Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2018-16840: A use after free in closing SASL handles was fixed (bsc#1112758)
- CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.3
curl-7.37.0-42.1
libcurl-devel-7.37.0-42.1
libcurl-devel-32bit-7.37.0-42.1
libcurl4-7.37.0-42.1
libcurl4-32bit-7.37.0-42.1
Ссылки
- E-Mail link for openSUSE-SU-2018:3699-1
- SUSE Security Ratings
Описание
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
Затронутые продукты
openSUSE Leap 42.3:curl-7.37.0-42.1
openSUSE Leap 42.3:libcurl-devel-32bit-7.37.0-42.1
openSUSE Leap 42.3:libcurl-devel-7.37.0-42.1
openSUSE Leap 42.3:libcurl4-32bit-7.37.0-42.1
Ссылки
- CVE-2018-16840
- SUSE Bug 1112758
- SUSE Bug 1113029
- SUSE Bug 1122464
Описание
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
Затронутые продукты
openSUSE Leap 42.3:curl-7.37.0-42.1
openSUSE Leap 42.3:libcurl-devel-32bit-7.37.0-42.1
openSUSE Leap 42.3:libcurl-devel-7.37.0-42.1
openSUSE Leap 42.3:libcurl4-32bit-7.37.0-42.1
Ссылки
- CVE-2018-16842
- SUSE Bug 1113660
- SUSE Bug 1122464