Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
Список пакетов
Container bci/bci-init:15.3
libcurl4-7.66.0-150200.4.42.1
Container bci/node:12
libcurl4-7.66.0-150200.4.42.1
Container bci/python:3
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Container ses/7.1/ceph/grafana:latest
libcurl4-7.66.0-150200.4.42.1
Container ses/7.1/ceph/haproxy:latest
libcurl4-7.66.0-150200.4.42.1
Container ses/7.1/ceph/keepalived:latest
libcurl4-7.66.0-150200.4.42.1
Container ses/7.1/ceph/prometheus-alertmanager:latest
libcurl4-7.66.0-150200.4.42.1
Container ses/7.1/ceph/prometheus-node-exporter:latest
libcurl4-7.66.0-150200.4.42.1
Container ses/7.1/ceph/prometheus-server:latest
libcurl4-7.66.0-150200.4.42.1
Container ses/7.1/ceph/prometheus-snmp_notifier:latest
libcurl4-7.66.0-150200.4.42.1
Container ses/7.1/cephcsi/cephcsi:latest
libcurl4-7.66.0-150200.4.42.1
Container ses/7.1/cephcsi/csi-attacher:v4.1.0
libcurl4-7.66.0-150200.4.42.1
Container ses/7.1/cephcsi/csi-node-driver-registrar:v2.7.0
libcurl4-7.66.0-150200.4.42.1
Container ses/7.1/cephcsi/csi-provisioner:v3.4.0
libcurl4-7.66.0-150200.4.42.1
Container ses/7.1/cephcsi/csi-resizer:v1.7.0
libcurl4-7.66.0-150200.4.42.1
Container ses/7.1/cephcsi/csi-snapshotter:v6.2.1
libcurl4-7.66.0-150200.4.42.1
Container ses/7.1/rook/ceph:latest
libcurl4-7.66.0-150200.4.42.1
Container suse/ltss/sle15.3/bci-base:latest
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Container suse/sle-micro-rancher/5.2:latest
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Container suse/sle-micro/5.1/toolbox:latest
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Container suse/sle-micro/5.2/toolbox:latest
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Container suse/sle15:15.2
libcurl4-7.66.0-150200.4.42.1
Container suse/sle15:15.3
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Container trento/trento-db:latest
libcurl4-7.66.0-150200.4.42.1
Container trento/trento-runner:latest
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP2-BYOS-Azure
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP2-BYOS-EC2-HVM
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP2-BYOS-GCE
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP2-HPC-BYOS-Azure
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP2-HPC-BYOS-EC2-HVM
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP2-SAP-Azure
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP2-SAP-BYOS-Azure
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP2-SAP-BYOS-GCE
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP2-SAP-EC2-HVM
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP2-SAP-GCE
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-BYOS-Azure
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-BYOS-EC2-HVM
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-BYOS-GCE
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-CHOST-BYOS-Azure
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-CHOST-BYOS-EC2
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-CHOST-BYOS-GCE
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-HPC-BYOS-Azure
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-HPC-BYOS-GCE
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-Micro-5-1-BYOS-Azure
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-Micro-5-1-BYOS-GCE
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-Micro-5-2-BYOS-Azure
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-Micro-5-2-BYOS-GCE
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-SAP-BYOS-Azure
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-SAP-BYOS-GCE
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Image SLES15-SP3-SAPCAL-Azure
curl-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
Image SLES15-SP3-SAPCAL-EC2-HVM
curl-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
Image SLES15-SP3-SAPCAL-GCE
curl-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
SUSE Enterprise Storage 7
curl-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
curl-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
curl-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
SUSE Linux Enterprise Micro 5.1
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
SUSE Linux Enterprise Micro 5.2
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
curl-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
SUSE Linux Enterprise Server 15 SP2-BCL
curl-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
SUSE Linux Enterprise Server 15 SP2-LTSS
curl-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
curl-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
SUSE Manager Proxy 4.1
curl-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
SUSE Manager Retail Branch Server 4.1
curl-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
SUSE Manager Server 4.1
curl-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
openSUSE Leap 15.3
curl-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl-devel-32bit-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
openSUSE Leap Micro 5.2
curl-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
Ссылки
- Link for SUSE-SU-2022:3773-1
- E-Mail link for SUSE-SU-2022:3773-1
- SUSE Security Ratings
- SUSE Bug 1204383
- SUSE CVE CVE-2022-32221 page
Описание
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
Затронутые продукты
Container bci/bci-init:15.3:libcurl4-7.66.0-150200.4.42.1
Container bci/node:12:libcurl4-7.66.0-150200.4.42.1
Container bci/python:3:curl-7.66.0-150200.4.42.1
Container bci/python:3:libcurl4-7.66.0-150200.4.42.1
Ссылки
- CVE-2022-32221
- SUSE Bug 1204383
- SUSE Bug 1205287
- SUSE Bug 1205834
- SUSE Bug 1206236
- SUSE Bug 1208340
- SUSE Bug 1211233