Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
curl-7.60.0-lp151.5.12.1
curl-mini-7.60.0-lp151.5.12.1
libcurl-devel-7.60.0-lp151.5.12.1
libcurl-devel-32bit-7.60.0-lp151.5.12.1
libcurl-mini-devel-7.60.0-lp151.5.12.1
libcurl4-7.60.0-lp151.5.12.1
libcurl4-32bit-7.60.0-lp151.5.12.1
libcurl4-mini-7.60.0-lp151.5.12.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0908-1
- SUSE Security Ratings
- SUSE Bug 1173027
- SUSE CVE CVE-2020-8177 page
Описание
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
Затронутые продукты
openSUSE Leap 15.1:curl-7.60.0-lp151.5.12.1
openSUSE Leap 15.1:curl-mini-7.60.0-lp151.5.12.1
openSUSE Leap 15.1:libcurl-devel-32bit-7.60.0-lp151.5.12.1
openSUSE Leap 15.1:libcurl-devel-7.60.0-lp151.5.12.1
Ссылки
- CVE-2020-8177
- SUSE Bug 1173027
- SUSE Bug 1186108