Описание
Security update for curl
This update for curl fixes the following issues:
Security issue fixed:
- CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
curl-7.37.0-70.41.2
libcurl-devel-7.37.0-70.41.2
libcurl4-7.37.0-70.41.2
SUSE Linux Enterprise Server 11 SP4-LTSS
curl-7.37.0-70.41.2
libcurl4-7.37.0-70.41.2
libcurl4-32bit-7.37.0-70.41.2
SUSE Linux Enterprise Server 11-SECURITY
curl-openssl1-7.37.0-70.41.2
libcurl4-openssl1-7.37.0-70.41.2
libcurl4-openssl1-32bit-7.37.0-70.41.2
libcurl4-openssl1-x86-7.37.0-70.41.2
Ссылки
- Link for SUSE-SU-2019:14064-1
- E-Mail link for SUSE-SU-2019:14064-1
- SUSE Security Ratings
- SUSE Bug 1135170
- SUSE CVE CVE-2019-5436 page
Описание
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:curl-7.37.0-70.41.2
SUSE Linux Enterprise Point of Sale 11 SP3:libcurl-devel-7.37.0-70.41.2
SUSE Linux Enterprise Point of Sale 11 SP3:libcurl4-7.37.0-70.41.2
SUSE Linux Enterprise Server 11 SP4-LTSS:curl-7.37.0-70.41.2
Ссылки
- CVE-2019-5436
- SUSE Bug 1135170
- SUSE Bug 1149496
- SUSE Bug 1154162
- SUSE Bug 1167096