SUSE-SU-2018:1323-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20181323-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1323-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:1323-1
Related
Published
2018-05-16T19:52:18Z
Modified
2018-05-16T19:52:18Z
Summary
Security update for curl
Details

This update for curl fixes the following issues:

curl was updated to version 7.37.0 (fate#325339 bsc#1084137)

This update syncs the curl version to the one in SUSE Linux Enterprise 12 and is full binary compatible to the previous version.

This update is done to allow other third party software like 'R' to be able to be used on the SUSE Linux Enterprise 11 codebase.

Following security issues were fixed:

  • CVE-2018-1000120: A buffer overflow exists in the FTP URL handling that allowed an attacker to cause a denial of service or possible code execution (bsc#1084521).
  • CVE-2018-1000121: A NULL pointer dereference exists in the LDAP code that allowed an attacker to cause a denial of service (bsc#1084524).
  • CVE-2018-1000122: A buffer over-read exists in the RTSP+RTP handling code that allowed an attacker to cause a denial of service or information leakage (bsc#1084532).

The package also requires a libopenssl that implements the DEFAULT_SUSE cipher list (bsc#1081056, bsc#1083463,bsc#1086825)

References

Affected packages

SUSE:Linux Enterprise Software Development Kit 11 SP4 / curl

Package

Name
curl
Purl
pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "libcurl-devel": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11-SECURITY / curl-openssl1

Package

Name
curl-openssl1
Purl
pkg:rpm/suse/curl-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "curl-openssl1": "7.37.0-70.27.1",
            "libcurl4-openssl1-x86": "7.37.0-70.27.1",
            "libcurl4-openssl1-32bit": "7.37.0-70.27.1",
            "libcurl4-openssl1": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Point of Sale 11 SP3 / curl

Package

Name
curl
Purl
pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "curl": "7.37.0-70.27.1",
            "libcurl4": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-LTSS / curl

Package

Name
curl
Purl
pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "curl-openssl1": "7.37.0-70.27.1",
            "curl": "7.37.0-70.27.1",
            "libcurl4-openssl1-32bit": "7.37.0-70.27.1",
            "libcurl4": "7.37.0-70.27.1",
            "libcurl4-32bit": "7.37.0-70.27.1",
            "libcurl4-openssl1": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-LTSS / curl-openssl1

Package

Name
curl-openssl1
Purl
pkg:rpm/suse/curl-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "curl-openssl1": "7.37.0-70.27.1",
            "curl": "7.37.0-70.27.1",
            "libcurl4-openssl1-32bit": "7.37.0-70.27.1",
            "libcurl4": "7.37.0-70.27.1",
            "libcurl4-32bit": "7.37.0-70.27.1",
            "libcurl4-openssl1": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-TERADATA / curl

Package

Name
curl
Purl
pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "curl-openssl1": "7.37.0-70.27.1",
            "curl": "7.37.0-70.27.1",
            "libcurl4-openssl1-32bit": "7.37.0-70.27.1",
            "libcurl4": "7.37.0-70.27.1",
            "libcurl4-32bit": "7.37.0-70.27.1",
            "libcurl4-openssl1": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-TERADATA / curl-openssl1

Package

Name
curl-openssl1
Purl
pkg:rpm/suse/curl-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "curl-openssl1": "7.37.0-70.27.1",
            "curl": "7.37.0-70.27.1",
            "libcurl4-openssl1-32bit": "7.37.0-70.27.1",
            "libcurl4": "7.37.0-70.27.1",
            "libcurl4-32bit": "7.37.0-70.27.1",
            "libcurl4-openssl1": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4 / curl

Package

Name
curl
Purl
pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "libcurl4-x86": "7.37.0-70.27.1",
            "curl": "7.37.0-70.27.1",
            "libcurl4": "7.37.0-70.27.1",
            "libcurl4-32bit": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 11 SP4 / curl

Package

Name
curl
Purl
pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "libcurl4-x86": "7.37.0-70.27.1",
            "curl": "7.37.0-70.27.1",
            "libcurl4": "7.37.0-70.27.1",
            "libcurl4-32bit": "7.37.0-70.27.1"
        }
    ]
}