Описание
Security update for curl
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
-
Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
- tool_getparam: fix --ftp-pasv [5f805ee]
-
Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
- TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
- websocket: add option to disable auto-pong reply.
- huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
Список пакетов
Container suse/manager/4.3/proxy-httpd:latest
Container suse/manager/4.3/proxy-salt-broker:latest
Container suse/sle-micro-rancher/5.3:latest
Container suse/sle-micro-rancher/5.4:latest
Container suse/sle-micro/5.5:latest
Container suse/sle-micro/base-5.5:latest
Container suse/sle-micro/kvm-5.5:latest
Container suse/sle-micro/rt-5.5:latest
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
SUSE Linux Enterprise Installer Updates 15 SP4
SUSE Linux Enterprise Installer Updates 15 SP5
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Micro 5.4
SUSE Linux Enterprise Micro 5.5
SUSE Linux Enterprise Server 15 SP4-LTSS
SUSE Linux Enterprise Server 15 SP5-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Manager Proxy LTS 4.3
SUSE Manager Server LTS 4.3
Ссылки
- Link for SUSE-SU-2025:03267-1
- E-Mail link for SUSE-SU-2025:03267-1
- SUSE Security Ratings
- SUSE Bug 1246197
- SUSE Bug 1249191
- SUSE Bug 1249348
- SUSE Bug 1249367
- SUSE CVE CVE-2025-10148 page
- SUSE CVE CVE-2025-9086 page
Описание
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.
Затронутые продукты
Ссылки
- CVE-2025-10148
- SUSE Bug 1249348
Описание
1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.
Затронутые продукты
Ссылки
- CVE-2025-9086
- SUSE Bug 1249191