SUSE-SU-2020:3735-1

Опубликовано: 09 дек. 2020

Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593).
CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399).
CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398).

Список пакетов

Container bci/bci-init:15.3

libcurl4-7.66.0-4.11.1

Container bci/dotnet-aspnet:3.1

libcurl4-7.66.0-4.11.1

Container bci/dotnet-aspnet:5.0

libcurl4-7.66.0-4.11.1

Container bci/dotnet-aspnet:latest

libcurl4-7.66.0-4.11.1

Container bci/dotnet-runtime:3.1

libcurl4-7.66.0-4.11.1

Container bci/dotnet-runtime:5.0

libcurl4-7.66.0-4.11.1

Container bci/dotnet-runtime:latest

libcurl4-7.66.0-4.11.1

Container bci/dotnet-sdk:3.1

libcurl4-7.66.0-4.11.1

Container bci/dotnet-sdk:5.0

libcurl4-7.66.0-4.11.1

Container bci/dotnet-sdk:latest

libcurl4-7.66.0-4.11.1

Container bci/golang:1.16

libcurl4-7.66.0-4.11.1

Container bci/golang:1.17

libcurl4-7.66.0-4.11.1

Container bci/golang:latest

libcurl4-7.66.0-4.11.1

Container bci/node:12

libcurl4-7.66.0-4.11.1

Container bci/node:14

libcurl4-7.66.0-4.11.1

Container bci/nodejs:latest

libcurl4-7.66.0-4.11.1

Container bci/openjdk-devel:11

libcurl4-7.66.0-4.11.1

Container bci/openjdk:latest

libcurl4-7.66.0-4.11.1

Container bci/python:3

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Container bci/ruby:latest

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Container ses/7.1/ceph/grafana:latest

libcurl4-7.66.0-4.11.1

Container ses/7.1/ceph/haproxy:latest

libcurl4-7.66.0-4.11.1

Container ses/7.1/ceph/keepalived:latest

libcurl4-7.66.0-4.11.1

Container ses/7.1/ceph/prometheus-alertmanager:latest

libcurl4-7.66.0-4.11.1

Container ses/7.1/ceph/prometheus-node-exporter:latest

libcurl4-7.66.0-4.11.1

Container ses/7.1/ceph/prometheus-server:latest

libcurl4-7.66.0-4.11.1

Container ses/7.1/ceph/prometheus-snmp_notifier:latest

libcurl4-7.66.0-4.11.1

Container ses/7.1/cephcsi/cephcsi:latest

libcurl4-7.66.0-4.11.1

Container ses/7.1/cephcsi/csi-attacher:v4.1.0

libcurl4-7.66.0-4.11.1

Container ses/7.1/cephcsi/csi-node-driver-registrar:v2.7.0

libcurl4-7.66.0-4.11.1

Container ses/7.1/cephcsi/csi-provisioner:v3.4.0

libcurl4-7.66.0-4.11.1

Container ses/7.1/cephcsi/csi-resizer:v1.7.0

libcurl4-7.66.0-4.11.1

Container ses/7.1/cephcsi/csi-snapshotter:v6.2.1

libcurl4-7.66.0-4.11.1

Container ses/7.1/rook/ceph:latest

libcurl4-7.66.0-4.11.1

Container ses/7/ceph/grafana:latest

libcurl4-7.66.0-4.11.1

Container ses/7/ceph/prometheus-alertmanager:latest

libcurl4-7.66.0-4.11.1

Container ses/7/ceph/prometheus-node-exporter:latest

libcurl4-7.66.0-4.11.1

Container ses/7/ceph/prometheus-server:latest

libcurl4-7.66.0-4.11.1

Container ses/7/cephcsi/cephcsi:latest

libcurl4-7.66.0-4.11.1

Container ses/7/cephcsi/csi-attacher:v3.3.0

libcurl4-7.66.0-4.11.1

Container ses/7/cephcsi/csi-livenessprobe:v1.1.0

libcurl4-7.66.0-4.11.1

Container ses/7/cephcsi/csi-node-driver-registrar:v2.3.0

libcurl4-7.66.0-4.11.1

Container ses/7/cephcsi/csi-provisioner:v3.0.0

libcurl4-7.66.0-4.11.1

Container ses/7/cephcsi/csi-resizer:v1.3.0

libcurl4-7.66.0-4.11.1

Container ses/7/cephcsi/csi-snapshotter:v2.1.0

libcurl4-7.66.0-4.11.1

Container ses/7/cephcsi/csi-snapshotter:v4.2.0

libcurl4-7.66.0-4.11.1

Container ses/7/prometheus-webhook-snmp:latest

libcurl4-7.66.0-4.11.1

Container ses/7/rook/ceph:latest

libcurl4-7.66.0-4.11.1

Container suse/pcp:latest

libcurl4-7.66.0-4.11.1

Container suse/rmt-mariadb-client:latest

libcurl4-7.66.0-4.11.1

Container suse/rmt-mariadb:latest

libcurl4-7.66.0-4.11.1

Container suse/rmt-nginx:latest

libcurl4-7.66.0-4.11.1

Container suse/rmt-server:latest

libcurl4-7.66.0-4.11.1

Container suse/sle-micro-rancher/5.2:latest

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Container suse/sle-micro/5.0/toolbox:latest

libcurl4-7.66.0-4.11.1

Container suse/sle-micro/5.1/toolbox:latest

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Container suse/sle-micro/5.2/toolbox:latest

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Container suse/sle15:15.2

libcurl4-7.66.0-4.11.1

Container suse/sle15:15.3

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Container suse/sles/15.2/virt-api:0.38.1

libcurl4-7.66.0-4.11.1

Container suse/sles/15.2/virt-controller:0.38.1

libcurl4-7.66.0-4.11.1

Container suse/sles/15.2/virt-handler:0.38.1

libcurl4-7.66.0-4.11.1

Container suse/sles/15.2/virt-launcher:0.38.1

libcurl4-7.66.0-4.11.1

Container suse/sles/15.2/virt-operator:0.38.1

libcurl4-7.66.0-4.11.1

Container suse/sles/15.3/cdi-apiserver:1.37.1

libcurl4-7.66.0-4.11.1

Container suse/sles/15.3/cdi-cloner:1.37.1

libcurl4-7.66.0-4.11.1

Container suse/sles/15.3/cdi-controller:1.37.1

libcurl4-7.66.0-4.11.1

Container suse/sles/15.3/cdi-importer:1.37.1

libcurl4-7.66.0-4.11.1

Container suse/sles/15.3/cdi-operator:1.37.1

libcurl4-7.66.0-4.11.1

Container suse/sles/15.3/cdi-uploadproxy:1.37.1

libcurl4-7.66.0-4.11.1

Container suse/sles/15.3/cdi-uploadserver:1.37.1

libcurl4-7.66.0-4.11.1

Container suse/sles/15.3/libguestfs-tools:0.45.0

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Container suse/sles/15.3/virt-api:0.45.0

libcurl4-7.66.0-4.11.1

Container suse/sles/15.3/virt-controller:0.45.0

libcurl4-7.66.0-4.11.1

Container suse/sles/15.3/virt-handler:0.45.0

libcurl4-7.66.0-4.11.1

Container suse/sles/15.3/virt-launcher:0.45.0

libcurl4-7.66.0-4.11.1

Container suse/sles/15.3/virt-operator:0.45.0

libcurl4-7.66.0-4.11.1

Container trento/trento-db:latest

libcurl4-7.66.0-4.11.1

Container trento/trento-runner:latest

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-Azure-Basic

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-Azure-Standard

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-BYOS-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-BYOS-EC2-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-BYOS-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-CHOST-BYOS-Aliyun

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-CHOST-BYOS-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-CHOST-BYOS-EC2

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-CHOST-BYOS-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-EC2-ECS-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-EC2-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-HPC-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-HPC-BYOS-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-HPC-BYOS-EC2-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-SAP-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-SAP-BYOS-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-SAP-BYOS-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-SAP-EC2-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP2-SAP-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-BYOS-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-BYOS-EC2-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-BYOS-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-CHOST-BYOS-Aliyun

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-CHOST-BYOS-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-CHOST-BYOS-EC2

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-CHOST-BYOS-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-EC2-ECS-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-EC2-HVM

curl-7.66.0-4.11.1

libcurl-devel-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

libcurl4-32bit-7.66.0-4.11.1

Image SLES15-SP3-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-HPC-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-HPC-BYOS-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-HPC-BYOS-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-Micro-5-1-BYOS-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-Micro-5-1-BYOS-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-Micro-5-2-BYOS-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-Micro-5-2-BYOS-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-Micro-BYOS-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-SAP-Azure

curl-7.66.0-4.11.1

libcurl-devel-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

libcurl4-32bit-7.66.0-4.11.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-SAP-BYOS-Azure

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-SAP-BYOS-GCE

curl-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

Image SLES15-SP3-SAP-EC2-HVM

curl-7.66.0-4.11.1

libcurl-devel-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

libcurl4-32bit-7.66.0-4.11.1

Image SLES15-SP3-SAP-GCE

curl-7.66.0-4.11.1

libcurl-devel-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

libcurl4-32bit-7.66.0-4.11.1

Image SLES15-SP3-SAPCAL-Azure

curl-7.66.0-4.11.1

libcurl-devel-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

libcurl4-32bit-7.66.0-4.11.1

Image SLES15-SP3-SAPCAL-EC2-HVM

curl-7.66.0-4.11.1

libcurl-devel-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

libcurl4-32bit-7.66.0-4.11.1

Image SLES15-SP3-SAPCAL-GCE

curl-7.66.0-4.11.1

libcurl-devel-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

libcurl4-32bit-7.66.0-4.11.1

SUSE Linux Enterprise Module for Basesystem 15 SP2

curl-7.66.0-4.11.1

libcurl-devel-7.66.0-4.11.1

libcurl4-7.66.0-4.11.1

libcurl4-32bit-7.66.0-4.11.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20203735-1/
Link for SUSE-SU-2020:3735-1
https://lists.suse.com/pipermail/sle-security-updates/2020-December/007954.html
E-Mail link for SUSE-SU-2020:3735-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1179398
SUSE Bug 1179398
https://bugzilla.suse.com/1179399
SUSE Bug 1179399
https://bugzilla.suse.com/1179593
SUSE Bug 1179593
https://www.suse.com/security/cve/CVE-2020-8284/
SUSE CVE CVE-2020-8284 page
https://www.suse.com/security/cve/CVE-2020-8285/
SUSE CVE CVE-2020-8285 page
https://www.suse.com/security/cve/CVE-2020-8286/
SUSE CVE CVE-2020-8286 page

Описание

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

Затронутые продукты

Container bci/bci-init:15.3:libcurl4-7.66.0-4.11.1

Container bci/dotnet-aspnet:3.1:libcurl4-7.66.0-4.11.1

Container bci/dotnet-aspnet:5.0:libcurl4-7.66.0-4.11.1

Container bci/dotnet-aspnet:latest:libcurl4-7.66.0-4.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8284.html
CVE-2020-8284
https://bugzilla.suse.com/1179398
SUSE Bug 1179398
https://bugzilla.suse.com/1179399
SUSE Bug 1179399
https://bugzilla.suse.com/1186108
SUSE Bug 1186108

Описание

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

Затронутые продукты

Container bci/bci-init:15.3:libcurl4-7.66.0-4.11.1

Container bci/dotnet-aspnet:3.1:libcurl4-7.66.0-4.11.1

Container bci/dotnet-aspnet:5.0:libcurl4-7.66.0-4.11.1

Container bci/dotnet-aspnet:latest:libcurl4-7.66.0-4.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8285.html
CVE-2020-8285
https://bugzilla.suse.com/1179399
SUSE Bug 1179399
https://bugzilla.suse.com/1186108
SUSE Bug 1186108

Описание

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

Затронутые продукты

Container bci/bci-init:15.3:libcurl4-7.66.0-4.11.1

Container bci/dotnet-aspnet:3.1:libcurl4-7.66.0-4.11.1

Container bci/dotnet-aspnet:5.0:libcurl4-7.66.0-4.11.1

Container bci/dotnet-aspnet:latest:libcurl4-7.66.0-4.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8286.html
CVE-2020-8286
https://bugzilla.suse.com/1179593
SUSE Bug 1179593
https://bugzilla.suse.com/1186108
SUSE Bug 1186108