SUSE-SU-2022:2327-1

Опубликовано: 07 июл. 2022

Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)

Список пакетов

Container bci/bci-init:15.3

libcurl4-7.66.0-150200.4.36.1

Container bci/node:12

libcurl4-7.66.0-150200.4.36.1

Container bci/python:3

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Container ses/7.1/ceph/grafana:latest

libcurl4-7.66.0-150200.4.36.1

Container ses/7.1/ceph/haproxy:latest

libcurl4-7.66.0-150200.4.36.1

Container ses/7.1/ceph/keepalived:latest

libcurl4-7.66.0-150200.4.36.1

Container ses/7.1/ceph/prometheus-alertmanager:latest

libcurl4-7.66.0-150200.4.36.1

Container ses/7.1/ceph/prometheus-node-exporter:latest

libcurl4-7.66.0-150200.4.36.1

Container ses/7.1/ceph/prometheus-server:latest

libcurl4-7.66.0-150200.4.36.1

Container ses/7.1/ceph/prometheus-snmp_notifier:latest

libcurl4-7.66.0-150200.4.36.1

Container ses/7.1/cephcsi/cephcsi:latest

libcurl4-7.66.0-150200.4.36.1

Container ses/7.1/cephcsi/csi-attacher:v4.1.0

libcurl4-7.66.0-150200.4.36.1

Container ses/7.1/cephcsi/csi-node-driver-registrar:v2.7.0

libcurl4-7.66.0-150200.4.36.1

Container ses/7.1/cephcsi/csi-provisioner:v3.4.0

libcurl4-7.66.0-150200.4.36.1

Container ses/7.1/cephcsi/csi-resizer:v1.7.0

libcurl4-7.66.0-150200.4.36.1

Container ses/7.1/cephcsi/csi-snapshotter:v6.2.1

libcurl4-7.66.0-150200.4.36.1

Container ses/7.1/rook/ceph:latest

libcurl4-7.66.0-150200.4.36.1

Container suse/ltss/sle15.3/bci-base:latest

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Container suse/sle-micro-rancher/5.2:latest

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Container suse/sle-micro/5.1/toolbox:latest

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Container suse/sle-micro/5.2/toolbox:latest

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Container suse/sle15:15.2

libcurl4-7.66.0-150200.4.36.1

Container suse/sle15:15.3

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Container trento/trento-db:latest

libcurl4-7.66.0-150200.4.36.1

Container trento/trento-runner:latest

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-BYOS-Azure

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-BYOS-EC2-HVM

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-BYOS-GCE

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-CHOST-BYOS-Aliyun

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-CHOST-BYOS-Azure

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-CHOST-BYOS-EC2

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-CHOST-BYOS-GCE

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-HPC-BYOS-Azure

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-HPC-BYOS-EC2-HVM

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-SAP-Azure

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-SAP-BYOS-Azure

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-SAP-BYOS-GCE

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-SAP-EC2-HVM

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP2-SAP-GCE

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-BYOS-Azure

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-BYOS-EC2-HVM

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-BYOS-GCE

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-CHOST-BYOS-Aliyun

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-CHOST-BYOS-Azure

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-CHOST-BYOS-EC2

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-CHOST-BYOS-GCE

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-HPC-BYOS-Azure

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-HPC-BYOS-GCE

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-Micro-5-1-BYOS-Azure

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-Micro-5-1-BYOS-GCE

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-Micro-5-2-BYOS-Azure

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-Micro-5-2-BYOS-GCE

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-SAP-BYOS-Azure

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-SAP-BYOS-GCE

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

Image SLES15-SP3-SAPCAL-Azure

curl-7.66.0-150200.4.36.1

libcurl-devel-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

libcurl4-32bit-7.66.0-150200.4.36.1

Image SLES15-SP3-SAPCAL-EC2-HVM

curl-7.66.0-150200.4.36.1

libcurl-devel-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

libcurl4-32bit-7.66.0-150200.4.36.1

Image SLES15-SP3-SAPCAL-GCE

curl-7.66.0-150200.4.36.1

libcurl-devel-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

libcurl4-32bit-7.66.0-150200.4.36.1

SUSE Enterprise Storage 7

curl-7.66.0-150200.4.36.1

libcurl-devel-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

libcurl4-32bit-7.66.0-150200.4.36.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

curl-7.66.0-150200.4.36.1

libcurl-devel-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

libcurl4-32bit-7.66.0-150200.4.36.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

curl-7.66.0-150200.4.36.1

libcurl-devel-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

libcurl4-32bit-7.66.0-150200.4.36.1

SUSE Linux Enterprise Micro 5.1

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

SUSE Linux Enterprise Micro 5.2

curl-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

SUSE Linux Enterprise Module for Basesystem 15 SP3

curl-7.66.0-150200.4.36.1

libcurl-devel-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

libcurl4-32bit-7.66.0-150200.4.36.1

SUSE Linux Enterprise Server 15 SP2-BCL

curl-7.66.0-150200.4.36.1

libcurl-devel-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

libcurl4-32bit-7.66.0-150200.4.36.1

SUSE Linux Enterprise Server 15 SP2-LTSS

curl-7.66.0-150200.4.36.1

libcurl-devel-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

libcurl4-32bit-7.66.0-150200.4.36.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

curl-7.66.0-150200.4.36.1

libcurl-devel-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

libcurl4-32bit-7.66.0-150200.4.36.1

SUSE Manager Proxy 4.1

curl-7.66.0-150200.4.36.1

libcurl-devel-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

libcurl4-32bit-7.66.0-150200.4.36.1

SUSE Manager Retail Branch Server 4.1

curl-7.66.0-150200.4.36.1

libcurl-devel-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

libcurl4-32bit-7.66.0-150200.4.36.1

SUSE Manager Server 4.1

curl-7.66.0-150200.4.36.1

libcurl-devel-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

libcurl4-32bit-7.66.0-150200.4.36.1

openSUSE Leap 15.3

curl-7.66.0-150200.4.36.1

libcurl-devel-7.66.0-150200.4.36.1

libcurl-devel-32bit-7.66.0-150200.4.36.1

libcurl4-7.66.0-150200.4.36.1

libcurl4-32bit-7.66.0-150200.4.36.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20222327-1/
Link for SUSE-SU-2022:2327-1
https://lists.suse.com/pipermail/sle-security-updates/2022-July/011473.html
E-Mail link for SUSE-SU-2022:2327-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1200735
SUSE Bug 1200735
https://bugzilla.suse.com/1200737
SUSE Bug 1200737
https://www.suse.com/security/cve/CVE-2022-32206/
SUSE CVE CVE-2022-32206 page
https://www.suse.com/security/cve/CVE-2022-32208/
SUSE CVE CVE-2022-32208 page

Описание

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.

Затронутые продукты

Container bci/bci-init:15.3:libcurl4-7.66.0-150200.4.36.1

Container bci/node:12:libcurl4-7.66.0-150200.4.36.1

Container bci/python:3:curl-7.66.0-150200.4.36.1

Container bci/python:3:libcurl4-7.66.0-150200.4.36.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32206.html
CVE-2022-32206
https://bugzilla.suse.com/1200735
SUSE Bug 1200735
https://bugzilla.suse.com/1207992
SUSE Bug 1207992

Описание

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.

Затронутые продукты

Container bci/bci-init:15.3:libcurl4-7.66.0-150200.4.36.1

Container bci/node:12:libcurl4-7.66.0-150200.4.36.1

Container bci/python:3:curl-7.66.0-150200.4.36.1

Container bci/python:3:libcurl4-7.66.0-150200.4.36.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32208.html
CVE-2022-32208
https://bugzilla.suse.com/1200737
SUSE Bug 1200737