Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2018-16840: A use-after-free in SASL handle close was fixed (bsc#1112758)
- CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
curl-7.37.0-70.38.1
libcurl4-7.37.0-70.38.1
libcurl4-32bit-7.37.0-70.38.1
libcurl4-x86-7.37.0-70.38.1
SUSE Linux Enterprise Server 11-SECURITY
curl-openssl1-7.37.0-70.38.1
libcurl4-openssl1-7.37.0-70.38.1
libcurl4-openssl1-32bit-7.37.0-70.38.1
libcurl4-openssl1-x86-7.37.0-70.38.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
curl-7.37.0-70.38.1
libcurl4-7.37.0-70.38.1
libcurl4-32bit-7.37.0-70.38.1
libcurl4-x86-7.37.0-70.38.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libcurl-devel-7.37.0-70.38.1
Ссылки
- Link for SUSE-SU-2018:3681-1
- E-Mail link for SUSE-SU-2018:3681-1
- SUSE Security Ratings
- SUSE Bug 1112758
- SUSE Bug 1113660
- SUSE CVE CVE-2018-16840 page
- SUSE CVE CVE-2018-16842 page
Описание
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.37.0-70.38.1
Ссылки
- CVE-2018-16840
- SUSE Bug 1112758
- SUSE Bug 1113029
- SUSE Bug 1122464
Описание
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1
SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.37.0-70.38.1
Ссылки
- CVE-2018-16842
- SUSE Bug 1113660
- SUSE Bug 1122464