Oval Definition:	oval:org.opensuse.security:def:57315
Revision Date: 2020-12-01 Version: 1 Title: Security update for curl Description: This update fixes the following security issues: * CVE-2014-8150: URL request injection (bnc#911363) When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL. * CVE-2014-3707: duphandle read out of bounds (bnc#901924) * CVE-2014-3613: libcurl cookie leaks (bnc#894575) Additional bug fixed: * curl_multi_remove_handle: don't crash on multiple removes (bnc#897816) Security Issues: * CVE-2014-8150 * CVE-2014-3613 * CVE-2014-3707 Family: unix Class: patch Status: Reference(s): 1005886 1012382 1012917 1019784 1022476 1031717 1038078 1038085 1043652 1046554 1046555 1048585 1052360 1060279 1066223 1066842 1068032 1068038 1068569 1068984 1069160 1070799 1072163 1072484 1072589 1073229 1073703 1073928 1074134 1074392 1074488 1074621 1074709 1074839 1074847 1075066 1075078 1075087 1075091 1075428 1075617 1075621 1075627 1075994 1076017 1076110 1076806 1076809 1076872 1076899 1077068 1077291 1077560 1077592 1078526 1078681 1081518 1083093 1083125 1085447 1090368 1090646 1090869 1092548 1093898 1096759 1098369 1103383 1107116 1107121 1109412 1109413 1109414 1111499 1111647 1111996 1112534 1112535 1113247 1113252 1113255 1115045 1116574 1116827 1118830 1118831 1120640 1121034 1121035 1121056 1126140 1126141 1126192 1126195 1126196 1126201 1133131 1133232 1135905 1137001 1141913 1142772 1143797 1145652 1146358 1146359 1146874 1149813 1152497 1154448 1154456 1154458 1154461 1155945 1157888 1158003 1158004 1158005 1158006 1158007 1160968 1161181 1169511 1171352 1172277 870444 884698 885302 891082 894575 897816 901924 911363 963844 988524 CVE-2010-2547 CVE-2013-4351 CVE-2013-4402 CVE-2014-3613 CVE-2014-3707 CVE-2014-4345 CVE-2014-4617 CVE-2014-8150 CVE-2015-1606 CVE-2015-1607 CVE-2016-8611 CVE-2017-13166 CVE-2017-15129 CVE-2017-17712 CVE-2017-17862 CVE-2017-17864 CVE-2017-18017 CVE-2017-3142 CVE-2017-3143 CVE-2017-5715 CVE-2018-1000004 CVE-2018-1000876 CVE-2018-1087 CVE-2018-12086 CVE-2018-12207 CVE-2018-13785 CVE-2018-16428 CVE-2018-16429 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18227 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-19965 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 CVE-2018-3760 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5174 CVE-2018-5178 CVE-2018-5183 CVE-2018-5332 CVE-2018-5333 CVE-2018-8781 CVE-2018-8897 CVE-2019-1010180 CVE-2019-11135 CVE-2019-12067 CVE-2019-12068 CVE-2019-12155 CVE-2019-12450 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17347 CVE-2019-18420 CVE-2019-18421 CVE-2019-18424 CVE-2019-18425 CVE-2019-19577 CVE-2019-19578 CVE-2019-19579 CVE-2019-19580 CVE-2019-19581 CVE-2019-19583 CVE-2019-2949 CVE-2019-8675 CVE-2019-8696 CVE-2020-2654 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830 CVE-2020-7211 SUSE-SU-2017:1736-1 SUSE-SU-2018:0374-1 SUSE-SU-2018:0416-1 SUSE-SU-2018:1334-1 SUSE-SU-2018:1510-1 SUSE-SU-2018:2603-1 SUSE-SU-2018:3590-1 SUSE-SU-2018:3933-1 SUSE-SU-2019:1596-1 SUSE-SU-2019:2650-1 SUSE-SU-2019:3057-1 SUSE-SU-2020:0388-1 SUSE-SU-2020:1685-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND bubblewrap-0.2.0-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information MozillaThunderbird-60.8.0-lp151.2.10 is installed OR MozillaThunderbird-buildsymbols-60.8.0-lp151.2.10 is installed OR MozillaThunderbird-translations-common-60.8.0-lp151.2.10 is installed OR MozillaThunderbird-translations-other-60.8.0-lp151.2.10 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information curl-7.19.7-1.40 is installed OR libcurl4-7.19.7-1.40 is installed OR libcurl4-32bit-7.19.7-1.40 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information libwireshark9-2.4.10-48.32 is installed OR libwiretap7-2.4.10-48.32 is installed OR libwscodecs1-2.4.10-48.32 is installed OR libwsutil8-2.4.10-48.32 is installed OR wireshark-2.4.10-48.32 is installed OR wireshark-gtk-2.4.10-48.32 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information gpg2-2.0.24-3 is installed OR gpg2-lang-2.0.24-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information openssh-7.2p2-74.25 is installed OR openssh-askpass-gnome-7.2p2-74.25 is installed OR openssh-fips-7.2p2-74.25 is installed OR openssh-helpers-7.2p2-74.25 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information cups-filters-1.0.58-15.2 is installed OR cups-filters-cups-browsed-1.0.58-15.2 is installed OR cups-filters-foomatic-rip-1.0.58-15.2 is installed OR cups-filters-ghostscript-1.0.58-15.2 is installed OR libqpdf18-7.1.1-3.3 is installed OR qpdf-7.1.1-3.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_103-92_56-default-6-2 is installed OR kgraft-patch-SLE12-SP2_Update_17-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information fuse-2.9.3-5 is installed OR libfuse2-2.9.3-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information strongswan-5.1.3-26.13 is installed OR strongswan-doc-5.1.3-26.13 is installed OR strongswan-hmac-5.1.3-26.13 is installed OR strongswan-ipsec-5.1.3-26.13 is installed OR strongswan-libs0-5.1.3-26.13 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information xen-4.9.4_04-3.56 is installed OR xen-doc-html-4.9.4_04-3.56 is installed OR xen-libs-4.9.4_04-3.56 is installed OR xen-libs-32bit-4.9.4_04-3.56 is installed OR xen-tools-4.9.4_04-3.56 is installed OR xen-tools-domU-4.9.4_04-3.56 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information g3utils-1.1.36-58.3 is installed OR mgetty-1.1.36-58.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information MozillaFirefox-60.6.1esr-109.63 is installed OR MozillaFirefox-translations-common-60.6.1esr-109.63 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information crowbar-4.0+git.1528801103.f5708341-7.20 is installed OR crowbar-core-4.0+git.1534246408.3ab19c567-9.33 is installed OR crowbar-core-branding-upstream-4.0+git.1534246408.3ab19c567-9.33 is installed OR crowbar-devel-4.0+git.1528801103.f5708341-7.20 is installed OR crowbar-ha-4.0+git.1533750802.5768e73-4.34 is installed OR crowbar-openstack-4.0+git.1534254269.ce598a9fe-9.39 is installed OR crowbar-ui-1.1.0+git.1533844061.4ac8e723-4.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libgcrypt-1.6.1-16.68 is installed OR libgcrypt20-1.6.1-16.68 is installed OR libgcrypt20-32bit-1.6.1-16.68 is installed OR libgcrypt20-hmac-1.6.1-16.68 is installed OR libgcrypt20-hmac-32bit-1.6.1-16.68 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libseccomp-2.4.1-11.3 is installed OR libseccomp2-2.4.1-11.3 is installed OR libseccomp2-32bit-2.4.1-11.3 is installed
BACK