3
libcurl-devel-7.37.0-37.11.3
Ссылки
- Link for SUSE-SU-2018:0122-1
- E-Mail link for SUSE-SU-2018:0122-1
- SUSE Security Ratings
- SUSE Bug 1069222
- SUSE Bug 1069226
- SUSE CVE CVE-2017-8816 page
- SUSE CVE CVE-2017-8817 page
Описание
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:curl-7.37.0-37.11.3
SUSE Linux Enterprise Desktop 12 SP2:libcurl4-32bit-7.37.0-37.11.3
SUSE Linux Enterprise Desktop 12 SP2:libcurl4-7.37.0-37.11.3
SUSE Linux Enterprise Desktop 12 SP3:curl-7.37.0-37.11.3
Ссылки
- CVE-2017-8816
- SUSE Bug 1069226
- SUSE Bug 1106019
Описание
The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:curl-7.37.0-37.11.3
SUSE Linux Enterprise Desktop 12 SP2:libcurl4-32bit-7.37.0-37.11.3
SUSE Linux Enterprise Desktop 12 SP2:libcurl4-7.37.0-37.11.3
SUSE Linux Enterprise Desktop 12 SP3:curl-7.37.0-37.11.3
Ссылки
- CVE-2017-8817
- SUSE Bug 1069222