Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
curl-7.37.0-70.47.1
libcurl-devel-7.37.0-70.47.1
libcurl4-7.37.0-70.47.1
SUSE Linux Enterprise Server 11 SP4-LTSS
curl-7.37.0-70.47.1
libcurl4-7.37.0-70.47.1
libcurl4-32bit-7.37.0-70.47.1
SUSE Linux Enterprise Server 11-SECURITY
curl-openssl1-7.37.0-70.47.1
libcurl4-openssl1-7.37.0-70.47.1
libcurl4-openssl1-32bit-7.37.0-70.47.1
libcurl4-openssl1-x86-7.37.0-70.47.1
Ссылки
- Link for SUSE-SU-2020:14409-1
- E-Mail link for SUSE-SU-2020:14409-1
- SUSE Security Ratings
- SUSE Bug 1173027
- SUSE CVE CVE-2020-8177 page
Описание
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:curl-7.37.0-70.47.1
SUSE Linux Enterprise Point of Sale 11 SP3:libcurl-devel-7.37.0-70.47.1
SUSE Linux Enterprise Point of Sale 11 SP3:libcurl4-7.37.0-70.47.1
SUSE Linux Enterprise Server 11 SP4-LTSS:curl-7.37.0-70.47.1
Ссылки
- CVE-2020-8177
- SUSE Bug 1173027
- SUSE Bug 1186108