Описание
Security update for curl
This update for curl fixes the following issues:
Security issue fixed:
- CVE-2019-5436: Fixed a heap buffer overflow in tftp_receive_packet() (bsc#1135170).
Список пакетов
Container suse/sles12sp4:latest
libcurl4-7.60.0-4.6.1
SUSE Linux Enterprise Desktop 12 SP4
curl-7.60.0-4.6.1
libcurl4-7.60.0-4.6.1
libcurl4-32bit-7.60.0-4.6.1
SUSE Linux Enterprise Server 12 SP4
curl-7.60.0-4.6.1
libcurl4-7.60.0-4.6.1
libcurl4-32bit-7.60.0-4.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
curl-7.60.0-4.6.1
libcurl4-7.60.0-4.6.1
libcurl4-32bit-7.60.0-4.6.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libcurl-devel-7.60.0-4.6.1
Ссылки
- Link for SUSE-SU-2019:2009-1
- E-Mail link for SUSE-SU-2019:2009-1
- SUSE Security Ratings
- SUSE Bug 1135170
- SUSE CVE CVE-2019-5436 page
Описание
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
Затронутые продукты
Container suse/sles12sp4:latest:libcurl4-7.60.0-4.6.1
SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.6.1
SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.6.1
SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.6.1
Ссылки
- CVE-2019-5436
- SUSE Bug 1135170
- SUSE Bug 1149496
- SUSE Bug 1154162
- SUSE Bug 1167096