Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
- CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)
Список пакетов
Container bci/bci-sle15-kernel-module-devel:15.7
libcurl4-8.6.0-150600.4.21.1
Container bci/bci-sle15-kernel-module-devel:latest
libcurl4-8.6.0-150600.4.21.1
Container bci/gcc:latest
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/golang:1.22-openssl
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/golang:1.23
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/golang:latest
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/kiwi:latest
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/node:22
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/nodejs:latest
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/openjdk:17
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/openjdk:latest
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/php-apache:latest
libcurl4-8.6.0-150600.4.21.1
Container bci/php-fpm:latest
libcurl4-8.6.0-150600.4.21.1
Container bci/php:latest
libcurl4-8.6.0-150600.4.21.1
Container bci/python:3
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/python:3.13
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/python:latest
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/ruby:3
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/ruby:latest
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/rust:1.84
libcurl4-8.6.0-150600.4.21.1
Container bci/rust:latest
libcurl4-8.6.0-150600.4.21.1
Container bci/spack:0.23
curl-8.6.0-150600.4.21.1
libcurl-devel-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container bci/spack:latest
curl-8.6.0-150600.4.21.1
libcurl-devel-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container containers/milvus:2.4
libcurl4-8.6.0-150600.4.21.1
Container containers/open-webui:0
libcurl4-8.6.0-150600.4.21.1
Container containers/python:3.11
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container containers/python:3.9
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container containers/pytorch:2-nvidia
libcurl4-8.6.0-150600.4.21.1
Container containers/pytorch:2.5.0
libcurl4-8.6.0-150600.4.21.1
Container suse/git:latest
libcurl4-8.6.0-150600.4.21.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container suse/manager/5.0/x86_64/server:latest
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container suse/sle15:15.6
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container suse/sle15:15.7
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container suse/sles/15.7/cdi-cloner:1.58.0
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container suse/sles/15.7/cdi-importer:1.58.0
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container suse/sles/15.7/cdi-uploadserver:1.58.0
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container suse/sles/15.7/libguestfs-tools:1.4.0
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container suse/sles/15.7/virt-handler:1.4.0
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Container suse/sles/15.7/virt-launcher:1.4.0
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6-BYOS
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6-BYOS-GCE
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6-CHOST-BYOS
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6-CHOST-BYOS-Azure
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6-CHOST-BYOS-EC2
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6-CHOST-BYOS-GCE
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6-CHOST-BYOS-GDC
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6-GCE
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6-Hardened-BYOS
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6-Hardened-BYOS-GCE
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6-SAP-BYOS
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6-SAP-BYOS-EC2
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Image SLES15-SP6-SAP-BYOS-GCE
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
Image ai_15_6
libcurl4-8.6.0-150600.4.21.1
Image python_15_6
curl-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
curl-8.6.0-150600.4.21.1
libcurl-devel-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
libcurl4-32bit-8.6.0-150600.4.21.1
openSUSE Leap 15.6
curl-8.6.0-150600.4.21.1
libcurl-devel-8.6.0-150600.4.21.1
libcurl-devel-32bit-8.6.0-150600.4.21.1
libcurl4-8.6.0-150600.4.21.1
libcurl4-32bit-8.6.0-150600.4.21.1
Ссылки
- Link for SUSE-SU-2025:0369-1
- E-Mail link for SUSE-SU-2025:0369-1
- SUSE Security Ratings
- SUSE Bug 1236588
- SUSE Bug 1236590
- SUSE CVE CVE-2025-0167 page
- SUSE CVE CVE-2025-0725 page
Описание
When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.
Затронутые продукты
Container bci/bci-sle15-kernel-module-devel:15.7:libcurl4-8.6.0-150600.4.21.1
Container bci/bci-sle15-kernel-module-devel:latest:libcurl4-8.6.0-150600.4.21.1
Container bci/gcc:latest:curl-8.6.0-150600.4.21.1
Container bci/gcc:latest:libcurl4-8.6.0-150600.4.21.1
Ссылки
- CVE-2025-0167
- SUSE Bug 1234068
Описание
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.
Затронутые продукты
Container bci/bci-sle15-kernel-module-devel:15.7:libcurl4-8.6.0-150600.4.21.1
Container bci/bci-sle15-kernel-module-devel:latest:libcurl4-8.6.0-150600.4.21.1
Container bci/gcc:latest:curl-8.6.0-150600.4.21.1
Container bci/gcc:latest:libcurl4-8.6.0-150600.4.21.1
Ссылки
- CVE-2025-0725
- SUSE Bug 1236590