Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
curl-7.37.0-37.85.1
libcurl4-7.37.0-37.85.1
libcurl4-32bit-7.37.0-37.85.1
SUSE Linux Enterprise Server 12 SP3-BCL
curl-7.37.0-37.85.1
libcurl4-7.37.0-37.85.1
libcurl4-32bit-7.37.0-37.85.1
Ссылки
- Link for SUSE-SU-2022:3770-1
- E-Mail link for SUSE-SU-2022:3770-1
- SUSE Security Ratings
- SUSE Bug 1204383
- SUSE CVE CVE-2022-32221 page
Описание
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:curl-7.37.0-37.85.1
SUSE Linux Enterprise Server 12 SP2-BCL:libcurl4-32bit-7.37.0-37.85.1
SUSE Linux Enterprise Server 12 SP2-BCL:libcurl4-7.37.0-37.85.1
SUSE Linux Enterprise Server 12 SP3-BCL:curl-7.37.0-37.85.1
Ссылки
- CVE-2022-32221
- SUSE Bug 1204383
- SUSE Bug 1205287
- SUSE Bug 1205834
- SUSE Bug 1206236
- SUSE Bug 1208340
- SUSE Bug 1211233