Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:1805-1

Опубликовано: 23 мая 2022
Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

  • CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
  • CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest
libcurl4-7.60.0-11.40.2
Container suse/sles12sp5:latest
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-Azure-BYOS
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-Azure-Basic-On-Demand
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-Azure-HPC-BYOS
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-Azure-HPC-On-Demand
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-Azure-SAP-BYOS
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-Azure-SAP-On-Demand
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-Azure-Standard-On-Demand
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-EC2-BYOS
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-EC2-ECS-On-Demand
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-EC2-On-Demand
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-EC2-SAP-BYOS
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-EC2-SAP-On-Demand
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-GCE-BYOS
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-GCE-On-Demand
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-GCE-SAP-BYOS
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-GCE-SAP-On-Demand
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
SUSE Linux Enterprise Server 12 SP5
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
libcurl4-32bit-7.60.0-11.40.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
curl-7.60.0-11.40.2
libcurl4-7.60.0-11.40.2
libcurl4-32bit-7.60.0-11.40.2
SUSE Linux Enterprise Software Development Kit 12 SP5
libcurl-devel-7.60.0-11.40.2

Ссылки

Описание

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libcurl4-7.60.0-11.40.2
Container suse/sles12sp5:latest:libcurl4-7.60.0-11.40.2
Image SLES12-SP5-Azure-BYOS:curl-7.60.0-11.40.2
Image SLES12-SP5-Azure-BYOS:libcurl4-7.60.0-11.40.2
Ссылки

Описание

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libcurl4-7.60.0-11.40.2
Container suse/sles12sp5:latest:libcurl4-7.60.0-11.40.2
Image SLES12-SP5-Azure-BYOS:curl-7.60.0-11.40.2
Image SLES12-SP5-Azure-BYOS:libcurl4-7.60.0-11.40.2
Ссылки