SUSE-SU-2018:2423-1

Опубликовано: 17 авг. 2018

Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

Security issue fixed:

CVE-2018-0500: Fix a SMTP send heap buffer overflow (bsc#1099793).

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15

curl-7.60.0-3.6.4

libcurl-devel-7.60.0-3.6.4

libcurl4-7.60.0-3.6.4

libcurl4-32bit-7.60.0-3.6.4

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20182423-1/
Link for SUSE-SU-2018:2423-1
https://lists.suse.com/pipermail/sle-security-updates/2018-August/004471.html
E-Mail link for SUSE-SU-2018:2423-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1099793
SUSE Bug 1099793
https://www.suse.com/security/cve/CVE-2018-0500/
SUSE CVE CVE-2018-0500 page

Описание

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.6.4

SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.6.4

SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.6.4

SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.6.4

Ссылки

https://www.suse.com/security/cve/CVE-2018-0500.html
CVE-2018-0500
https://bugzilla.suse.com/1099793
SUSE Bug 1099793

SUSE-SU-2018:2423-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15

Ссылки

Уязвимость: CVE-2018-0500

Описание

Затронутые продукты

Ссылки