SUSE-SU-2023:2226-1

Details

This update for curl fixes the following issues:

CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231).
CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232).
CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233).
CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).

Affected Packages

SUSE:Enterprise Storage 6curl

Fixed in:

7.60.0-150000.51.1

SUSE:Enterprise Storage 6libcurl-devel

Fixed in:

7.60.0-150000.51.1

SUSE:Enterprise Storage 6libcurl4

Fixed in:

7.60.0-150000.51.1

SUSE:Enterprise Storage 6libcurl4-32bit

Fixed in:

7.60.0-150000.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSScurl

Fixed in:

7.60.0-150000.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSSlibcurl-devel

Fixed in:

7.60.0-150000.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSSlibcurl4

Fixed in:

7.60.0-150000.51.1

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSSlibcurl4-32bit

Fixed in:

7.60.0-150000.51.1

SUSE:Linux Enterprise Server 15 SP1-LTSScurl

Fixed in:

7.60.0-150000.51.1

SUSE:Linux Enterprise Server 15 SP1-LTSSlibcurl-devel

Fixed in:

7.60.0-150000.51.1

SUSE:Linux Enterprise Server 15 SP1-LTSSlibcurl4

Fixed in:

7.60.0-150000.51.1

SUSE:Linux Enterprise Server 15 SP1-LTSSlibcurl4-32bit

Fixed in:

7.60.0-150000.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP1curl

Fixed in:

7.60.0-150000.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP1libcurl-devel

Fixed in:

7.60.0-150000.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP1libcurl4

Fixed in:

7.60.0-150000.51.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP1libcurl4-32bit

Fixed in:

7.60.0-150000.51.1

References

SUSE-SU-2023:2226-1

Details

Affected Packages

References

Upstream

Related

Ecosystems

Timeline