Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758)
- CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758)
- CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
Ссылки
- E-Mail link for openSUSE-SU-2018:3706-1
- SUSE Security Ratings
Описание
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
Затронутые продукты
Ссылки
- CVE-2018-16839
- SUSE Bug 1112758
- SUSE Bug 1113029
Описание
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
Затронутые продукты
Ссылки
- CVE-2018-16840
- SUSE Bug 1112758
- SUSE Bug 1113029
- SUSE Bug 1122464
Описание
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
Затронутые продукты
Ссылки
- CVE-2018-16842
- SUSE Bug 1113660
- SUSE Bug 1122464