Описание
Security update for curl
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2017-8816: Buffer overrun flaw in the NTLM authentication code (bsc#1069226).
- CVE-2017-8817: Read out of bounds flaw in the FTP wildcard function (bsc#1069222).
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
curl-7.37.0-27.1
libcurl-devel-7.37.0-27.1
libcurl-devel-32bit-7.37.0-27.1
libcurl4-7.37.0-27.1
libcurl4-32bit-7.37.0-27.1
openSUSE Leap 42.3
curl-7.37.0-27.1
libcurl-devel-7.37.0-27.1
libcurl-devel-32bit-7.37.0-27.1
libcurl4-7.37.0-27.1
libcurl4-32bit-7.37.0-27.1
Ссылки
- E-Mail link for openSUSE-SU-2018:0161-1
- SUSE Security Ratings
Описание
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.
Затронутые продукты
openSUSE Leap 42.2:curl-7.37.0-27.1
openSUSE Leap 42.2:libcurl-devel-32bit-7.37.0-27.1
openSUSE Leap 42.2:libcurl-devel-7.37.0-27.1
openSUSE Leap 42.2:libcurl4-32bit-7.37.0-27.1
Ссылки
- CVE-2017-8816
- SUSE Bug 1069226
- SUSE Bug 1106019
Описание
The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.
Затронутые продукты
openSUSE Leap 42.2:curl-7.37.0-27.1
openSUSE Leap 42.2:libcurl-devel-32bit-7.37.0-27.1
openSUSE Leap 42.2:libcurl-devel-7.37.0-27.1
openSUSE Leap 42.2:libcurl4-32bit-7.37.0-27.1
Ссылки
- CVE-2017-8817
- SUSE Bug 1069222