Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libcurl4-7.60.0-11.49.1
Container suse/sles12sp5:latest
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-Azure-BYOS
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-Azure-Basic-On-Demand
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-Azure-HPC-BYOS
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-Azure-HPC-On-Demand
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-Azure-SAP-BYOS
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-Azure-SAP-On-Demand
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-Azure-Standard-On-Demand
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-EC2-BYOS
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-EC2-ECS-On-Demand
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-EC2-On-Demand
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-EC2-SAP-BYOS
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-EC2-SAP-On-Demand
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-GCE-BYOS
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-GCE-On-Demand
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-GCE-SAP-BYOS
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-GCE-SAP-On-Demand
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
SUSE Linux Enterprise Server 12 SP5
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
libcurl4-32bit-7.60.0-11.49.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
curl-7.60.0-11.49.1
libcurl4-7.60.0-11.49.1
libcurl4-32bit-7.60.0-11.49.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libcurl-devel-7.60.0-11.49.1
Ссылки
- Link for SUSE-SU-2022:3769-1
- E-Mail link for SUSE-SU-2022:3769-1
- SUSE Security Ratings
- SUSE Bug 1204383
- SUSE CVE CVE-2022-32221 page
Описание
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libcurl4-7.60.0-11.49.1
Container suse/sles12sp5:latest:libcurl4-7.60.0-11.49.1
Image SLES12-SP5-Azure-BYOS:curl-7.60.0-11.49.1
Image SLES12-SP5-Azure-BYOS:libcurl4-7.60.0-11.49.1
Ссылки
- CVE-2022-32221
- SUSE Bug 1204383
- SUSE Bug 1205287
- SUSE Bug 1205834
- SUSE Bug 1206236
- SUSE Bug 1208340
- SUSE Bug 1211233