SUSE-SU-2020:1735-1

Опубликовано: 24 июн. 2020

Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027).

Список пакетов

Container suse/sles12sp4:latest

libcurl4-7.60.0-4.15.2

Image SLES12-SP4-Azure-BYOS

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

Image SLES12-SP4-EC2-HVM-BYOS

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

Image SLES12-SP4-GCE-BYOS

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

Image SLES12-SP4-OCI-BYOS

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

Image SLES12-SP4-SAP-Azure

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

Image SLES12-SP4-SAP-Azure-BYOS

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

Image SLES12-SP4-SAP-EC2-HVM

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

Image SLES12-SP4-SAP-EC2-HVM-BYOS

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

Image SLES12-SP4-SAP-GCE

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

Image SLES12-SP4-SAP-GCE-BYOS

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

Image SLES12-SP4-SAP-OCI-BYOS

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

SUSE Linux Enterprise Server 12 SP4

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

libcurl4-32bit-7.60.0-4.15.2

SUSE Linux Enterprise Server for SAP Applications 12 SP4

curl-7.60.0-4.15.2

libcurl4-7.60.0-4.15.2

libcurl4-32bit-7.60.0-4.15.2

SUSE Linux Enterprise Software Development Kit 12 SP4

libcurl-devel-7.60.0-4.15.2

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201735-1/
Link for SUSE-SU-2020:1735-1
https://lists.suse.com/pipermail/sle-security-updates/2020-June/007023.html
E-Mail link for SUSE-SU-2020:1735-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1173027
SUSE Bug 1173027
https://www.suse.com/security/cve/CVE-2020-8177/
SUSE CVE CVE-2020-8177 page

Описание

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

Затронутые продукты

Container suse/sles12sp4:latest:libcurl4-7.60.0-4.15.2

Image SLES12-SP4-Azure-BYOS:curl-7.60.0-4.15.2

Image SLES12-SP4-Azure-BYOS:libcurl4-7.60.0-4.15.2

Image SLES12-SP4-EC2-HVM-BYOS:curl-7.60.0-4.15.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-8177.html
CVE-2020-8177
https://bugzilla.suse.com/1173027
SUSE Bug 1173027
https://bugzilla.suse.com/1186108
SUSE Bug 1186108

SUSE-SU-2020:1735-1

Описание

Список пакетов

Container suse/sles12sp4:latest

Image SLES12-SP4-Azure-BYOS

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-GCE-BYOS

Image SLES12-SP4-OCI-BYOS

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-Azure-BYOS

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP4-SAP-OCI-BYOS

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP4

Ссылки

Уязвимость: CVE-2020-8177

Описание

Затронутые продукты

Ссылки