Описание
Security update for curl
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
-
Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
- tool_getparam: fix --ftp-pasv [5f805ee]
-
Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
- TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
- websocket: add option to disable auto-pong reply.
- huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
Список пакетов
Container bci/php-apache:latest
libbrotlienc1-1.0.7-150200.3.5.1
Container private-registry/harbor-nginx:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container private-registry/harbor-portal:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container private-registry/harbor-trivy-adapter:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container suse/git:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container suse/kiosk/firefox-esr:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container suse/kiosk/pulseaudio:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container suse/kiosk/xorg-client:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container suse/kiosk/xorg:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container suse/manager/4.3/proxy-httpd:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
Container suse/manager/4.3/proxy-salt-broker:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container suse/sle-micro-rancher/5.2:latest
curl-8.14.1-150200.4.91.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libcurl4-8.14.1-150200.4.91.1
Container suse/sle-micro-rancher/5.3:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container suse/sle-micro-rancher/5.4:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container suse/sle-micro/5.5:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container suse/sle-micro/base-5.5:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container suse/sle-micro/kvm-5.5:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Container suse/sle-micro/rt-5.5:latest
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Image SLES15-SP6-SAP
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
Image SLES15-SP6-SAP-GCE
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
Image SLES15-SP6-SAP-Hardened
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Image SLES15-SP6-SAP-Hardened-GCE
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
Image SLES15-SP6-SAPCAL
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
Image SLES15-SP6-SAPCAL-GCE
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
SUSE Enterprise Storage 7.1
curl-8.14.1-150200.4.91.1
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
libcurl-devel-8.14.1-150200.4.91.1
libcurl4-8.14.1-150200.4.91.1
libcurl4-32bit-8.14.1-150200.4.91.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
curl-8.14.1-150200.4.91.1
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
libcurl-devel-8.14.1-150200.4.91.1
libcurl4-8.14.1-150200.4.91.1
libcurl4-32bit-8.14.1-150200.4.91.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
SUSE Linux Enterprise Micro 5.1
curl-8.14.1-150200.4.91.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libcurl4-8.14.1-150200.4.91.1
SUSE Linux Enterprise Micro 5.2
curl-8.14.1-150200.4.91.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libcurl4-8.14.1-150200.4.91.1
SUSE Linux Enterprise Micro 5.3
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
SUSE Linux Enterprise Micro 5.4
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
SUSE Linux Enterprise Micro 5.5
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
SUSE Linux Enterprise Server 15 SP3-LTSS
curl-8.14.1-150200.4.91.1
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
libcurl-devel-8.14.1-150200.4.91.1
libcurl4-8.14.1-150200.4.91.1
libcurl4-32bit-8.14.1-150200.4.91.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
SUSE Linux Enterprise Server 15 SP5-LTSS
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
curl-8.14.1-150200.4.91.1
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
libcurl-devel-8.14.1-150200.4.91.1
libcurl4-8.14.1-150200.4.91.1
libcurl4-32bit-8.14.1-150200.4.91.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
SUSE Manager Proxy LTS 4.3
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
SUSE Manager Server LTS 4.3
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
openSUSE Leap 15.6
brotli-1.0.7-150200.3.5.1
libbrotli-devel-1.0.7-150200.3.5.1
libbrotlicommon1-1.0.7-150200.3.5.1
libbrotlicommon1-32bit-1.0.7-150200.3.5.1
libbrotlidec1-1.0.7-150200.3.5.1
libbrotlidec1-32bit-1.0.7-150200.3.5.1
libbrotlienc1-1.0.7-150200.3.5.1
libbrotlienc1-32bit-1.0.7-150200.3.5.1
Ссылки
- Link for SUSE-SU-2025:03268-1
- E-Mail link for SUSE-SU-2025:03268-1
- SUSE Security Ratings
- SUSE Bug 1246197
- SUSE Bug 1249191
- SUSE Bug 1249348
- SUSE Bug 1249367
- SUSE CVE CVE-2025-10148 page
- SUSE CVE CVE-2025-9086 page
Описание
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.
Затронутые продукты
Container bci/php-apache:latest:libbrotlienc1-1.0.7-150200.3.5.1
Container private-registry/harbor-nginx:latest:libbrotlicommon1-1.0.7-150200.3.5.1
Container private-registry/harbor-nginx:latest:libbrotlidec1-1.0.7-150200.3.5.1
Container private-registry/harbor-portal:latest:libbrotlicommon1-1.0.7-150200.3.5.1
Ссылки
- CVE-2025-10148
- SUSE Bug 1249348
Описание
1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.
Затронутые продукты
Container bci/php-apache:latest:libbrotlienc1-1.0.7-150200.3.5.1
Container private-registry/harbor-nginx:latest:libbrotlicommon1-1.0.7-150200.3.5.1
Container private-registry/harbor-nginx:latest:libbrotlidec1-1.0.7-150200.3.5.1
Container private-registry/harbor-portal:latest:libbrotlicommon1-1.0.7-150200.3.5.1
Ссылки
- CVE-2025-9086
- SUSE Bug 1249191