SUSE-SU-2019:2009-1

Опубликовано: 29 июл. 2019

Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

Security issue fixed:

CVE-2019-5436: Fixed a heap buffer overflow in tftp_receive_packet() (bsc#1135170).

Список пакетов

Container suse/sles12sp4:latest

libcurl4-7.60.0-4.6.1

Image SLES12-SP4-Azure-BYOS

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

Image SLES12-SP4-EC2-HVM-BYOS

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

Image SLES12-SP4-GCE-BYOS

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

Image SLES12-SP4-OCI-BYOS

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

Image SLES12-SP4-SAP-Azure

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

Image SLES12-SP4-SAP-Azure-BYOS

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

Image SLES12-SP4-SAP-EC2-HVM

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

Image SLES12-SP4-SAP-GCE

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

Image SLES12-SP4-SAP-GCE-BYOS

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

Image SLES12-SP4-SAP-OCI-BYOS

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

SUSE Linux Enterprise Desktop 12 SP4

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

libcurl4-32bit-7.60.0-4.6.1

SUSE Linux Enterprise Server 12 SP4

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

libcurl4-32bit-7.60.0-4.6.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

curl-7.60.0-4.6.1

libcurl4-7.60.0-4.6.1

libcurl4-32bit-7.60.0-4.6.1

SUSE Linux Enterprise Software Development Kit 12 SP4

libcurl-devel-7.60.0-4.6.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20192009-1/
Link for SUSE-SU-2019:2009-1
https://www.suse.com/support/update/announcement/2019/suse-su-20192009-1.html
E-Mail link for SUSE-SU-2019:2009-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1135170
SUSE Bug 1135170
https://www.suse.com/security/cve/CVE-2019-5436/
SUSE CVE CVE-2019-5436 page

Описание

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

Затронутые продукты

Container suse/sles12sp4:latest:libcurl4-7.60.0-4.6.1

Image SLES12-SP4-Azure-BYOS:curl-7.60.0-4.6.1

Image SLES12-SP4-Azure-BYOS:libcurl4-7.60.0-4.6.1

Image SLES12-SP4-EC2-HVM-BYOS:curl-7.60.0-4.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-5436.html
CVE-2019-5436
https://bugzilla.suse.com/1135170
SUSE Bug 1135170
https://bugzilla.suse.com/1149496
SUSE Bug 1149496
https://bugzilla.suse.com/1154162
SUSE Bug 1154162
https://bugzilla.suse.com/1167096
SUSE Bug 1167096

SUSE-SU-2019:2009-1

Описание

Список пакетов

Container suse/sles12sp4:latest

Image SLES12-SP4-Azure-BYOS

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-GCE-BYOS

Image SLES12-SP4-OCI-BYOS

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-Azure-BYOS

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP4-SAP-OCI-BYOS

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP4

Ссылки

Уязвимость: CVE-2019-5436

Описание

Затронутые продукты

Ссылки