Oval Definition:oval:org.opensuse.security:def:202327536
Revision Date:2023-06-22Version:1
Title:CVE-2023-27536
Description:

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2023-27536
SUSE CVE-2023-27536
SUSE-CU-2023:1103-1
SUSE-CU-2023:1104-1
SUSE-CU-2023:1105-1
SUSE-CU-2023:766-1
SUSE-CU-2023:803-1
SUSE-CU-2023:804-1
SUSE-CU-2023:805-1
SUSE-CU-2023:806-1
SUSE-CU-2023:807-1
SUSE-CU-2023:808-1
SUSE-CU-2023:809-1
SUSE-CU-2023:810-1
SUSE-CU-2023:811-1
SUSE-CU-2023:812-1
SUSE-CU-2023:813-1
SUSE-CU-2023:814-1
SUSE-CU-2023:815-1
SUSE-CU-2023:816-1
SUSE-CU-2023:817-1
SUSE-CU-2023:818-1
SUSE-CU-2023:819-1
SUSE-CU-2023:820-1
SUSE-CU-2023:821-1
SUSE-CU-2023:825-1
SUSE-CU-2023:833-1
SUSE-CU-2023:838-1
SUSE-CU-2023:842-1
SUSE-CU-2023:846-1
SUSE-CU-2023:885-1
SUSE-CU-2023:895-1
SUSE-CU-2023:896-1
SUSE-CU-2023:942-1
SUSE-CU-2023:943-1
SUSE-CU-2023:944-1
SUSE-CU-2023:945-1
SUSE-CU-2023:946-1
SUSE-CU-2023:947-1
SUSE-CU-2023:948-1
SUSE-CU-2023:949-1
SUSE-CU-2023:950-1
SUSE-CU-2023:951-1
SUSE-CU-2023:952-1
SUSE-CU-2023:953-1
SUSE-CU-2023:954-1
SUSE-CU-2023:955-1
SUSE-CU-2023:956-1
SUSE-IU-2023:219-1
SUSE-IU-2023:220-1
SUSE-IU-2023:221-1
SUSE-SU-2023:0865-1
SUSE-SU-2023:1582-1
SUSE-SU-2023:1711-1
SUSE-CU-2023:1229-1
SUSE-CU-2023:1231-1
SUSE-CU-2023:1234-1
SUSE-CU-2023:1236-1
SUSE-CU-2023:1261-1
SUSE-CU-2023:1262-1
SUSE-CU-2023:1458-1
SUSE-CU-2023:1459-1
SUSE-CU-2023:1460-1
SUSE-CU-2023:1461-1
SUSE-CU-2023:1462-1
SUSE-CU-2023:1463-1
SUSE-CU-2023:1464-1
SUSE-CU-2023:1465-1
SUSE-CU-2023:1466-1
SUSE-CU-2023:1467-1
SUSE-CU-2023:1498-1
SUSE-CU-2023:1619-1
SUSE-CU-2023:1621-1
SUSE-CU-2023:1836-1
SUSE-CU-2023:1838-1
SUSE-CU-2023:1839-1
SUSE-CU-2023:1840-1
SUSE-CU-2023:1844-1
SUSE-CU-2023:1897-1
SUSE-CU-2023:2047-1
SUSE-CU-2023:2048-1
SUSE-CU-2023:2049-1
SUSE-CU-2023:2050-1
SUSE-CU-2023:2051-1
SUSE-IU-2023:347-1
SUSE-IU-2023:348-1
SUSE-IU-2023:349-1
SUSE-SU-2023:2226-1
SUSE-SU-2023:2228-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Micro 5.4
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Micro 5.4 is installed
  • AND Package Information
  • curl is affected
  • OR libcurl4 is affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • curl-8.0.1-150400.5.23.1 is installed
  • OR libcurl-devel-8.0.1-150400.5.23.1 is installed
  • OR libcurl4-8.0.1-150400.5.23.1 is installed
  • OR libcurl4-32bit-8.0.1-150400.5.23.1 is installed
    • BACK