Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:0370-1

Опубликовано: 05 фев. 2025
Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

  • CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
  • CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)

Список пакетов

Container suse/ltss/sle15.4/bci-base:latest
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Container suse/ltss/sle15.5/sle15:latest
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Container suse/manager/4.3/proxy-httpd:latest
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Container suse/manager/4.3/proxy-salt-broker:latest
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Container suse/sle-micro-rancher/5.3:latest
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Container suse/sle-micro-rancher/5.4:latest
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Container suse/sle-micro/5.3/toolbox:latest
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Container suse/sle-micro/5.4/toolbox:latest
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Container suse/sle-micro/5.5/toolbox:latest
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Container suse/sle-micro/5.5:latest
libcurl4-8.0.1-150400.5.62.1
Container suse/sle-micro/base-5.5:latest
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Container suse/sle-micro/kvm-5.5:latest
libcurl4-8.0.1-150400.5.62.1
Container suse/sle-micro/rt-5.5:latest
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-BYOS
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-BYOS-GCE
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-Hardened-BYOS
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-Hardened-BYOS-GCE
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-Micro-5-3
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-Micro-5-3-BYOS
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-Micro-5-3-BYOS-EC2
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-Micro-5-3-EC2
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-Micro-5-4
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-Micro-5-4-BYOS
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-Micro-5-4-BYOS-EC2
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-Micro-5-4-EC2
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-SAP-BYOS
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-SAP-BYOS-GCE
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-SAP-Hardened-BYOS
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-Azure-3P
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-BYOS-GCE
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-CHOST-BYOS-Azure
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-CHOST-BYOS-EC2
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-CHOST-BYOS-GCE
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-CHOST-BYOS-GDC
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-CHOST-BYOS-SAP-CCloud
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-GCE
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-Hardened-BYOS-GCE
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-Manager-Server-5-0
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-Manager-Server-5-0-BYOS
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-Micro-5-5-BYOS
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-Micro-5-5-BYOS-Azure
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-SAP-Azure-3P
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
Image SLES15-SP5-SAP-BYOS-GCE
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
curl-8.0.1-150400.5.62.1
libcurl-devel-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
libcurl4-32bit-8.0.1-150400.5.62.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
curl-8.0.1-150400.5.62.1
libcurl-devel-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
libcurl4-32bit-8.0.1-150400.5.62.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
curl-8.0.1-150400.5.62.1
libcurl-devel-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
libcurl4-32bit-8.0.1-150400.5.62.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
curl-8.0.1-150400.5.62.1
libcurl-devel-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
libcurl4-32bit-8.0.1-150400.5.62.1
SUSE Linux Enterprise Installer Updates 15 SP4
libcurl4-8.0.1-150400.5.62.1
SUSE Linux Enterprise Installer Updates 15 SP5
libcurl4-8.0.1-150400.5.62.1
SUSE Linux Enterprise Micro 5.3
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
SUSE Linux Enterprise Micro 5.4
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
SUSE Linux Enterprise Micro 5.5
curl-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
SUSE Linux Enterprise Server 15 SP4-LTSS
curl-8.0.1-150400.5.62.1
libcurl-devel-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
libcurl4-32bit-8.0.1-150400.5.62.1
SUSE Linux Enterprise Server 15 SP5-LTSS
curl-8.0.1-150400.5.62.1
libcurl-devel-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
libcurl4-32bit-8.0.1-150400.5.62.1
SUSE Manager Server 4.3
curl-8.0.1-150400.5.62.1
libcurl-devel-8.0.1-150400.5.62.1
libcurl4-8.0.1-150400.5.62.1
libcurl4-32bit-8.0.1-150400.5.62.1

Ссылки

Описание

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.

Затронутые продукты
Container suse/ltss/sle15.4/bci-base:latest:curl-8.0.1-150400.5.62.1
Container suse/ltss/sle15.4/bci-base:latest:libcurl4-8.0.1-150400.5.62.1
Container suse/ltss/sle15.5/sle15:latest:curl-8.0.1-150400.5.62.1
Container suse/ltss/sle15.5/sle15:latest:libcurl4-8.0.1-150400.5.62.1
Ссылки

Описание

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.

Затронутые продукты
Container suse/ltss/sle15.4/bci-base:latest:curl-8.0.1-150400.5.62.1
Container suse/ltss/sle15.4/bci-base:latest:libcurl4-8.0.1-150400.5.62.1
Container suse/ltss/sle15.5/sle15:latest:curl-8.0.1-150400.5.62.1
Container suse/ltss/sle15.5/sle15:latest:libcurl4-8.0.1-150400.5.62.1
Ссылки
Уязвимость SUSE-SU-2025:0370-1