Описание
Security update for curl
This update for curl fixes several issues:
Security issues fixed:
- CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client (bsc#1092098)
Non security issues fixed:
- If the DEFAULT_SUSE cipher list is not available use the HIGH cipher alias before failing. (bsc#1086825)
Список пакетов
SUSE Enterprise Storage 4
curl-7.37.0-37.23.1
libcurl4-7.37.0-37.23.1
libcurl4-32bit-7.37.0-37.23.1
SUSE Linux Enterprise Desktop 12 SP3
curl-7.37.0-37.23.1
libcurl4-7.37.0-37.23.1
libcurl4-32bit-7.37.0-37.23.1
SUSE Linux Enterprise Server 12 SP1-LTSS
curl-7.37.0-37.23.1
libcurl4-7.37.0-37.23.1
libcurl4-32bit-7.37.0-37.23.1
SUSE Linux Enterprise Server 12 SP2-LTSS
curl-7.37.0-37.23.1
libcurl4-7.37.0-37.23.1
libcurl4-32bit-7.37.0-37.23.1
SUSE Linux Enterprise Server 12 SP3
curl-7.37.0-37.23.1
libcurl4-7.37.0-37.23.1
libcurl4-32bit-7.37.0-37.23.1
SUSE Linux Enterprise Server 12-LTSS
curl-7.37.0-37.23.1
libcurl4-7.37.0-37.23.1
libcurl4-32bit-7.37.0-37.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
curl-7.37.0-37.23.1
libcurl4-7.37.0-37.23.1
libcurl4-32bit-7.37.0-37.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
curl-7.37.0-37.23.1
libcurl4-7.37.0-37.23.1
libcurl4-32bit-7.37.0-37.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
curl-7.37.0-37.23.1
libcurl4-7.37.0-37.23.1
libcurl4-32bit-7.37.0-37.23.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libcurl-devel-7.37.0-37.23.1
SUSE OpenStack Cloud 7
curl-7.37.0-37.23.1
libcurl4-7.37.0-37.23.1
libcurl4-32bit-7.37.0-37.23.1
Ссылки
- Link for SUSE-SU-2018:1327-1
- E-Mail link for SUSE-SU-2018:1327-1
- SUSE Security Ratings
- SUSE Bug 1086825
- SUSE Bug 1092098
- SUSE CVE CVE-2018-1000301 page
Описание
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
Затронутые продукты
SUSE Enterprise Storage 4:curl-7.37.0-37.23.1
SUSE Enterprise Storage 4:libcurl4-32bit-7.37.0-37.23.1
SUSE Enterprise Storage 4:libcurl4-7.37.0-37.23.1
SUSE Linux Enterprise Desktop 12 SP3:curl-7.37.0-37.23.1
Ссылки
- CVE-2018-1000301
- SUSE Bug 1092098
- SUSE Bug 1122464