Описание
Security update for curl
This update for curl fixes the following issues:
Security issue fixed:
- CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
curl-7.60.0-lp151.5.3.1
curl-mini-7.60.0-lp151.5.3.1
libcurl-devel-7.60.0-lp151.5.3.1
libcurl-devel-32bit-7.60.0-lp151.5.3.1
libcurl-mini-devel-7.60.0-lp151.5.3.1
libcurl4-7.60.0-lp151.5.3.1
libcurl4-32bit-7.60.0-lp151.5.3.1
libcurl4-mini-7.60.0-lp151.5.3.1
openSUSE Leap 15.1
curl-7.60.0-lp151.5.3.1
curl-mini-7.60.0-lp151.5.3.1
libcurl-devel-7.60.0-lp151.5.3.1
libcurl-devel-32bit-7.60.0-lp151.5.3.1
libcurl-mini-devel-7.60.0-lp151.5.3.1
libcurl4-7.60.0-lp151.5.3.1
libcurl4-32bit-7.60.0-lp151.5.3.1
libcurl4-mini-7.60.0-lp151.5.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1508-1
- SUSE Security Ratings
- SUSE Bug 1135170
- SUSE CVE CVE-2019-5436 page
Описание
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
Затронутые продукты
openSUSE Leap 15.0:curl-7.60.0-lp151.5.3.1
openSUSE Leap 15.0:curl-mini-7.60.0-lp151.5.3.1
openSUSE Leap 15.0:libcurl-devel-32bit-7.60.0-lp151.5.3.1
openSUSE Leap 15.0:libcurl-devel-7.60.0-lp151.5.3.1
Ссылки
- CVE-2019-5436
- SUSE Bug 1135170
- SUSE Bug 1149496
- SUSE Bug 1154162
- SUSE Bug 1167096