Download
| Alert*
oval:org.secpod.oval:def:89045313
This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer The following non-security bugs were fixed: - bsc#926511: ... oval:org.secpod.oval:def:89045192 This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass - CVE-2016-5420: Re-using connections with wrong client cert - CVE-2016-7141: Fixed incorrect reuse of client certificates . oval:org.secpod.oval:def:89045139 This update for curl fixes the following security issues: - CVE-2016-8624: invalid URL parsing with "#" - CVE-2016-8623: Use-after-free via shared cookies - CVE-2016-8621: curl_getdate read out of bounds - CVE-2016-8619: double-free in krb5 code - CVE-2016-8618: double-free in curl_maprintf - C ... oval:org.secpod.oval:def:89044807 This update for curl fixes the following issues: Security issues fixed: - CVE-2017-1000254: FTP PWD response parser out of bounds read - CVE-2017-1000257: IMAP FETCH response out of bounds read Bugs fixed: - Fixed error error:1408F10B:SSL routines when connecting to ftps via proxy oval:org.secpod.oval:def:89003109 libcurl4 is installed oval:org.secpod.oval:def:89044812 This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service - CVE-2017-1000101: URL globbing out of bounds read could lead to a denial of service oval:org.secpod.oval:def:89044855 This update for curl fixes the following issues: Security issue fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process m ... oval:org.secpod.oval:def:89044650 This update for curl fixes the following issues: - CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service - CVE-2017-7407: ourWriteOut function problem could lead to a heap buffer over-read - CVE-2016-9586: libcurl printf issue could lead to buffer overflow oval:org.secpod.oval:def:89044801 This update for curl fixes the following issues: These security issues were fixed: - CVE-2016-9586: libcurl printf floating point buffer overflow - CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information fr ... oval:org.secpod.oval:def:89049654 This update for curl fixes the following issues: Security issue fixed: - CVE-2018-0500: Fix a SMTP send heap buffer overflow . oval:org.secpod.oval:def:89050705 This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer . - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow . oval:org.secpod.oval:def:89049639 This update for curl fixes the following issues: - CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes - CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c ... oval:org.secpod.oval:def:89049669 This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code This non-security issue was fixed: - Use OPENSSL_config instead of CONF_modules_load_file to avoid crashes due to openssl engines conflicts oval:org.secpod.oval:def:89049124 This update for curl fixes the following issues: * CVE-2023-32001: Fixed TOCTOU race condition . oval:org.secpod.oval:def:89049120 This update for curl fixes the following issues: * CVE-2023-32001: Fixed TOCTOU race condition . oval:org.secpod.oval:def:3301550 Security update for curl oval:org.secpod.oval:def:89048859 This update for curl fixes the following issues: * CVE-2023-28320: Fixed siglongjmp race condition . * CVE-2023-28321: Fixed IDN wildcard matching . * CVE-2023-28322: Fixed POST-after-PUT confusion . * CVE-2023-27533: Fixed TELNET option IAC injection . * CVE-2023-27534: Fixed SFTP path ~ resolving ... oval:org.secpod.oval:def:89048862 This update for curl fixes the following issues: * CVE-2023-28320: Fixed siglongjmp race condition . * CVE-2023-28321: Fixed IDN wildcard matching . * CVE-2023-28322: Fixed POST-after-PUT confusion . * CVE-2023-27533: Fixed TELNET option IAC injection . * CVE-2023-27534: Fixed SFTP path ~ resolving ... oval:org.secpod.oval:def:3300532 SUSE Security Update: Security update for curl oval:org.secpod.oval:def:89048072 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free . - CVE-2022-43551: Fixed HSTS bypass via IDN . oval:org.secpod.oval:def:89048071 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free . oval:org.secpod.oval:def:89047689 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion . oval:org.secpod.oval:def:89047750 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion . oval:org.secpod.oval:def:89047738 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion . oval:org.secpod.oval:def:3301293 SUSE Security Update: Security update for curl oval:org.secpod.oval:def:89047757 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion . - CVE-2022-42916: Fixed HSTS bypass via IDN . oval:org.secpod.oval:def:89047459 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse oval:org.secpod.oval:def:89047392 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect - CVE-2022-27775: Fixed bad local IPv6 connection reuse - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use oval:org.secpod.oval:def:89047197 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM . - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed . oval:org.secpod.oval:def:89045103 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. - CVE-2021-22924: Bad connection reuse due to flawed path name checks. - CVE-2021-22923: Insufficiently Protected Credentials. - CVE-2021-22922: Wrong content via metalink not discarded oval:org.secpod.oval:def:89047148 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. - CVE-2021-22924: Bad connection reuse due to flawed path name checks. - CVE-2021-22923: Insufficiently Protected Credentials. - CVE-2021-22922: Wrong content via metalink not discarded oval:org.secpod.oval:def:89045111 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. - CVE-2021-22924: Bad connection reuse due to flawed path name checks. - CVE-2021-22923: Insufficiently Protected Credentials. - CVE-2021-22922: Wrong content via metalink not discarded oval:org.secpod.oval:def:89044207 This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials . oval:org.secpod.oval:def:89047337 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure . - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are ... oval:org.secpod.oval:def:89050370 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl"s multi API and sets the "CURLOPT_CONNECT_ONLY" option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wr ... oval:org.secpod.oval:def:89050246 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl"s multi API and sets the "CURLOPT_CONNECT_ONLY" option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wr ... oval:org.secpod.oval:def:89050437 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option . - CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP redirect . oval:org.secpod.oval:def:89047564 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service . oval:org.secpod.oval:def:3301333 SUSE Security Update: Security update for curl oval:org.secpod.oval:def:89047667 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion . - CVE-2022-35252: Fixed a potential injection of control characters into cookies . oval:org.secpod.oval:def:89047773 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies . - CVE-2022-32221: Fixed POST following PUT confusion . oval:org.secpod.oval:def:89047651 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service . oval:org.secpod.oval:def:3300297 SUSE Security Update: Security update for curl oval:org.secpod.oval:def:89048676 This update for curl fixes the following issues: * CVE-2023-27533: Fixed TELNET option IAC injection . * CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy . * CVE-2023-27535: Fixed FTP too eager connection reuse . * CVE-2023-27536: Fixed GSS delegation too eager connection reuse . * CVE-2023-2 ... oval:org.secpod.oval:def:89048586 This update for curl fixes the following issues: * CVE-2023-27533: Fixed TELNET option IAC injection . * CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy . * CVE-2023-27535: Fixed FTP too eager connection reuse . * CVE-2023-27536: Fixed GSS delegation too eager connection reuse . * CVE-2023-2 ... oval:org.secpod.oval:def:89051262 This update for curl fixes the following issues: * CVE-2023-46218: Fixed cookie mixed case PSL bypass . * CVE-2023-46219: HSTS long file name clears contents . oval:org.secpod.oval:def:89051244 This update for curl fixes the following issues: * CVE-2023-46218: Fixed cookie mixed case PSL bypass . * CVE-2023-46219: HSTS long file name clears contents . oval:org.secpod.oval:def:89050376 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side . - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard . - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP . oval:org.secpod.oval:def:89050239 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side . - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard . - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP . oval:org.secpod.oval:def:89046742 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service - CVE-2022-32208: FTP-KRB bad message verification oval:org.secpod.oval:def:3300521 SUSE Security Update: Security update for curl oval:org.secpod.oval:def:89047740 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service - CVE-2022-32206: HTTP compression denial of service - CVE-2022-32207: Unpreserved file permissions - CVE-2022-32208: FTP-KRB bad message verification oval:org.secpod.oval:def:89048865 This update for curl adds the following feature: Update to version 8.0.1 * CVE-2023-28319: use-after-free in SSH sha256 fingerprint check . * CVE-2023-28320: siglongjmp race condition . * CVE-2023-28321: IDN wildcard matching . * CVE-2023-28322: POST-after-PUT confusion . oval:org.secpod.oval:def:89047498 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service - CVE-2022-32208: FTP-KRB bad message verification oval:org.secpod.oval:def:89048857 This update for curl adds the following feature: Update to version 8.0.1 * CVE-2023-28319: use-after-free in SSH sha256 fingerprint check . * CVE-2023-28320: siglongjmp race condition . * CVE-2023-28321: IDN wildcard matching . * CVE-2023-28322: POST-after-PUT confusion . oval:org.secpod.oval:def:3301780 Security update for curl oval:org.secpod.oval:def:89051257 This update for curl fixes the following issues: * CVE-2023-38546: Fixed a cookie injection with none file . * CVE-2023-46218: Fixed cookie mixed case PSL bypass . oval:org.secpod.oval:def:89049409 This update for curl fixes the following issues: * CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header oval:org.secpod.oval:def:89049566 This update for curl fixes the following issues: * CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header oval:org.secpod.oval:def:89050947 This update for curl fixes the following issues: * CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. * CVE-2023-38546: Fixed a cookie injection with none file oval:org.secpod.oval:def:89050946 This update for curl fixes the following issues: * CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. * CVE-2023-38546: Fixed a cookie injection with none file oval:org.secpod.oval:def:3302086 Security update for curl oval:org.secpod.oval:def:89048864 This update for curl fixes the following issues: * CVE-2023-28320: Fixed siglongjmp race condition . * CVE-2023-28321: Fixed IDN wildcard matching . * CVE-2023-28322: Fixed POST-after-PUT confusion . oval:org.secpod.oval:def:89048861 This update for curl fixes the following issues: * CVE-2023-28320: Fixed siglongjmp race condition . * CVE-2023-28321: Fixed IDN wildcard matching . * CVE-2023-28322: Fixed POST-after-PUT confusion . oval:org.secpod.oval:def:89051723 This update for curl fixes the following issues: * CVE-2024-2004: Fix the uUsage of disabled protocol logic. * CVE-2024-2398: Fix HTTP/2 push headers memory-leak oval:org.secpod.oval:def:89051719 This update for curl fixes the following issues: * CVE-2024-2004: Fix the uUsage of disabled protocol logic. * CVE-2024-2398: Fix HTTP/2 push headers memory-leak oval:org.secpod.oval:def:3302563 Security update for curl oval:org.secpod.oval:def:89051840 This update for curl fixes the following issues: * CVE-2024-2004: Fix the uUsage of disabled protocol logic. * CVE-2024-2398: Fix HTTP/2 push headers memory-leak |