Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2018-1000301: Fixed a buffer over-read caused by bad RTSP headers (bsc#1092098)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
curl-7.37.0-70.30.1
libcurl4-7.37.0-70.30.1
libcurl4-32bit-7.37.0-70.30.1
libcurl4-x86-7.37.0-70.30.1
SUSE Linux Enterprise Server 11-SECURITY
curl-openssl1-7.37.0-70.30.1
libcurl4-openssl1-7.37.0-70.30.1
libcurl4-openssl1-32bit-7.37.0-70.30.1
libcurl4-openssl1-x86-7.37.0-70.30.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
curl-7.37.0-70.30.1
libcurl4-7.37.0-70.30.1
libcurl4-32bit-7.37.0-70.30.1
libcurl4-x86-7.37.0-70.30.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libcurl-devel-7.37.0-70.30.1
Ссылки
- Link for SUSE-SU-2018:1478-1
- E-Mail link for SUSE-SU-2018:1478-1
- SUSE Security Ratings
- SUSE Bug 1092098
- SUSE CVE CVE-2018-1000301 page
Описание
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.30.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.30.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.30.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.37.0-70.30.1
Ссылки
- CVE-2018-1000301
- SUSE Bug 1092098
- SUSE Bug 1122464