SUSE-SU-2018:1323-1 -- SLES curl, libcurl4ID: oval:org.secpod.oval:def:89002544 | Date: (C)2021-02-26 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for curl fixes the following issues: curl was updated to version 7.37.0 This update syncs the curl version to the one in SUSE Linux Enterprise 12 and is full binary compatible to the previous version. This update is done to allow other third party software like quot;Rquot; to be able to be used on the SUSE Linux Enterprise 11 codebase. Following security issues were fixed: - CVE-2018-1000120: A buffer overflow exists in the FTP URL handling that allowed an attacker to cause a denial of service or possible code execution . - CVE-2018-1000121: A NULL pointer dereference exists in the LDAP code that allowed an attacker to cause a denial of service . - CVE-2018-1000122: A buffer over-read exists in the RTSP+RTP handling code that allowed an attacker to cause a denial of service or information leakage . The package also requires a libopenssl that implements the DEFAULT_SUSE cipher list
Platform: |
SUSE Linux Enterprise Server 11 SP4 |