Описание
Security update for curl
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495).
- CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
curl-7.60.0-lp150.2.25.1
libcurl-devel-7.60.0-lp150.2.25.1
libcurl-devel-32bit-7.60.0-lp150.2.25.1
libcurl4-7.60.0-lp150.2.25.1
libcurl4-32bit-7.60.0-lp150.2.25.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2169-1
- SUSE Security Ratings
- SUSE Bug 1149495
- SUSE Bug 1149496
- SUSE CVE CVE-2019-5481 page
- SUSE CVE CVE-2019-5482 page
Описание
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
Затронутые продукты
openSUSE Leap 15.0:curl-7.60.0-lp150.2.25.1
openSUSE Leap 15.0:libcurl-devel-32bit-7.60.0-lp150.2.25.1
openSUSE Leap 15.0:libcurl-devel-7.60.0-lp150.2.25.1
openSUSE Leap 15.0:libcurl4-32bit-7.60.0-lp150.2.25.1
Ссылки
- CVE-2019-5481
- SUSE Bug 1149495
Описание
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
Затронутые продукты
openSUSE Leap 15.0:curl-7.60.0-lp150.2.25.1
openSUSE Leap 15.0:libcurl-devel-32bit-7.60.0-lp150.2.25.1
openSUSE Leap 15.0:libcurl-devel-7.60.0-lp150.2.25.1
openSUSE Leap 15.0:libcurl4-32bit-7.60.0-lp150.2.25.1
Ссылки
- CVE-2019-5482
- SUSE Bug 1149496
- SUSE Bug 1156634