Описание
Security update for curl
This update for curl fixes the following issues:
Security issue fixed:
- CVE-2018-0500: Fix a SMTP send heap buffer overflow (bsc#1099793).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
curl-7.60.0-lp150.2.9.1
curl-mini-7.60.0-lp150.2.9.1
libcurl-devel-7.60.0-lp150.2.9.1
libcurl-devel-32bit-7.60.0-lp150.2.9.1
libcurl-mini-devel-7.60.0-lp150.2.9.1
libcurl4-7.60.0-lp150.2.9.1
libcurl4-32bit-7.60.0-lp150.2.9.1
libcurl4-mini-7.60.0-lp150.2.9.1
Ссылки
- E-Mail link for openSUSE-SU-2018:2431-1
- SUSE Security Ratings
Описание
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).
Затронутые продукты
openSUSE Leap 15.0:curl-7.60.0-lp150.2.9.1
openSUSE Leap 15.0:curl-mini-7.60.0-lp150.2.9.1
openSUSE Leap 15.0:libcurl-devel-32bit-7.60.0-lp150.2.9.1
openSUSE Leap 15.0:libcurl-devel-7.60.0-lp150.2.9.1
Ссылки
- CVE-2018-0500
- SUSE Bug 1099793