SUSE-SU-2020:1732-1

Опубликовано: 24 июн. 2020

Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027).

Список пакетов

Container caasp/v4/nginx-ingress-controller:beta1

libcurl4-7.37.0-37.47.1

Container suse/sles12sp3:latest

libcurl4-7.37.0-37.47.1

HPE Helion OpenStack 8

curl-7.37.0-37.47.1

libcurl4-7.37.0-37.47.1

libcurl4-32bit-7.37.0-37.47.1

SUSE Enterprise Storage 5

curl-7.37.0-37.47.1

libcurl4-7.37.0-37.47.1

libcurl4-32bit-7.37.0-37.47.1

SUSE Linux Enterprise Server 12 SP2-BCL

curl-7.37.0-37.47.1

libcurl4-7.37.0-37.47.1

libcurl4-32bit-7.37.0-37.47.1

SUSE Linux Enterprise Server 12 SP2-LTSS

curl-7.37.0-37.47.1

libcurl4-7.37.0-37.47.1

libcurl4-32bit-7.37.0-37.47.1

SUSE Linux Enterprise Server 12 SP3-BCL

curl-7.37.0-37.47.1

libcurl4-7.37.0-37.47.1

libcurl4-32bit-7.37.0-37.47.1

SUSE Linux Enterprise Server 12 SP3-LTSS

curl-7.37.0-37.47.1

libcurl4-7.37.0-37.47.1

libcurl4-32bit-7.37.0-37.47.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

curl-7.37.0-37.47.1

libcurl4-7.37.0-37.47.1

libcurl4-32bit-7.37.0-37.47.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

curl-7.37.0-37.47.1

libcurl4-7.37.0-37.47.1

libcurl4-32bit-7.37.0-37.47.1

SUSE OpenStack Cloud 7

curl-7.37.0-37.47.1

libcurl4-7.37.0-37.47.1

libcurl4-32bit-7.37.0-37.47.1

SUSE OpenStack Cloud 8

curl-7.37.0-37.47.1

libcurl4-7.37.0-37.47.1

libcurl4-32bit-7.37.0-37.47.1

SUSE OpenStack Cloud Crowbar 8

curl-7.37.0-37.47.1

libcurl4-7.37.0-37.47.1

libcurl4-32bit-7.37.0-37.47.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201732-1/
Link for SUSE-SU-2020:1732-1
https://lists.suse.com/pipermail/sle-security-updates/2020-June/007017.html
E-Mail link for SUSE-SU-2020:1732-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1173027
SUSE Bug 1173027
https://www.suse.com/security/cve/CVE-2020-8177/
SUSE CVE CVE-2020-8177 page

Описание

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

Затронутые продукты

Container caasp/v4/nginx-ingress-controller:beta1:libcurl4-7.37.0-37.47.1

Container suse/sles12sp3:latest:libcurl4-7.37.0-37.47.1

HPE Helion OpenStack 8:curl-7.37.0-37.47.1

HPE Helion OpenStack 8:libcurl4-32bit-7.37.0-37.47.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8177.html
CVE-2020-8177
https://bugzilla.suse.com/1173027
SUSE Bug 1173027
https://bugzilla.suse.com/1186108
SUSE Bug 1186108

SUSE-SU-2020:1732-1

Описание

Список пакетов

Container caasp/v4/nginx-ingress-controller:beta1

Container suse/sles12sp3:latest

HPE Helion OpenStack 8

SUSE Enterprise Storage 5

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP3-LTSS

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE OpenStack Cloud 7

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud Crowbar 8

Ссылки

Уязвимость: CVE-2020-8177

Описание

Затронутые продукты

Ссылки