Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027).
- CVE-2020-8169: Fixed an issue where could have led to partial password leak
over DNS on HTTP redirect (bsc#1173026).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Список пакетов
openSUSE Leap 15.2
curl-7.66.0-lp152.3.3.1
curl-mini-7.66.0-lp152.3.3.1
libcurl-devel-7.66.0-lp152.3.3.1
libcurl-devel-32bit-7.66.0-lp152.3.3.1
libcurl-mini-devel-7.66.0-lp152.3.3.1
libcurl4-7.66.0-lp152.3.3.1
libcurl4-32bit-7.66.0-lp152.3.3.1
libcurl4-mini-7.66.0-lp152.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0883-1
- SUSE Security Ratings
- SUSE Bug 1173026
- SUSE Bug 1173027
- SUSE CVE CVE-2020-8169 page
- SUSE CVE CVE-2020-8177 page
Описание
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
Затронутые продукты
openSUSE Leap 15.2:curl-7.66.0-lp152.3.3.1
openSUSE Leap 15.2:curl-mini-7.66.0-lp152.3.3.1
openSUSE Leap 15.2:libcurl-devel-32bit-7.66.0-lp152.3.3.1
openSUSE Leap 15.2:libcurl-devel-7.66.0-lp152.3.3.1
Ссылки
- CVE-2020-8169
- SUSE Bug 1173026
- SUSE Bug 1186108
Описание
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
Затронутые продукты
openSUSE Leap 15.2:curl-7.66.0-lp152.3.3.1
openSUSE Leap 15.2:curl-mini-7.66.0-lp152.3.3.1
openSUSE Leap 15.2:libcurl-devel-32bit-7.66.0-lp152.3.3.1
openSUSE Leap 15.2:libcurl-devel-7.66.0-lp152.3.3.1
Ссылки
- CVE-2020-8177
- SUSE Bug 1173027
- SUSE Bug 1186108