Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
Список пакетов
Container suse/sles12sp3:latest
HPE Helion OpenStack 8
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Ссылки
- Link for SUSE-SU-2022:1733-1
- E-Mail link for SUSE-SU-2022:1733-1
- SUSE Security Ratings
- SUSE Bug 1199223
- SUSE Bug 1199224
- SUSE CVE CVE-2022-27781 page
- SUSE CVE CVE-2022-27782 page
Описание
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
Затронутые продукты
Ссылки
- CVE-2022-27781
- SUSE Bug 1199223
Описание
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
Затронутые продукты
Ссылки
- CVE-2022-27782
- SUSE Bug 1199224
- SUSE Bug 1200694
- SUSE Bug 1203786
- SUSE Bug 1205070
- SUSE Bug 1209214