SUSE-SU-2018:1323-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2018/suse-su-20181323-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1323-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2018:1323-1

Related

Published

2018-05-16T19:52:18Z

Modified

2018-05-16T19:52:18Z

Summary

Security update for curl

Details

This update for curl fixes the following issues:

curl was updated to version 7.37.0 (fate#325339 bsc#1084137)

This update syncs the curl version to the one in SUSE Linux Enterprise 12 and is full binary compatible to the previous version.

This update is done to allow other third party software like 'R' to be able to be used on the SUSE Linux Enterprise 11 codebase.

Following security issues were fixed:

CVE-2018-1000120: A buffer overflow exists in the FTP URL handling that allowed an attacker to cause a denial of service or possible code execution (bsc#1084521).
CVE-2018-1000121: A NULL pointer dereference exists in the LDAP code that allowed an attacker to cause a denial of service (bsc#1084524).
CVE-2018-1000122: A buffer over-read exists in the RTSP+RTP handling code that allowed an attacker to cause a denial of service or information leakage (bsc#1084532).

The package also requires a libopenssl that implements the DEFAULT_SUSE cipher list (bsc#1081056, bsc#1083463,bsc#1086825)

References

Affected packages

SUSE:Linux Enterprise Software Development Kit 11 SP4 / curl

Package

Name: curl
Purl: purl:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "libcurl-devel": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11-SECURITY / curl-openssl1

Package

Name: curl-openssl1
Purl: purl:rpm/suse/curl-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011-SECURITY

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "curl-openssl1": "7.37.0-70.27.1",
            "libcurl4-openssl1-x86": "7.37.0-70.27.1",
            "libcurl4-openssl1-32bit": "7.37.0-70.27.1",
            "libcurl4-openssl1": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Point of Sale 11 SP3 / curl

Package

Name: curl
Purl: purl:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "curl": "7.37.0-70.27.1",
            "libcurl4": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-LTSS / curl

Package

Name: curl
Purl: purl:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "curl-openssl1": "7.37.0-70.27.1",
            "curl": "7.37.0-70.27.1",
            "libcurl4-openssl1-32bit": "7.37.0-70.27.1",
            "libcurl4": "7.37.0-70.27.1",
            "libcurl4-32bit": "7.37.0-70.27.1",
            "libcurl4-openssl1": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-LTSS / curl-openssl1

Package

Name: curl-openssl1
Purl: purl:rpm/suse/curl-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "curl-openssl1": "7.37.0-70.27.1",
            "curl": "7.37.0-70.27.1",
            "libcurl4-openssl1-32bit": "7.37.0-70.27.1",
            "libcurl4": "7.37.0-70.27.1",
            "libcurl4-32bit": "7.37.0-70.27.1",
            "libcurl4-openssl1": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-TERADATA / curl

Package

Name: curl
Purl: purl:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "curl-openssl1": "7.37.0-70.27.1",
            "curl": "7.37.0-70.27.1",
            "libcurl4-openssl1-32bit": "7.37.0-70.27.1",
            "libcurl4": "7.37.0-70.27.1",
            "libcurl4-32bit": "7.37.0-70.27.1",
            "libcurl4-openssl1": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP3-TERADATA / curl-openssl1

Package

Name: curl-openssl1
Purl: purl:rpm/suse/curl-openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "curl-openssl1": "7.37.0-70.27.1",
            "curl": "7.37.0-70.27.1",
            "libcurl4-openssl1-32bit": "7.37.0-70.27.1",
            "libcurl4": "7.37.0-70.27.1",
            "libcurl4-32bit": "7.37.0-70.27.1",
            "libcurl4-openssl1": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4 / curl

Package

Name: curl
Purl: purl:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "libcurl4-x86": "7.37.0-70.27.1",
            "curl": "7.37.0-70.27.1",
            "libcurl4": "7.37.0-70.27.1",
            "libcurl4-32bit": "7.37.0-70.27.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 11 SP4 / curl

Package

Name: curl
Purl: purl:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.37.0-70.27.1

Ecosystem specific

{
    "binaries": [
        {
            "libcurl4-x86": "7.37.0-70.27.1",
            "curl": "7.37.0-70.27.1",
            "libcurl4": "7.37.0-70.27.1",
            "libcurl4-32bit": "7.37.0-70.27.1"
        }
    ]
}