SUSE-SU-2019:1363-1

Опубликовано: 28 мая 2019

Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

Security issue fixed:

CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170).

Список пакетов

Container caasp/v4/nginx-ingress-controller:beta1

libcurl4-7.37.0-37.40.1

Container suse/sles12sp3:latest

libcurl4-7.37.0-37.40.1

SUSE Enterprise Storage 4

curl-7.37.0-37.40.1

libcurl4-7.37.0-37.40.1

libcurl4-32bit-7.37.0-37.40.1

SUSE Linux Enterprise Desktop 12 SP3

curl-7.37.0-37.40.1

libcurl4-7.37.0-37.40.1

libcurl4-32bit-7.37.0-37.40.1

SUSE Linux Enterprise Server 12 SP1-LTSS

curl-7.37.0-37.40.1

libcurl4-7.37.0-37.40.1

libcurl4-32bit-7.37.0-37.40.1

SUSE Linux Enterprise Server 12 SP2-BCL

curl-7.37.0-37.40.1

libcurl4-7.37.0-37.40.1

libcurl4-32bit-7.37.0-37.40.1

SUSE Linux Enterprise Server 12 SP2-LTSS

curl-7.37.0-37.40.1

libcurl4-7.37.0-37.40.1

libcurl4-32bit-7.37.0-37.40.1

SUSE Linux Enterprise Server 12 SP3

curl-7.37.0-37.40.1

libcurl4-7.37.0-37.40.1

libcurl4-32bit-7.37.0-37.40.1

SUSE Linux Enterprise Server 12-LTSS

curl-7.37.0-37.40.1

libcurl4-7.37.0-37.40.1

libcurl4-32bit-7.37.0-37.40.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

curl-7.37.0-37.40.1

libcurl4-7.37.0-37.40.1

libcurl4-32bit-7.37.0-37.40.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

curl-7.37.0-37.40.1

libcurl4-7.37.0-37.40.1

libcurl4-32bit-7.37.0-37.40.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

curl-7.37.0-37.40.1

libcurl4-7.37.0-37.40.1

libcurl4-32bit-7.37.0-37.40.1

SUSE Linux Enterprise Software Development Kit 12 SP3

libcurl-devel-7.37.0-37.40.1

SUSE OpenStack Cloud 7

curl-7.37.0-37.40.1

libcurl4-7.37.0-37.40.1

libcurl4-32bit-7.37.0-37.40.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20191363-1/
Link for SUSE-SU-2019:1363-1
https://lists.suse.com/pipermail/sle-security-updates/2019-May/005506.html
E-Mail link for SUSE-SU-2019:1363-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1135170
SUSE Bug 1135170
https://www.suse.com/security/cve/CVE-2019-5436/
SUSE CVE CVE-2019-5436 page

Описание

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

Затронутые продукты

Container caasp/v4/nginx-ingress-controller:beta1:libcurl4-7.37.0-37.40.1

Container suse/sles12sp3:latest:libcurl4-7.37.0-37.40.1

SUSE Enterprise Storage 4:curl-7.37.0-37.40.1

SUSE Enterprise Storage 4:libcurl4-32bit-7.37.0-37.40.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-5436.html
CVE-2019-5436
https://bugzilla.suse.com/1135170
SUSE Bug 1135170
https://bugzilla.suse.com/1149496
SUSE Bug 1149496
https://bugzilla.suse.com/1154162
SUSE Bug 1154162
https://bugzilla.suse.com/1167096
SUSE Bug 1167096

SUSE-SU-2019:1363-1

Описание

Список пакетов

Container caasp/v4/nginx-ingress-controller:beta1

Container suse/sles12sp3:latest

SUSE Enterprise Storage 4

SUSE Linux Enterprise Desktop 12 SP3

SUSE Linux Enterprise Server 12 SP1-LTSS

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server 12-LTSS

SUSE Linux Enterprise Server for SAP Applications 12 SP1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP3

SUSE OpenStack Cloud 7

Ссылки

Уязвимость: CVE-2019-5436

Описание

Затронутые продукты

Ссылки