SUSE-SU-2024:4284-2

Опубликовано: 19 дек. 2024

Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-Azure-BYOS

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-Azure-HPC-BYOS

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-Azure-HPC-On-Demand

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-Azure-SAP-BYOS

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-Azure-SAP-On-Demand

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-Azure-Standard-On-Demand

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-EC2-BYOS

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-EC2-ECS-On-Demand

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-EC2-On-Demand

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-EC2-SAP-BYOS

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-EC2-SAP-On-Demand

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-GCE-BYOS

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-GCE-On-Demand

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-GCE-SAP-BYOS

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-GCE-SAP-On-Demand

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

curl-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

curl-8.0.1-11.101.1

libcurl-devel-8.0.1-11.101.1

libcurl4-8.0.1-11.101.1

libcurl4-32bit-8.0.1-11.101.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20244284-2/
Link for SUSE-SU-2024:4284-2
https://lists.suse.com/pipermail/sle-security-updates/2024-December/020031.html
E-Mail link for SUSE-SU-2024:4284-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1234068
SUSE Bug 1234068
https://www.suse.com/security/cve/CVE-2024-11053/
SUSE CVE CVE-2024-11053 page

Описание

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.

Затронутые продукты

Container suse/ltss/sle12.5/sles12sp5:latest:libcurl4-8.0.1-11.101.1

Image SLES12-SP5-Azure-BYOS:curl-8.0.1-11.101.1

Image SLES12-SP5-Azure-BYOS:libcurl4-8.0.1-11.101.1

Image SLES12-SP5-Azure-HPC-BYOS:curl-8.0.1-11.101.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-11053.html
CVE-2024-11053
https://bugzilla.suse.com/1234068
SUSE Bug 1234068

SUSE-SU-2024:4284-2

Описание

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Ссылки

Уязвимость: CVE-2024-11053

Описание

Затронутые продукты

Ссылки