Описание
Security update for curl
This update for curl fixes several issues:
Security issues fixed:
- CVE-2018-1000301: Fixed a RTSP bad headers buffer over-read could crash the curl client (bsc#1092098)
Non security issues fixed:
- If the DEFAULT_SUSE cipher list is not available use the HIGH cipher alias before failing. (bsc#1086825)
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
curl-7.37.0-37.23.1
libcurl4-7.37.0-37.23.1
libcurl4-32bit-7.37.0-37.23.1
Ссылки
- Link for SUSE-SU-2018:1327-2
- E-Mail link for SUSE-SU-2018:1327-2
- SUSE Security Ratings
- SUSE Bug 1086825
- SUSE Bug 1092098
- SUSE CVE CVE-2018-1000301 page
Описание
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:curl-7.37.0-37.23.1
SUSE Linux Enterprise Server 12 SP2-BCL:libcurl4-32bit-7.37.0-37.23.1
SUSE Linux Enterprise Server 12 SP2-BCL:libcurl4-7.37.0-37.23.1
Ссылки
- CVE-2018-1000301
- SUSE Bug 1092098
- SUSE Bug 1122464