Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593).
Список пакетов
Container bci/bci-init:15.3
libcurl4-7.66.0-150200.4.39.1
Container bci/node:12
libcurl4-7.66.0-150200.4.39.1
Container bci/python:3
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Container ses/7.1/ceph/grafana:latest
libcurl4-7.66.0-150200.4.39.1
Container ses/7.1/ceph/haproxy:latest
libcurl4-7.66.0-150200.4.39.1
Container ses/7.1/ceph/keepalived:latest
libcurl4-7.66.0-150200.4.39.1
Container ses/7.1/ceph/prometheus-alertmanager:latest
libcurl4-7.66.0-150200.4.39.1
Container ses/7.1/ceph/prometheus-node-exporter:latest
libcurl4-7.66.0-150200.4.39.1
Container ses/7.1/ceph/prometheus-server:latest
libcurl4-7.66.0-150200.4.39.1
Container ses/7.1/ceph/prometheus-snmp_notifier:latest
libcurl4-7.66.0-150200.4.39.1
Container ses/7.1/cephcsi/cephcsi:latest
libcurl4-7.66.0-150200.4.39.1
Container ses/7.1/cephcsi/csi-attacher:v4.1.0
libcurl4-7.66.0-150200.4.39.1
Container ses/7.1/cephcsi/csi-node-driver-registrar:v2.7.0
libcurl4-7.66.0-150200.4.39.1
Container ses/7.1/cephcsi/csi-provisioner:v3.4.0
libcurl4-7.66.0-150200.4.39.1
Container ses/7.1/cephcsi/csi-resizer:v1.7.0
libcurl4-7.66.0-150200.4.39.1
Container ses/7.1/cephcsi/csi-snapshotter:v6.2.1
libcurl4-7.66.0-150200.4.39.1
Container ses/7.1/rook/ceph:latest
libcurl4-7.66.0-150200.4.39.1
Container suse/ltss/sle15.3/bci-base:latest
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Container suse/sle-micro-rancher/5.2:latest
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Container suse/sle-micro/5.1/toolbox:latest
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Container suse/sle-micro/5.2/toolbox:latest
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Container suse/sle15:15.2
libcurl4-7.66.0-150200.4.39.1
Container suse/sle15:15.3
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Container trento/trento-db:latest
libcurl4-7.66.0-150200.4.39.1
Container trento/trento-runner:latest
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP2-BYOS-Azure
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP2-BYOS-EC2-HVM
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP2-BYOS-GCE
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP2-HPC-BYOS-Azure
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP2-HPC-BYOS-EC2-HVM
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP2-SAP-Azure
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP2-SAP-BYOS-Azure
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP2-SAP-BYOS-GCE
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP2-SAP-EC2-HVM
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP2-SAP-GCE
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-BYOS-Azure
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-BYOS-EC2-HVM
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-BYOS-GCE
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-CHOST-BYOS-Azure
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-CHOST-BYOS-EC2
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-CHOST-BYOS-GCE
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-HPC-BYOS-Azure
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-HPC-BYOS-GCE
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-Micro-5-1-BYOS-Azure
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-Micro-5-1-BYOS-GCE
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-Micro-5-2-BYOS-Azure
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-Micro-5-2-BYOS-GCE
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-SAP-BYOS-Azure
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-SAP-BYOS-GCE
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Image SLES15-SP3-SAPCAL-Azure
curl-7.66.0-150200.4.39.1
libcurl-devel-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
libcurl4-32bit-7.66.0-150200.4.39.1
Image SLES15-SP3-SAPCAL-EC2-HVM
curl-7.66.0-150200.4.39.1
libcurl-devel-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
libcurl4-32bit-7.66.0-150200.4.39.1
Image SLES15-SP3-SAPCAL-GCE
curl-7.66.0-150200.4.39.1
libcurl-devel-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
libcurl4-32bit-7.66.0-150200.4.39.1
SUSE Linux Enterprise Micro 5.1
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
SUSE Linux Enterprise Micro 5.2
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
curl-7.66.0-150200.4.39.1
libcurl-devel-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
libcurl4-32bit-7.66.0-150200.4.39.1
openSUSE Leap 15.3
curl-7.66.0-150200.4.39.1
libcurl-devel-7.66.0-150200.4.39.1
libcurl-devel-32bit-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
libcurl4-32bit-7.66.0-150200.4.39.1
openSUSE Leap Micro 5.2
curl-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
Ссылки
- Link for SUSE-SU-2022:3004-1
- E-Mail link for SUSE-SU-2022:3004-1
- SUSE Security Ratings
- SUSE Bug 1202593
- SUSE CVE CVE-2022-35252 page
Описание
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
Затронутые продукты
Container bci/bci-init:15.3:libcurl4-7.66.0-150200.4.39.1
Container bci/node:12:libcurl4-7.66.0-150200.4.39.1
Container bci/python:3:curl-7.66.0-150200.4.39.1
Container bci/python:3:libcurl4-7.66.0-150200.4.39.1
Ссылки
- CVE-2022-35252
- SUSE Bug 1202593