Описание
Security update for curl
This update for curl fixes the following issues:
Security issue fixed:
- CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170).
Список пакетов
Container caasp/v4/389-ds:1.4.2
libcurl4-7.60.0-3.20.1
Container caasp/v4/busybox:1.34.1
libcurl4-7.60.0-3.20.1
Container caasp/v4/caasp-dex:2.16.0
libcurl4-7.60.0-3.20.1
Container caasp/v4/caaspctl-tooling:beta
libcurl4-7.60.0-3.20.1
Container caasp/v4/cert-exporter:2.3.0
libcurl4-7.60.0-3.20.1
Container caasp/v4/cilium-etcd-operator:2.0.5
libcurl4-7.60.0-3.20.1
Container caasp/v4/cilium-init:1.5.3
libcurl4-7.60.0-3.20.1
Container caasp/v4/cilium-operator:1.6.6
libcurl4-7.60.0-3.20.1
Container caasp/v4/cilium:1.6.6
libcurl4-7.60.0-3.20.1
Container caasp/v4/cloud-provider-openstack:1.15.0
libcurl4-7.60.0-3.20.1
Container caasp/v4/configmap-reload:0.3.0
libcurl4-7.60.0-3.20.1
Container caasp/v4/coredns:1.6.7
libcurl4-7.60.0-3.20.1
Container caasp/v4/curl:7.60.0
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Container caasp/v4/etcd:3.4.13
libcurl4-7.60.0-3.20.1
Container caasp/v4/gangway:3.1.0
libcurl4-7.60.0-3.20.1
Container caasp/v4/grafana:7.5.12
libcurl4-7.60.0-3.20.1
Container caasp/v4/helm-tiller:2.16.12
libcurl4-7.60.0-3.20.1
Container caasp/v4/hyperkube:v1.17.17
libcurl4-7.60.0-3.20.1
Container caasp/v4/k8s-sidecar:0.1.75
libcurl4-7.60.0-3.20.1
Container caasp/v4/kube-state-metrics:1.9.3
libcurl4-7.60.0-3.20.1
Container caasp/v4/kubernetes-client:1.17.17
libcurl4-7.60.0-3.20.1
Container caasp/v4/kucero:1.3.0
libcurl4-7.60.0-3.20.1
Container caasp/v4/kured:1.3.0
libcurl4-7.60.0-3.20.1
Container caasp/v4/metrics-server:0.3.6
libcurl4-7.60.0-3.20.1
Container caasp/v4/prometheus-alertmanager:0.16.2
libcurl4-7.60.0-3.20.1
Container caasp/v4/prometheus-node-exporter:1.1.2
libcurl4-7.60.0-3.20.1
Container caasp/v4/prometheus-pushgateway:0.6.0
libcurl4-7.60.0-3.20.1
Container caasp/v4/prometheus-server:2.7.1
libcurl4-7.60.0-3.20.1
Container caasp/v4/rsyslog:8.39.0
libcurl4-7.60.0-3.20.1
Container caasp/v4/skuba-tooling:0.1.0
libcurl4-7.60.0-3.20.1
Container caasp/v4/test-update:beta
libcurl4-7.60.0-3.20.1
Container caasp/v4/velero-plugin-for-aws:1.0.1
libcurl4-7.60.0-3.20.1
Container caasp/v4/velero-plugin-for-gcp:1.0.1
libcurl4-7.60.0-3.20.1
Container caasp/v4/velero-plugin-for-microsoft-azure:1.0.1
libcurl4-7.60.0-3.20.1
Container caasp/v4/velero-restic-restore-helper:1.3.1
libcurl4-7.60.0-3.20.1
Container caasp/v4/velero:1.3.1
libcurl4-7.60.0-3.20.1
Container ses/6/cephcsi/cephcsi:latest
libcurl4-7.60.0-3.20.1
Container ses/6/rook/ceph:latest
libcurl4-7.60.0-3.20.1
Container suse/sle15:15.0
libcurl4-7.60.0-3.20.1
Container suse/sle15:15.1
libcurl4-7.60.0-3.20.1
Image SLES15-Azure-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-EC2-CHOST-HVM-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-EC2-HVM-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-GCE-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-OCI-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SAP-Azure
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SAP-Azure-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SAP-Azure-LI-BYOS-Production
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SAP-EC2-HVM
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SAP-EC2-HVM-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SAP-GCE
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SAP-GCE-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SAP-OCI-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-Azure-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-Azure-HPC-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-CAP-Deployment-BYOS-GCE
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-CHOST-BYOS-Azure
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-CHOST-BYOS-EC2
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-CHOST-BYOS-GCE
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-EC2-HPC-HVM-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-EC2-HVM-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-GCE-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-OCI-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-SAP-Azure
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-SAP-Azure-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-SAP-EC2-HVM
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-SAP-EC2-HVM-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-SAP-GCE
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-SAP-GCE-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-SAP-OCI-BYOS
curl-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-SAPCAL-Azure
curl-7.60.0-3.20.1
libcurl-devel-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-SAPCAL-EC2-HVM
curl-7.60.0-3.20.1
libcurl-devel-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
Image SLES15-SP1-SAPCAL-GCE
curl-7.60.0-3.20.1
libcurl-devel-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
SUSE Linux Enterprise Module for Basesystem 15
curl-7.60.0-3.20.1
libcurl-devel-7.60.0-3.20.1
libcurl4-7.60.0-3.20.1
libcurl4-32bit-7.60.0-3.20.1
Ссылки
- Link for SUSE-SU-2019:1357-1
- E-Mail link for SUSE-SU-2019:1357-1
- SUSE Security Ratings
- SUSE Bug 1135170
- SUSE CVE CVE-2019-5436 page
Описание
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
Затронутые продукты
Container caasp/v4/389-ds:1.4.2:libcurl4-7.60.0-3.20.1
Container caasp/v4/busybox:1.34.1:libcurl4-7.60.0-3.20.1
Container caasp/v4/caasp-dex:2.16.0:libcurl4-7.60.0-3.20.1
Container caasp/v4/caaspctl-tooling:beta:libcurl4-7.60.0-3.20.1
Ссылки
- CVE-2019-5436
- SUSE Bug 1135170
- SUSE Bug 1149496
- SUSE Bug 1154162
- SUSE Bug 1167096