Oval Definition:oval:org.opensuse.security:def:78472
Revision Date:2016-11-02Version:1
Title:Security update for curl (Important)
Description:

This update for curl fixes the following security issues:

- CVE-2016-8624: invalid URL parsing with '#' (bsc#1005646) - CVE-2016-8623: Use-after-free via shared cookies (bsc#1005645) - CVE-2016-8622: URL unescape heap overflow via integer truncation (bsc#1005643) - CVE-2016-8621: curl_getdate read out of bounds (bsc#1005642) - CVE-2016-8620: glob parser write/read out of bounds (bsc#1005640) - CVE-2016-8619: double-free in krb5 code (bsc#1005638) - CVE-2016-8618: double-free in curl_maprintf (bsc#1005637) - CVE-2016-8617: OOB write via unchecked multiplication (bsc#1005635) - CVE-2016-8616: case insensitive password comparison (bsc#1005634) - CVE-2016-8615: cookie injection for other servers (bsc#1005633) - CVE-2016-7167: escape and unescape integer overflows (bsc#998760)
Family:unixClass:patch
Status:Reference(s):1005633
1005634
1005635
1005637
1005638
1005640
1005642
1005643
1005645
1005646
998760
CVE-2016-7167
CVE-2016-8615
CVE-2016-8616
CVE-2016-8617
CVE-2016-8618
CVE-2016-8619
CVE-2016-8620
CVE-2016-8621
CVE-2016-8622
CVE-2016-8623
CVE-2016-8624
SUSE-SU-2016:2699-1
Platform(s):SUSE Linux Enterprise Desktop 12 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • curl-7.37.0-31.1 is installed
  • OR libcurl4-7.37.0-31.1 is installed
  • OR libcurl4-32bit-7.37.0-31.1 is installed
    • BACK