Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758)
- CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758)
- CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
Ссылки
- Link for SUSE-SU-2018:3624-1
- E-Mail link for SUSE-SU-2018:3624-1
- SUSE Security Ratings
- SUSE Bug 1112758
- SUSE Bug 1113660
- SUSE CVE CVE-2018-16839 page
- SUSE CVE CVE-2018-16840 page
- SUSE CVE CVE-2018-16842 page
Описание
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
Затронутые продукты
Ссылки
- CVE-2018-16839
- SUSE Bug 1112758
- SUSE Bug 1113029
- SUSE Bug 1131886
Описание
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
Затронутые продукты
Ссылки
- CVE-2018-16840
- SUSE Bug 1112758
- SUSE Bug 1113029
- SUSE Bug 1122464
Описание
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
Затронутые продукты
Ссылки
- CVE-2018-16842
- SUSE Bug 1113660
- SUSE Bug 1122464