|Category:||SuSE Local Security Checks|
|Title:||SuSE Update for curl openSUSE-SU-2018:1624-1 (curl)|
|Summary:||The remote host is missing an update for the 'curl'; package(s) announced via the openSUSE-SU-2018:1624_1 advisory.|
The remote host is missing an update for the 'curl'
package(s) announced via the openSUSE-SU-2018:1624_1 advisory.
This update for curl to version 7.60.0 fixes the following issues:
These security issues were fixed:
- CVE-2018-1000300: Prevent heap-based buffer overflow when closing down
an FTP connection with very long server command replies (bsc#1092094).
- CVE-2018-1000301: Prevent buffer over-read that could have cause reading
data beyond the end of a heap based buffer used to store downloaded RTSP
These non-security issues were fixed:
- Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
- Add --haproxy-protocol for the command line tool
- Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses
- FTP: fix typo in recursive callback detection for seeking
- test1208: marked flaky
- HTTP: make header-less responses still count correct body size
- user-agent.d:: mention --proxy-header as well
- http2: fixes typo
- cleanup: misc typos in strings and comments
- rate-limit: use three second window to better handle high speeds
- examples/hiperfifo.c: improved
- pause: when changing pause state, update socket state
- curl_version_info.3: fix ssl_version description
- add_handle/easy_perform: clear errorbuffer on start if set
- cmake: add support for brotli
- parsedate: support UT timezone
- vauth/ntlm.h: fix the #ifdef header guard
- lib/curl_path.h: added #ifdef header guard
- vauth/cleartext: fix integer overflow check
- CURLINFO_COOKIELIST.3: made the example not leak memory
- cookie.d: mention that '-' as filename means stdin
- CURLINFO_SSL_VERIFYRESULT.3: fixed the example
- http2: read pending frames (including GOAWAY) in connection-check
- timeval: remove compilation warning by casting
- cmake: avoid warn-as-error during config checks
- travis-ci: enable -Werror for CMake builds
- openldap: fix for NULL return from ldap_get_attribute_ber()
- threaded resolver: track resolver time and set suitable timeout values
- cmake: Add advapi32 as explicit link library for win32
- docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
- test1148: set a fixed locale for the test
- cookies: when reading from a file, only remove_expired once
- cookie: store cookies per top-level-domain-specific hash table
- openssl: RESTORED verify locations when verifypeer==0
- file: restore old behavior for file:////foo/bar URLs
- FTP: allow PASV on IPv6 connections when a proxy is being used
- build-openssl.bat: allow custom paths for VS and perl
- winbuild: make the clean target work without build-type
- build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
- curl: r ...
Description truncated, please see the referenced URL(s) for more information.
curl on openSUSE Leap 15.0.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2018-1000300|
Common Vulnerability Exposure (CVE) ID: CVE-2018-1000301
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 72306 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.