Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
Список пакетов
Image SLES15-SP6-SAP-Azure-LI-BYOS
curl-8.14.1-150600.4.37.1
libcurl4-8.14.1-150600.4.37.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
curl-8.14.1-150600.4.37.1
libcurl4-8.14.1-150600.4.37.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
curl-8.14.1-150600.4.37.1
libcurl4-8.14.1-150600.4.37.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
curl-8.14.1-150600.4.37.1
libcurl4-8.14.1-150600.4.37.1
openSUSE Leap 15.6
curl-8.14.1-150600.4.37.1
libcurl-devel-8.14.1-150600.4.37.1
libcurl-devel-32bit-8.14.1-150600.4.37.1
libcurl4-8.14.1-150600.4.37.1
libcurl4-32bit-8.14.1-150600.4.37.1
Ссылки
- Link for SUSE-SU-2026:0077-1
- E-Mail link for SUSE-SU-2026:0077-1
- SUSE Security Ratings
- SUSE Bug 1256105
- SUSE CVE CVE-2025-14017 page
Описание
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.
Затронутые продукты
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production:curl-8.14.1-150600.4.37.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production:libcurl4-8.14.1-150600.4.37.1
Image SLES15-SP6-SAP-Azure-LI-BYOS:curl-8.14.1-150600.4.37.1
Image SLES15-SP6-SAP-Azure-LI-BYOS:libcurl4-8.14.1-150600.4.37.1
Ссылки
- CVE-2025-14017
- SUSE Bug 1256105