SUSE-SU-2022:1870-1

Опубликовано: 27 мая 2022

Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)

Список пакетов

Container bci/bci-init:15.3

libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-aspnet:3.1

libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-aspnet:5.0

libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-aspnet:latest

libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-runtime:3.1

libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-runtime:5.0

libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-runtime:latest

libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-sdk:3.1

libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-sdk:5.0

libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-sdk:latest

libcurl4-7.66.0-150200.4.33.1

Container bci/golang:1.16

libcurl4-7.66.0-150200.4.33.1

Container bci/golang:1.17

libcurl4-7.66.0-150200.4.33.1

Container bci/golang:latest

libcurl4-7.66.0-150200.4.33.1

Container bci/node:12

libcurl4-7.66.0-150200.4.33.1

Container bci/node:14

libcurl4-7.66.0-150200.4.33.1

Container bci/nodejs:latest

libcurl4-7.66.0-150200.4.33.1

Container bci/openjdk-devel:11

libcurl4-7.66.0-150200.4.33.1

Container bci/openjdk:latest

libcurl4-7.66.0-150200.4.33.1

Container bci/python:3

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Container bci/ruby:latest

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Container ses/7.1/ceph/grafana:latest

libcurl4-7.66.0-150200.4.33.1

Container ses/7.1/ceph/haproxy:latest

libcurl4-7.66.0-150200.4.33.1

Container ses/7.1/ceph/keepalived:latest

libcurl4-7.66.0-150200.4.33.1

Container ses/7.1/ceph/prometheus-alertmanager:latest

libcurl4-7.66.0-150200.4.33.1

Container ses/7.1/ceph/prometheus-node-exporter:latest

libcurl4-7.66.0-150200.4.33.1

Container ses/7.1/ceph/prometheus-server:latest

libcurl4-7.66.0-150200.4.33.1

Container ses/7.1/ceph/prometheus-snmp_notifier:latest

libcurl4-7.66.0-150200.4.33.1

Container ses/7.1/cephcsi/cephcsi:latest

libcurl4-7.66.0-150200.4.33.1

Container ses/7.1/cephcsi/csi-attacher:v4.1.0

libcurl4-7.66.0-150200.4.33.1

Container ses/7.1/cephcsi/csi-node-driver-registrar:v2.7.0

libcurl4-7.66.0-150200.4.33.1

Container ses/7.1/cephcsi/csi-provisioner:v3.4.0

libcurl4-7.66.0-150200.4.33.1

Container ses/7.1/cephcsi/csi-resizer:v1.7.0

libcurl4-7.66.0-150200.4.33.1

Container ses/7.1/cephcsi/csi-snapshotter:v6.2.1

libcurl4-7.66.0-150200.4.33.1

Container ses/7.1/rook/ceph:latest

libcurl4-7.66.0-150200.4.33.1

Container suse/ltss/sle15.3/bci-base:latest

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Container suse/pcp:latest

libcurl4-7.66.0-150200.4.33.1

Container suse/rmt-mariadb-client:latest

libcurl4-7.66.0-150200.4.33.1

Container suse/rmt-nginx:latest

libcurl4-7.66.0-150200.4.33.1

Container suse/sle-micro-rancher/5.2:latest

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Container suse/sle-micro/5.1/toolbox:latest

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Container suse/sle-micro/5.2/toolbox:latest

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Container suse/sle15:15.2

libcurl4-7.66.0-150200.4.33.1

Container suse/sle15:15.3

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Container trento/trento-db:latest

libcurl4-7.66.0-150200.4.33.1

Container trento/trento-runner:latest

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-BYOS-Azure

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-BYOS-EC2-HVM

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-BYOS-GCE

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-CHOST-BYOS-Aliyun

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-CHOST-BYOS-Azure

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-CHOST-BYOS-EC2

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-CHOST-BYOS-GCE

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-HPC-BYOS-Azure

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-HPC-BYOS-EC2-HVM

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-SAP-Azure

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-SAP-BYOS-Azure

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-SAP-BYOS-GCE

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-SAP-EC2-HVM

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP2-SAP-GCE

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-BYOS-Azure

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-BYOS-EC2-HVM

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-BYOS-GCE

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-CHOST-BYOS-Aliyun

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-CHOST-BYOS-Azure

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-CHOST-BYOS-EC2

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-CHOST-BYOS-GCE

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-HPC-BYOS-Azure

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-HPC-BYOS-GCE

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-Micro-5-1-BYOS-Azure

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-Micro-5-1-BYOS-GCE

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-Micro-5-2-BYOS-Azure

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-Micro-5-2-BYOS-GCE

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-SAP-BYOS-Azure

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-SAP-BYOS-GCE

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

Image SLES15-SP3-SAPCAL-Azure

curl-7.66.0-150200.4.33.1

libcurl-devel-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

libcurl4-32bit-7.66.0-150200.4.33.1

Image SLES15-SP3-SAPCAL-EC2-HVM

curl-7.66.0-150200.4.33.1

libcurl-devel-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

libcurl4-32bit-7.66.0-150200.4.33.1

Image SLES15-SP3-SAPCAL-GCE

curl-7.66.0-150200.4.33.1

libcurl-devel-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

libcurl4-32bit-7.66.0-150200.4.33.1

SUSE Enterprise Storage 7

curl-7.66.0-150200.4.33.1

libcurl-devel-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

libcurl4-32bit-7.66.0-150200.4.33.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

curl-7.66.0-150200.4.33.1

libcurl-devel-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

libcurl4-32bit-7.66.0-150200.4.33.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

curl-7.66.0-150200.4.33.1

libcurl-devel-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

libcurl4-32bit-7.66.0-150200.4.33.1

SUSE Linux Enterprise Micro 5.1

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

SUSE Linux Enterprise Micro 5.2

curl-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

SUSE Linux Enterprise Module for Basesystem 15 SP3

curl-7.66.0-150200.4.33.1

libcurl-devel-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

libcurl4-32bit-7.66.0-150200.4.33.1

SUSE Linux Enterprise Server 15 SP2-BCL

curl-7.66.0-150200.4.33.1

libcurl-devel-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

libcurl4-32bit-7.66.0-150200.4.33.1

SUSE Linux Enterprise Server 15 SP2-LTSS

curl-7.66.0-150200.4.33.1

libcurl-devel-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

libcurl4-32bit-7.66.0-150200.4.33.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

curl-7.66.0-150200.4.33.1

libcurl-devel-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

libcurl4-32bit-7.66.0-150200.4.33.1

SUSE Manager Proxy 4.1

curl-7.66.0-150200.4.33.1

libcurl-devel-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

libcurl4-32bit-7.66.0-150200.4.33.1

SUSE Manager Retail Branch Server 4.1

curl-7.66.0-150200.4.33.1

libcurl-devel-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

libcurl4-32bit-7.66.0-150200.4.33.1

SUSE Manager Server 4.1

curl-7.66.0-150200.4.33.1

libcurl-devel-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

libcurl4-32bit-7.66.0-150200.4.33.1

openSUSE Leap 15.3

curl-7.66.0-150200.4.33.1

libcurl-devel-7.66.0-150200.4.33.1

libcurl-devel-32bit-7.66.0-150200.4.33.1

libcurl4-7.66.0-150200.4.33.1

libcurl4-32bit-7.66.0-150200.4.33.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20221870-1/
Link for SUSE-SU-2022:1870-1
https://lists.suse.com/pipermail/sle-security-updates/2022-May/011171.html
E-Mail link for SUSE-SU-2022:1870-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1199223
SUSE Bug 1199223
https://bugzilla.suse.com/1199224
SUSE Bug 1199224
https://www.suse.com/security/cve/CVE-2022-27781/
SUSE CVE CVE-2022-27781 page
https://www.suse.com/security/cve/CVE-2022-27782/
SUSE CVE CVE-2022-27782 page

Описание

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

Затронутые продукты

Container bci/bci-init:15.3:libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-aspnet:3.1:libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-aspnet:5.0:libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-aspnet:latest:libcurl4-7.66.0-150200.4.33.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-27781.html
CVE-2022-27781
https://bugzilla.suse.com/1199223
SUSE Bug 1199223

Описание

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

Затронутые продукты

Container bci/bci-init:15.3:libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-aspnet:3.1:libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-aspnet:5.0:libcurl4-7.66.0-150200.4.33.1

Container bci/dotnet-aspnet:latest:libcurl4-7.66.0-150200.4.33.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-27782.html
CVE-2022-27782
https://bugzilla.suse.com/1199224
SUSE Bug 1199224
https://bugzilla.suse.com/1200694
SUSE Bug 1200694
https://bugzilla.suse.com/1203786
SUSE Bug 1203786
https://bugzilla.suse.com/1205070
SUSE Bug 1205070
https://bugzilla.suse.com/1209214
SUSE Bug 1209214