Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:2446-1

Опубликовано: 02 сент. 2020
Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

  • An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231]

Список пакетов

Container caasp/v4/389-ds:1.4.2
libcurl4-7.60.0-3.32.1
Container caasp/v4/busybox:1.34.1
libcurl4-7.60.0-3.32.1
Container caasp/v4/caasp-dex:2.16.0
libcurl4-7.60.0-3.32.1
Container caasp/v4/cert-exporter:2.3.0
libcurl4-7.60.0-3.32.1
Container caasp/v4/cilium-etcd-operator:2.0.5
libcurl4-7.60.0-3.32.1
Container caasp/v4/cilium-init:1.5.3
libcurl4-7.60.0-3.32.1
Container caasp/v4/cilium-operator:1.6.6
libcurl4-7.60.0-3.32.1
Container caasp/v4/cilium:1.6.6
libcurl4-7.60.0-3.32.1
Container caasp/v4/cloud-provider-openstack:1.15.0
libcurl4-7.60.0-3.32.1
Container caasp/v4/configmap-reload:0.3.0
libcurl4-7.60.0-3.32.1
Container caasp/v4/coredns:1.6.7
libcurl4-7.60.0-3.32.1
Container caasp/v4/curl:7.60.0
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Container caasp/v4/etcd:3.4.13
libcurl4-7.60.0-3.32.1
Container caasp/v4/gangway:3.1.0
libcurl4-7.60.0-3.32.1
Container caasp/v4/grafana:7.5.12
libcurl4-7.60.0-3.32.1
Container caasp/v4/helm-tiller:2.16.12
libcurl4-7.60.0-3.32.1
Container caasp/v4/hyperkube:v1.17.17
libcurl4-7.60.0-3.32.1
Container caasp/v4/k8s-sidecar:0.1.75
libcurl4-7.60.0-3.32.1
Container caasp/v4/kube-state-metrics:1.9.3
libcurl4-7.60.0-3.32.1
Container caasp/v4/kubernetes-client:1.17.17
libcurl4-7.60.0-3.32.1
Container caasp/v4/kucero:1.3.0
libcurl4-7.60.0-3.32.1
Container caasp/v4/kured:1.3.0
libcurl4-7.60.0-3.32.1
Container caasp/v4/metrics-server:0.3.6
libcurl4-7.60.0-3.32.1
Container caasp/v4/prometheus-alertmanager:0.16.2
libcurl4-7.60.0-3.32.1
Container caasp/v4/prometheus-node-exporter:1.1.2
libcurl4-7.60.0-3.32.1
Container caasp/v4/prometheus-pushgateway:0.6.0
libcurl4-7.60.0-3.32.1
Container caasp/v4/prometheus-server:2.7.1
libcurl4-7.60.0-3.32.1
Container caasp/v4/rsyslog:8.39.0
libcurl4-7.60.0-3.32.1
Container caasp/v4/skuba-tooling:0.1.0
libcurl4-7.60.0-3.32.1
Container caasp/v4/test-update:beta
libcurl4-7.60.0-3.32.1
Container caasp/v4/velero-plugin-for-aws:1.0.1
libcurl4-7.60.0-3.32.1
Container caasp/v4/velero-plugin-for-gcp:1.0.1
libcurl4-7.60.0-3.32.1
Container caasp/v4/velero-plugin-for-microsoft-azure:1.0.1
libcurl4-7.60.0-3.32.1
Container caasp/v4/velero-restic-restore-helper:1.3.1
libcurl4-7.60.0-3.32.1
Container caasp/v4/velero:1.3.1
libcurl4-7.60.0-3.32.1
Container ses/6/cephcsi/cephcsi:latest
libcurl4-7.60.0-3.32.1
Container ses/6/rook/ceph:latest
libcurl4-7.60.0-3.32.1
Container suse/sle15:15.0
libcurl4-7.60.0-3.32.1
Container suse/sle15:15.1
libcurl4-7.60.0-3.32.1
Image SLES15-Azure-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-EC2-CHOST-HVM-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-EC2-HVM-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-GCE-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-OCI-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SAP-Azure
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SAP-Azure-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SAP-Azure-LI-BYOS-Production
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SAP-EC2-HVM
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SAP-EC2-HVM-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SAP-GCE
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SAP-GCE-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SAP-OCI-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-Azure-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-Azure-HPC-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-CAP-Deployment-BYOS-GCE
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-CHOST-BYOS-Azure
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-CHOST-BYOS-EC2
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-CHOST-BYOS-GCE
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-EC2-HPC-HVM-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-EC2-HVM-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-GCE-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-OCI-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-SAP-Azure
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-SAP-Azure-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-SAP-EC2-HVM
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-SAP-EC2-HVM-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-SAP-GCE
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-SAP-GCE-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-SAP-OCI-BYOS
curl-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-SAPCAL-Azure
curl-7.60.0-3.32.1
libcurl-devel-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-SAPCAL-EC2-HVM
curl-7.60.0-3.32.1
libcurl-devel-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
Image SLES15-SP1-SAPCAL-GCE
curl-7.60.0-3.32.1
libcurl-devel-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
curl-7.60.0-3.32.1
libcurl-devel-7.60.0-3.32.1
libcurl4-7.60.0-3.32.1
libcurl4-32bit-7.60.0-3.32.1

Ссылки

Описание

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

Затронутые продукты
Container caasp/v4/389-ds:1.4.2:libcurl4-7.60.0-3.32.1
Container caasp/v4/busybox:1.34.1:libcurl4-7.60.0-3.32.1
Container caasp/v4/caasp-dex:2.16.0:libcurl4-7.60.0-3.32.1
Container caasp/v4/cert-exporter:2.3.0:libcurl4-7.60.0-3.32.1
Ссылки
Уязвимость SUSE-SU-2020:2446-1