Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-16840 (GCVE-0-2018-16840)
Vulnerability from cvelistv5 – Published: 2018-10-31 18:00 – Updated: 2026-04-16 14:08
VLAI
EPSS
Summary
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
Severity
4.3 (Medium)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201903-03 | vendor-advisoryx_refsource_GENTOO |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://github.com/curl/curl/commit/81d135d67155c… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1042013 | vdb-entryx_refsource_SECTRACK |
| https://curl.haxx.se/docs/CVE-2018-16840.html | x_refsource_MISC |
| https://usn.ubuntu.com/3805-1/ | vendor-advisoryx_refsource_UBUNTU |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Curl Project | curl |
Affected:
from 7.59.0 to 7.61.1
|
Date Public
2018-10-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:53.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201903-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f"
},
{
"name": "1042013",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.haxx.se/docs/CVE-2018-16840.html"
},
{
"name": "USN-3805-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3805-1/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-16840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T14:08:48.093326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T14:08:57.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "curl",
"vendor": "The Curl Project",
"versions": [
{
"status": "affected",
"version": "from 7.59.0 to 7.61.1"
}
]
}
],
"datePublic": "2018-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an \u0027easy\u0027 handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-11T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201903-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f"
},
{
"name": "1042013",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.haxx.se/docs/CVE-2018-16840.html"
},
{
"name": "USN-3805-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3805-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "curl",
"version": {
"version_data": [
{
"version_value": "from 7.59.0 to 7.61.1"
}
]
}
}
]
},
"vendor_name": "The Curl Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an \u0027easy\u0027 handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201903-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840"
},
{
"name": "https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f",
"refsource": "CONFIRM",
"url": "https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f"
},
{
"name": "1042013",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042013"
},
{
"name": "https://curl.haxx.se/docs/CVE-2018-16840.html",
"refsource": "MISC",
"url": "https://curl.haxx.se/docs/CVE-2018-16840.html"
},
{
"name": "USN-3805-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3805-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16840",
"datePublished": "2018-10-31T18:00:00.000Z",
"dateReserved": "2018-09-11T00:00:00.000Z",
"dateUpdated": "2026-04-16T14:08:57.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-16840",
"date": "2026-05-27",
"epss": "0.0029",
"percentile": "0.52482"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-16840\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-10-31T18:29:00.307\",\"lastModified\":\"2025-04-17T13:05:04.557\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an \u0027easy\u0027 handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un error de uso de memoria din\u00e1mica (heap) previamente liberada en Curl, desde la versi\u00f3n 7.59.0 hasta la 7.61.1, en el c\u00f3digo relacionado con el cierre de un controlador \\\"easy\\\". Al cerrar y limpiar un controlador \\\"easy\\\" en la funci\u00f3n \\\"Curl_close()\\\", el c\u00f3digo de la biblioteca libera, en primer lugar, un struct (sin pasar el puntero a null) y, despu\u00e9s, podr\u00eda escribir err\u00f3neamente en un campo struct dentro del struct ya liberado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.59.0\",\"versionEndExcluding\":\"7.62.0\",\"matchCriteriaId\":\"BA39901D-8EE5-4B6F-A0D3-43522D998003\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1042013\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://curl.haxx.se/docs/CVE-2018-16840.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201903-03\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3805-1/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1042013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://curl.haxx.se/docs/CVE-2018-16840.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201903-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3805-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.gentoo.org/glsa/201903-03\", \"name\": \"GLSA-201903-03\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1042013\", \"name\": \"1042013\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://curl.haxx.se/docs/CVE-2018-16840.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/3805-1/\", \"name\": \"USN-3805-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T10:32:53.993Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-16840\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-16T14:08:48.093326Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-16T14:08:53.378Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"The Curl Project\", \"product\": \"curl\", \"versions\": [{\"status\": \"affected\", \"version\": \"from 7.59.0 to 7.61.1\"}]}], \"datePublic\": \"2018-10-31T00:00:00.000Z\", \"references\": [{\"url\": \"https://security.gentoo.org/glsa/201903-03\", \"name\": \"GLSA-201903-03\", \"tags\": [\"vendor-advisory\", \"x_refsource_GENTOO\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securitytracker.com/id/1042013\", \"name\": \"1042013\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://curl.haxx.se/docs/CVE-2018-16840.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://usn.ubuntu.com/3805-1/\", \"name\": \"USN-3805-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an \u0027easy\u0027 handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2019-03-11T09:57:01.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": [[{\"version\": \"3.0\", \"vectorString\": \"4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\"}]]}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"from 7.59.0 to 7.61.1\"}]}, \"product_name\": \"curl\"}]}, \"vendor_name\": \"The Curl Project\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://security.gentoo.org/glsa/201903-03\", \"name\": \"GLSA-201903-03\", \"refsource\": \"GENTOO\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840\", \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f\", \"name\": \"https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securitytracker.com/id/1042013\", \"name\": \"1042013\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://curl.haxx.se/docs/CVE-2018-16840.html\", \"name\": \"https://curl.haxx.se/docs/CVE-2018-16840.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://usn.ubuntu.com/3805-1/\", \"name\": \"USN-3805-1\", \"refsource\": \"UBUNTU\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an \u0027easy\u0027 handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-416\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-16840\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert@redhat.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2018-16840\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-16T14:08:57.315Z\", \"dateReserved\": \"2018-09-11T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2018-10-31T18:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2018:3608-1
Vulnerability from csaf_suse - Published: 2018-11-02 16:09 - Updated: 2018-11-02 16:09Summary
Security update for curl
Severity
Moderate
Notes
Title of the patch: Security update for curl
Description of the patch: This update for curl fixes the following issues:
- CVE-2018-16840: A use after free in closing SASL handles was fixed (bsc#1112758)
- CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)
Patchnames: SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2563,SUSE-SLE-DESKTOP-12-SP3-2018-2563,SUSE-SLE-SDK-12-SP3-2018-2563,SUSE-SLE-SERVER-12-SP3-2018-2563
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:curl-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libcurl4-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:curl-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:libcurl4-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for curl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for curl fixes the following issues:\n\n- CVE-2018-16840: A use after free in closing SASL handles was fixed (bsc#1112758)\n- CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2563,SUSE-SLE-DESKTOP-12-SP3-2018-2563,SUSE-SLE-SDK-12-SP3-2018-2563,SUSE-SLE-SERVER-12-SP3-2018-2563",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3608-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3608-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183608-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3608-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004824.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112758",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "self",
"summary": "SUSE Bug 1113660",
"url": "https://bugzilla.suse.com/1113660"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16840 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16842 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16842/"
}
],
"title": "Security update for curl",
"tracking": {
"current_release_date": "2018-11-02T16:09:57Z",
"generator": {
"date": "2018-11-02T16:09:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3608-1",
"initial_release_date": "2018-11-02T16:09:57Z",
"revision_history": [
{
"date": "2018-11-02T16:09:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-7.37.0-37.31.1.aarch64",
"product": {
"name": "libcurl-devel-7.37.0-37.31.1.aarch64",
"product_id": "libcurl-devel-7.37.0-37.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "curl-7.37.0-37.31.1.aarch64",
"product": {
"name": "curl-7.37.0-37.31.1.aarch64",
"product_id": "curl-7.37.0-37.31.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.37.0-37.31.1.aarch64",
"product": {
"name": "libcurl4-7.37.0-37.31.1.aarch64",
"product_id": "libcurl4-7.37.0-37.31.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-7.37.0-37.31.1.ppc64le",
"product": {
"name": "libcurl-devel-7.37.0-37.31.1.ppc64le",
"product_id": "libcurl-devel-7.37.0-37.31.1.ppc64le"
}
},
{
"category": "product_version",
"name": "curl-7.37.0-37.31.1.ppc64le",
"product": {
"name": "curl-7.37.0-37.31.1.ppc64le",
"product_id": "curl-7.37.0-37.31.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-7.37.0-37.31.1.ppc64le",
"product": {
"name": "libcurl4-7.37.0-37.31.1.ppc64le",
"product_id": "libcurl4-7.37.0-37.31.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-7.37.0-37.31.1.s390x",
"product": {
"name": "libcurl-devel-7.37.0-37.31.1.s390x",
"product_id": "libcurl-devel-7.37.0-37.31.1.s390x"
}
},
{
"category": "product_version",
"name": "curl-7.37.0-37.31.1.s390x",
"product": {
"name": "curl-7.37.0-37.31.1.s390x",
"product_id": "curl-7.37.0-37.31.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-7.37.0-37.31.1.s390x",
"product": {
"name": "libcurl4-7.37.0-37.31.1.s390x",
"product_id": "libcurl4-7.37.0-37.31.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.37.0-37.31.1.s390x",
"product": {
"name": "libcurl4-32bit-7.37.0-37.31.1.s390x",
"product_id": "libcurl4-32bit-7.37.0-37.31.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.37.0-37.31.1.x86_64",
"product": {
"name": "curl-7.37.0-37.31.1.x86_64",
"product_id": "curl-7.37.0-37.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.37.0-37.31.1.x86_64",
"product": {
"name": "libcurl4-7.37.0-37.31.1.x86_64",
"product_id": "libcurl4-7.37.0-37.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.37.0-37.31.1.x86_64",
"product": {
"name": "libcurl4-32bit-7.37.0-37.31.1.x86_64",
"product_id": "libcurl4-32bit-7.37.0-37.31.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.37.0-37.31.1.x86_64",
"product": {
"name": "libcurl-devel-7.37.0-37.31.1.x86_64",
"product_id": "libcurl-devel-7.37.0-37.31.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-37.31.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:curl-7.37.0-37.31.1.x86_64"
},
"product_reference": "curl-7.37.0-37.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-37.31.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libcurl4-7.37.0-37.31.1.x86_64"
},
"product_reference": "libcurl4-7.37.0-37.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-37.31.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64"
},
"product_reference": "libcurl4-32bit-7.37.0-37.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.37.0-37.31.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.aarch64"
},
"product_reference": "libcurl-devel-7.37.0-37.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.37.0-37.31.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.ppc64le"
},
"product_reference": "libcurl-devel-7.37.0-37.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.37.0-37.31.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.s390x"
},
"product_reference": "libcurl-devel-7.37.0-37.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.37.0-37.31.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.x86_64"
},
"product_reference": "libcurl-devel-7.37.0-37.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-37.31.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.aarch64"
},
"product_reference": "curl-7.37.0-37.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-37.31.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.ppc64le"
},
"product_reference": "curl-7.37.0-37.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-37.31.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.s390x"
},
"product_reference": "curl-7.37.0-37.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-37.31.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.x86_64"
},
"product_reference": "curl-7.37.0-37.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-37.31.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.aarch64"
},
"product_reference": "libcurl4-7.37.0-37.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-37.31.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le"
},
"product_reference": "libcurl4-7.37.0-37.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-37.31.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.s390x"
},
"product_reference": "libcurl4-7.37.0-37.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-37.31.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.x86_64"
},
"product_reference": "libcurl4-7.37.0-37.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-37.31.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x"
},
"product_reference": "libcurl4-32bit-7.37.0-37.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-37.31.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64"
},
"product_reference": "libcurl4-32bit-7.37.0-37.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-37.31.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.aarch64"
},
"product_reference": "curl-7.37.0-37.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-37.31.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.ppc64le"
},
"product_reference": "curl-7.37.0-37.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-37.31.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.s390x"
},
"product_reference": "curl-7.37.0-37.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-37.31.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.x86_64"
},
"product_reference": "curl-7.37.0-37.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-37.31.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.aarch64"
},
"product_reference": "libcurl4-7.37.0-37.31.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-37.31.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le"
},
"product_reference": "libcurl4-7.37.0-37.31.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-37.31.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.s390x"
},
"product_reference": "libcurl4-7.37.0-37.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-37.31.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.x86_64"
},
"product_reference": "libcurl4-7.37.0-37.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-37.31.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x"
},
"product_reference": "libcurl4-32bit-7.37.0-37.31.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-37.31.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64"
},
"product_reference": "libcurl4-32bit-7.37.0-37.31.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16840"
}
],
"notes": [
{
"category": "general",
"text": "A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an \u0027easy\u0027 handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16840",
"url": "https://www.suse.com/security/cve/CVE-2018-16840"
},
{
"category": "external",
"summary": "SUSE Bug 1112758 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "external",
"summary": "SUSE Bug 1113029 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1113029"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-02T16:09:57Z",
"details": "moderate"
}
],
"title": "CVE-2018-16840"
},
{
"cve": "CVE-2018-16842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16842"
}
],
"notes": [
{
"category": "general",
"text": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16842",
"url": "https://www.suse.com/security/cve/CVE-2018-16842"
},
{
"category": "external",
"summary": "SUSE Bug 1113660 for CVE-2018-16842",
"url": "https://bugzilla.suse.com/1113660"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-16842",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:curl-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-32bit-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:libcurl4-7.37.0-37.31.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libcurl-devel-7.37.0-37.31.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-02T16:09:57Z",
"details": "moderate"
}
],
"title": "CVE-2018-16842"
}
]
}
SUSE-SU-2018:3624-1
Vulnerability from csaf_suse - Published: 2018-11-05 16:55 - Updated: 2018-11-05 16:55Summary
Security update for curl
Severity
Moderate
Notes
Title of the patch: Security update for curl
Description of the patch: This update for curl fixes the following issues:
- CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758)
- CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758)
- CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)
Patchnames: SUSE-SLE-Module-Basesystem-15-2018-2578,SUSE-SLE-Module-Development-Tools-OBS-15-2018-2578
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.14.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for curl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for curl fixes the following issues:\n\n- CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758)\n- CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758)\n- CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Basesystem-15-2018-2578,SUSE-SLE-Module-Development-Tools-OBS-15-2018-2578",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3624-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3624-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183624-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3624-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004831.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112758",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "self",
"summary": "SUSE Bug 1113660",
"url": "https://bugzilla.suse.com/1113660"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16839 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16840 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16842 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16842/"
}
],
"title": "Security update for curl",
"tracking": {
"current_release_date": "2018-11-05T16:55:38Z",
"generator": {
"date": "2018-11-05T16:55:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3624-1",
"initial_release_date": "2018-11-05T16:55:38Z",
"revision_history": [
{
"date": "2018-11-05T16:55:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "curl-7.60.0-3.14.3.aarch64",
"product": {
"name": "curl-7.60.0-3.14.3.aarch64",
"product_id": "curl-7.60.0-3.14.3.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.60.0-3.14.3.aarch64",
"product": {
"name": "libcurl-devel-7.60.0-3.14.3.aarch64",
"product_id": "libcurl-devel-7.60.0-3.14.3.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.60.0-3.14.3.aarch64",
"product": {
"name": "libcurl4-7.60.0-3.14.3.aarch64",
"product_id": "libcurl4-7.60.0-3.14.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.60.0-3.14.3.ppc64le",
"product": {
"name": "curl-7.60.0-3.14.3.ppc64le",
"product_id": "curl-7.60.0-3.14.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.60.0-3.14.3.ppc64le",
"product": {
"name": "libcurl-devel-7.60.0-3.14.3.ppc64le",
"product_id": "libcurl-devel-7.60.0-3.14.3.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-7.60.0-3.14.3.ppc64le",
"product": {
"name": "libcurl4-7.60.0-3.14.3.ppc64le",
"product_id": "libcurl4-7.60.0-3.14.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.60.0-3.14.3.s390x",
"product": {
"name": "curl-7.60.0-3.14.3.s390x",
"product_id": "curl-7.60.0-3.14.3.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.60.0-3.14.3.s390x",
"product": {
"name": "libcurl-devel-7.60.0-3.14.3.s390x",
"product_id": "libcurl-devel-7.60.0-3.14.3.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-7.60.0-3.14.3.s390x",
"product": {
"name": "libcurl4-7.60.0-3.14.3.s390x",
"product_id": "libcurl4-7.60.0-3.14.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.60.0-3.14.3.x86_64",
"product": {
"name": "curl-7.60.0-3.14.3.x86_64",
"product_id": "curl-7.60.0-3.14.3.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.60.0-3.14.3.x86_64",
"product": {
"name": "libcurl-devel-7.60.0-3.14.3.x86_64",
"product_id": "libcurl-devel-7.60.0-3.14.3.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.60.0-3.14.3.x86_64",
"product": {
"name": "libcurl4-7.60.0-3.14.3.x86_64",
"product_id": "libcurl4-7.60.0-3.14.3.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.60.0-3.14.3.x86_64",
"product": {
"name": "libcurl4-32bit-7.60.0-3.14.3.x86_64",
"product_id": "libcurl4-32bit-7.60.0-3.14.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.60.0-3.14.3.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.aarch64"
},
"product_reference": "curl-7.60.0-3.14.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.60.0-3.14.3.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.ppc64le"
},
"product_reference": "curl-7.60.0-3.14.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.60.0-3.14.3.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.s390x"
},
"product_reference": "curl-7.60.0-3.14.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.60.0-3.14.3.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.x86_64"
},
"product_reference": "curl-7.60.0-3.14.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.60.0-3.14.3.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.aarch64"
},
"product_reference": "libcurl-devel-7.60.0-3.14.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.60.0-3.14.3.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.ppc64le"
},
"product_reference": "libcurl-devel-7.60.0-3.14.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.60.0-3.14.3.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.s390x"
},
"product_reference": "libcurl-devel-7.60.0-3.14.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.60.0-3.14.3.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.x86_64"
},
"product_reference": "libcurl-devel-7.60.0-3.14.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.60.0-3.14.3.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.aarch64"
},
"product_reference": "libcurl4-7.60.0-3.14.3.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.60.0-3.14.3.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.ppc64le"
},
"product_reference": "libcurl4-7.60.0-3.14.3.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.60.0-3.14.3.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.s390x"
},
"product_reference": "libcurl4-7.60.0-3.14.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.60.0-3.14.3.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.x86_64"
},
"product_reference": "libcurl4-7.60.0-3.14.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.60.0-3.14.3.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.14.3.x86_64"
},
"product_reference": "libcurl4-32bit-7.60.0-3.14.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16839"
}
],
"notes": [
{
"category": "general",
"text": "Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16839",
"url": "https://www.suse.com/security/cve/CVE-2018-16839"
},
{
"category": "external",
"summary": "SUSE Bug 1112758 for CVE-2018-16839",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "external",
"summary": "SUSE Bug 1113029 for CVE-2018-16839",
"url": "https://bugzilla.suse.com/1113029"
},
{
"category": "external",
"summary": "SUSE Bug 1131886 for CVE-2018-16839",
"url": "https://bugzilla.suse.com/1131886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-05T16:55:38Z",
"details": "moderate"
}
],
"title": "CVE-2018-16839"
},
{
"cve": "CVE-2018-16840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16840"
}
],
"notes": [
{
"category": "general",
"text": "A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an \u0027easy\u0027 handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16840",
"url": "https://www.suse.com/security/cve/CVE-2018-16840"
},
{
"category": "external",
"summary": "SUSE Bug 1112758 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "external",
"summary": "SUSE Bug 1113029 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1113029"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-05T16:55:38Z",
"details": "moderate"
}
],
"title": "CVE-2018-16840"
},
{
"cve": "CVE-2018-16842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16842"
}
],
"notes": [
{
"category": "general",
"text": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16842",
"url": "https://www.suse.com/security/cve/CVE-2018-16842"
},
{
"category": "external",
"summary": "SUSE Bug 1113660 for CVE-2018-16842",
"url": "https://bugzilla.suse.com/1113660"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-16842",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:curl-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl-devel-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-32bit-7.60.0-3.14.3.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libcurl4-7.60.0-3.14.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-05T16:55:38Z",
"details": "moderate"
}
],
"title": "CVE-2018-16842"
}
]
}
SUSE-SU-2018:3681-1
Vulnerability from csaf_suse - Published: 2018-11-08 16:55 - Updated: 2018-11-08 16:55Summary
Security update for curl
Severity
Moderate
Notes
Title of the patch: Security update for curl
Description of the patch: This update for curl fixes the following issues:
- CVE-2018-16840: A use-after-free in SASL handle close was fixed (bsc#1112758)
- CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)
Patchnames: sdksp4-curl-13861,secsp3-curl-13861,slessp4-curl-13861
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-x86-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-x86-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
15 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for curl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for curl fixes the following issues:\n\n- CVE-2018-16840: A use-after-free in SASL handle close was fixed (bsc#1112758)\n- CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-curl-13861,secsp3-curl-13861,slessp4-curl-13861",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3681-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3681-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183681-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3681-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004839.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112758",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "self",
"summary": "SUSE Bug 1113660",
"url": "https://bugzilla.suse.com/1113660"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16840 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16842 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16842/"
}
],
"title": "Security update for curl",
"tracking": {
"current_release_date": "2018-11-08T16:55:53Z",
"generator": {
"date": "2018-11-08T16:55:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3681-1",
"initial_release_date": "2018-11-08T16:55:53Z",
"revision_history": [
{
"date": "2018-11-08T16:55:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-7.37.0-70.38.1.i586",
"product": {
"name": "libcurl-devel-7.37.0-70.38.1.i586",
"product_id": "libcurl-devel-7.37.0-70.38.1.i586"
}
},
{
"category": "product_version",
"name": "curl-openssl1-7.37.0-70.38.1.i586",
"product": {
"name": "curl-openssl1-7.37.0-70.38.1.i586",
"product_id": "curl-openssl1-7.37.0-70.38.1.i586"
}
},
{
"category": "product_version",
"name": "libcurl4-openssl1-7.37.0-70.38.1.i586",
"product": {
"name": "libcurl4-openssl1-7.37.0-70.38.1.i586",
"product_id": "libcurl4-openssl1-7.37.0-70.38.1.i586"
}
},
{
"category": "product_version",
"name": "curl-7.37.0-70.38.1.i586",
"product": {
"name": "curl-7.37.0-70.38.1.i586",
"product_id": "curl-7.37.0-70.38.1.i586"
}
},
{
"category": "product_version",
"name": "libcurl4-7.37.0-70.38.1.i586",
"product": {
"name": "libcurl4-7.37.0-70.38.1.i586",
"product_id": "libcurl4-7.37.0-70.38.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-7.37.0-70.38.1.ia64",
"product": {
"name": "libcurl-devel-7.37.0-70.38.1.ia64",
"product_id": "libcurl-devel-7.37.0-70.38.1.ia64"
}
},
{
"category": "product_version",
"name": "curl-openssl1-7.37.0-70.38.1.ia64",
"product": {
"name": "curl-openssl1-7.37.0-70.38.1.ia64",
"product_id": "curl-openssl1-7.37.0-70.38.1.ia64"
}
},
{
"category": "product_version",
"name": "libcurl4-openssl1-7.37.0-70.38.1.ia64",
"product": {
"name": "libcurl4-openssl1-7.37.0-70.38.1.ia64",
"product_id": "libcurl4-openssl1-7.37.0-70.38.1.ia64"
}
},
{
"category": "product_version",
"name": "libcurl4-openssl1-x86-7.37.0-70.38.1.ia64",
"product": {
"name": "libcurl4-openssl1-x86-7.37.0-70.38.1.ia64",
"product_id": "libcurl4-openssl1-x86-7.37.0-70.38.1.ia64"
}
},
{
"category": "product_version",
"name": "curl-7.37.0-70.38.1.ia64",
"product": {
"name": "curl-7.37.0-70.38.1.ia64",
"product_id": "curl-7.37.0-70.38.1.ia64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.37.0-70.38.1.ia64",
"product": {
"name": "libcurl4-7.37.0-70.38.1.ia64",
"product_id": "libcurl4-7.37.0-70.38.1.ia64"
}
},
{
"category": "product_version",
"name": "libcurl4-x86-7.37.0-70.38.1.ia64",
"product": {
"name": "libcurl4-x86-7.37.0-70.38.1.ia64",
"product_id": "libcurl4-x86-7.37.0-70.38.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-7.37.0-70.38.1.ppc64",
"product": {
"name": "libcurl-devel-7.37.0-70.38.1.ppc64",
"product_id": "libcurl-devel-7.37.0-70.38.1.ppc64"
}
},
{
"category": "product_version",
"name": "curl-openssl1-7.37.0-70.38.1.ppc64",
"product": {
"name": "curl-openssl1-7.37.0-70.38.1.ppc64",
"product_id": "curl-openssl1-7.37.0-70.38.1.ppc64"
}
},
{
"category": "product_version",
"name": "libcurl4-openssl1-7.37.0-70.38.1.ppc64",
"product": {
"name": "libcurl4-openssl1-7.37.0-70.38.1.ppc64",
"product_id": "libcurl4-openssl1-7.37.0-70.38.1.ppc64"
}
},
{
"category": "product_version",
"name": "libcurl4-openssl1-32bit-7.37.0-70.38.1.ppc64",
"product": {
"name": "libcurl4-openssl1-32bit-7.37.0-70.38.1.ppc64",
"product_id": "libcurl4-openssl1-32bit-7.37.0-70.38.1.ppc64"
}
},
{
"category": "product_version",
"name": "curl-7.37.0-70.38.1.ppc64",
"product": {
"name": "curl-7.37.0-70.38.1.ppc64",
"product_id": "curl-7.37.0-70.38.1.ppc64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.37.0-70.38.1.ppc64",
"product": {
"name": "libcurl4-7.37.0-70.38.1.ppc64",
"product_id": "libcurl4-7.37.0-70.38.1.ppc64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.37.0-70.38.1.ppc64",
"product": {
"name": "libcurl4-32bit-7.37.0-70.38.1.ppc64",
"product_id": "libcurl4-32bit-7.37.0-70.38.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-7.37.0-70.38.1.s390x",
"product": {
"name": "libcurl-devel-7.37.0-70.38.1.s390x",
"product_id": "libcurl-devel-7.37.0-70.38.1.s390x"
}
},
{
"category": "product_version",
"name": "curl-openssl1-7.37.0-70.38.1.s390x",
"product": {
"name": "curl-openssl1-7.37.0-70.38.1.s390x",
"product_id": "curl-openssl1-7.37.0-70.38.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-openssl1-7.37.0-70.38.1.s390x",
"product": {
"name": "libcurl4-openssl1-7.37.0-70.38.1.s390x",
"product_id": "libcurl4-openssl1-7.37.0-70.38.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-openssl1-32bit-7.37.0-70.38.1.s390x",
"product": {
"name": "libcurl4-openssl1-32bit-7.37.0-70.38.1.s390x",
"product_id": "libcurl4-openssl1-32bit-7.37.0-70.38.1.s390x"
}
},
{
"category": "product_version",
"name": "curl-7.37.0-70.38.1.s390x",
"product": {
"name": "curl-7.37.0-70.38.1.s390x",
"product_id": "curl-7.37.0-70.38.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-7.37.0-70.38.1.s390x",
"product": {
"name": "libcurl4-7.37.0-70.38.1.s390x",
"product_id": "libcurl4-7.37.0-70.38.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.37.0-70.38.1.s390x",
"product": {
"name": "libcurl4-32bit-7.37.0-70.38.1.s390x",
"product_id": "libcurl4-32bit-7.37.0-70.38.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-7.37.0-70.38.1.x86_64",
"product": {
"name": "libcurl-devel-7.37.0-70.38.1.x86_64",
"product_id": "libcurl-devel-7.37.0-70.38.1.x86_64"
}
},
{
"category": "product_version",
"name": "curl-openssl1-7.37.0-70.38.1.x86_64",
"product": {
"name": "curl-openssl1-7.37.0-70.38.1.x86_64",
"product_id": "curl-openssl1-7.37.0-70.38.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-openssl1-7.37.0-70.38.1.x86_64",
"product": {
"name": "libcurl4-openssl1-7.37.0-70.38.1.x86_64",
"product_id": "libcurl4-openssl1-7.37.0-70.38.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-openssl1-32bit-7.37.0-70.38.1.x86_64",
"product": {
"name": "libcurl4-openssl1-32bit-7.37.0-70.38.1.x86_64",
"product_id": "libcurl4-openssl1-32bit-7.37.0-70.38.1.x86_64"
}
},
{
"category": "product_version",
"name": "curl-7.37.0-70.38.1.x86_64",
"product": {
"name": "curl-7.37.0-70.38.1.x86_64",
"product_id": "curl-7.37.0-70.38.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.37.0-70.38.1.x86_64",
"product": {
"name": "libcurl4-7.37.0-70.38.1.x86_64",
"product_id": "libcurl4-7.37.0-70.38.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.37.0-70.38.1.x86_64",
"product": {
"name": "libcurl4-32bit-7.37.0-70.38.1.x86_64",
"product_id": "libcurl4-32bit-7.37.0-70.38.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11-SECURITY",
"product": {
"name": "SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:11:security"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.37.0-70.38.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.i586"
},
"product_reference": "libcurl-devel-7.37.0-70.38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.37.0-70.38.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ia64"
},
"product_reference": "libcurl-devel-7.37.0-70.38.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.37.0-70.38.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ppc64"
},
"product_reference": "libcurl-devel-7.37.0-70.38.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.37.0-70.38.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.s390x"
},
"product_reference": "libcurl-devel-7.37.0-70.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.37.0-70.38.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.x86_64"
},
"product_reference": "libcurl-devel-7.37.0-70.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-openssl1-7.37.0-70.38.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.i586"
},
"product_reference": "curl-openssl1-7.37.0-70.38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-openssl1-7.37.0-70.38.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ia64"
},
"product_reference": "curl-openssl1-7.37.0-70.38.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-openssl1-7.37.0-70.38.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ppc64"
},
"product_reference": "curl-openssl1-7.37.0-70.38.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-openssl1-7.37.0-70.38.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.s390x"
},
"product_reference": "curl-openssl1-7.37.0-70.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-openssl1-7.37.0-70.38.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.x86_64"
},
"product_reference": "curl-openssl1-7.37.0-70.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-openssl1-7.37.0-70.38.1.i586 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.i586"
},
"product_reference": "libcurl4-openssl1-7.37.0-70.38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-openssl1-7.37.0-70.38.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ia64"
},
"product_reference": "libcurl4-openssl1-7.37.0-70.38.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-openssl1-7.37.0-70.38.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ppc64"
},
"product_reference": "libcurl4-openssl1-7.37.0-70.38.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-openssl1-7.37.0-70.38.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.s390x"
},
"product_reference": "libcurl4-openssl1-7.37.0-70.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-openssl1-7.37.0-70.38.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.x86_64"
},
"product_reference": "libcurl4-openssl1-7.37.0-70.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-openssl1-32bit-7.37.0-70.38.1.ppc64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.ppc64"
},
"product_reference": "libcurl4-openssl1-32bit-7.37.0-70.38.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-openssl1-32bit-7.37.0-70.38.1.s390x as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.s390x"
},
"product_reference": "libcurl4-openssl1-32bit-7.37.0-70.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-openssl1-32bit-7.37.0-70.38.1.x86_64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.x86_64"
},
"product_reference": "libcurl4-openssl1-32bit-7.37.0-70.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-openssl1-x86-7.37.0-70.38.1.ia64 as component of SUSE Linux Enterprise Server 11-SECURITY",
"product_id": "SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-x86-7.37.0-70.38.1.ia64"
},
"product_reference": "libcurl4-openssl1-x86-7.37.0-70.38.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11-SECURITY"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-70.38.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.i586"
},
"product_reference": "curl-7.37.0-70.38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-70.38.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ia64"
},
"product_reference": "curl-7.37.0-70.38.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-70.38.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ppc64"
},
"product_reference": "curl-7.37.0-70.38.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-70.38.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.s390x"
},
"product_reference": "curl-7.37.0-70.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-70.38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.x86_64"
},
"product_reference": "curl-7.37.0-70.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-70.38.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.i586"
},
"product_reference": "libcurl4-7.37.0-70.38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-70.38.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ia64"
},
"product_reference": "libcurl4-7.37.0-70.38.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-70.38.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ppc64"
},
"product_reference": "libcurl4-7.37.0-70.38.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-70.38.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.s390x"
},
"product_reference": "libcurl4-7.37.0-70.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-70.38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.x86_64"
},
"product_reference": "libcurl4-7.37.0-70.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-70.38.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64"
},
"product_reference": "libcurl4-32bit-7.37.0-70.38.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-70.38.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x"
},
"product_reference": "libcurl4-32bit-7.37.0-70.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-70.38.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64"
},
"product_reference": "libcurl4-32bit-7.37.0-70.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-x86-7.37.0-70.38.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64"
},
"product_reference": "libcurl4-x86-7.37.0-70.38.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-70.38.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.i586"
},
"product_reference": "curl-7.37.0-70.38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-70.38.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ia64"
},
"product_reference": "curl-7.37.0-70.38.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-70.38.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ppc64"
},
"product_reference": "curl-7.37.0-70.38.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-70.38.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.s390x"
},
"product_reference": "curl-7.37.0-70.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-70.38.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.x86_64"
},
"product_reference": "curl-7.37.0-70.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-70.38.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.i586"
},
"product_reference": "libcurl4-7.37.0-70.38.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-70.38.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ia64"
},
"product_reference": "libcurl4-7.37.0-70.38.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-70.38.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ppc64"
},
"product_reference": "libcurl4-7.37.0-70.38.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-70.38.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.s390x"
},
"product_reference": "libcurl4-7.37.0-70.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-70.38.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.x86_64"
},
"product_reference": "libcurl4-7.37.0-70.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-70.38.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64"
},
"product_reference": "libcurl4-32bit-7.37.0-70.38.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-70.38.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x"
},
"product_reference": "libcurl4-32bit-7.37.0-70.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-70.38.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64"
},
"product_reference": "libcurl4-32bit-7.37.0-70.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-x86-7.37.0-70.38.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64"
},
"product_reference": "libcurl4-x86-7.37.0-70.38.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16840"
}
],
"notes": [
{
"category": "general",
"text": "A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an \u0027easy\u0027 handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16840",
"url": "https://www.suse.com/security/cve/CVE-2018-16840"
},
{
"category": "external",
"summary": "SUSE Bug 1112758 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "external",
"summary": "SUSE Bug 1113029 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1113029"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-08T16:55:53Z",
"details": "moderate"
}
],
"title": "CVE-2018-16840"
},
{
"cve": "CVE-2018-16842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16842"
}
],
"notes": [
{
"category": "general",
"text": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16842",
"url": "https://www.suse.com/security/cve/CVE-2018-16842"
},
{
"category": "external",
"summary": "SUSE Bug 1113660 for CVE-2018-16842",
"url": "https://bugzilla.suse.com/1113660"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-16842",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:curl-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:curl-openssl1-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server 11-SECURITY:libcurl4-openssl1-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.37.0-70.38.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-x86-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.37.0-70.38.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-08T16:55:53Z",
"details": "moderate"
}
],
"title": "CVE-2018-16842"
}
]
}
SUSE-SU-2019:0339-1
Vulnerability from csaf_suse - Published: 2019-02-13 07:33 - Updated: 2019-02-13 07:33Summary
Security update for curl
Severity
Important
Notes
Title of the patch: Security update for curl
Description of the patch: This update for curl fixes the following issues:
Security issues fixed:
- CVE-2019-3822: Fixed a NTLMv2 type-3 header stack buffer overflow (bsc#1123377).
- CVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response (bsc#1123378).
- CVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 (bsc#1123371).
- CVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c (bsc#1113660).
- CVE-2018-16840: Fixed a use-after-free in handle close (bsc#1113029).
- CVE-2018-16839: Fixed an SASL password overflow caused by an integer overflow (bsc#1112758).
Patchnames: SUSE-2019-339,SUSE-SLE-DESKTOP-12-SP4-2019-339,SUSE-SLE-SDK-12-SP4-2019-339,SUSE-SLE-SERVER-12-SP4-2019-339
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for curl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for curl fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-3822: Fixed a NTLMv2 type-3 header stack buffer overflow (bsc#1123377).\n- CVE-2019-3823: Fixed an out-of-bounds read in the SMTP end-of-response (bsc#1123378).\n- CVE-2018-16890: Fixed an out-of-bounds buffer read in NTLM type2 (bsc#1123371). \n- CVE-2018-16842: Fixed an out-of-bounds read in tool_msgs.c (bsc#1113660).\n- CVE-2018-16840: Fixed a use-after-free in handle close (bsc#1113029).\n- CVE-2018-16839: Fixed an SASL password overflow caused by an integer overflow (bsc#1112758).\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-339,SUSE-SLE-DESKTOP-12-SP4-2019-339,SUSE-SLE-SDK-12-SP4-2019-339,SUSE-SLE-SERVER-12-SP4-2019-339",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0339-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0339-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190339-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0339-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005111.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112758",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "self",
"summary": "SUSE Bug 1113029",
"url": "https://bugzilla.suse.com/1113029"
},
{
"category": "self",
"summary": "SUSE Bug 1113660",
"url": "https://bugzilla.suse.com/1113660"
},
{
"category": "self",
"summary": "SUSE Bug 1123371",
"url": "https://bugzilla.suse.com/1123371"
},
{
"category": "self",
"summary": "SUSE Bug 1123377",
"url": "https://bugzilla.suse.com/1123377"
},
{
"category": "self",
"summary": "SUSE Bug 1123378",
"url": "https://bugzilla.suse.com/1123378"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16839 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16840 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16842 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16890 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3822 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3822/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3823 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3823/"
}
],
"title": "Security update for curl",
"tracking": {
"current_release_date": "2019-02-13T07:33:54Z",
"generator": {
"date": "2019-02-13T07:33:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0339-1",
"initial_release_date": "2019-02-13T07:33:54Z",
"revision_history": [
{
"date": "2019-02-13T07:33:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "curl-7.60.0-4.3.1.aarch64",
"product": {
"name": "curl-7.60.0-4.3.1.aarch64",
"product_id": "curl-7.60.0-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "curl-mini-7.60.0-4.3.1.aarch64",
"product": {
"name": "curl-mini-7.60.0-4.3.1.aarch64",
"product_id": "curl-mini-7.60.0-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.60.0-4.3.1.aarch64",
"product": {
"name": "libcurl-devel-7.60.0-4.3.1.aarch64",
"product_id": "libcurl-devel-7.60.0-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-mini-devel-7.60.0-4.3.1.aarch64",
"product": {
"name": "libcurl-mini-devel-7.60.0-4.3.1.aarch64",
"product_id": "libcurl-mini-devel-7.60.0-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.60.0-4.3.1.aarch64",
"product": {
"name": "libcurl4-7.60.0-4.3.1.aarch64",
"product_id": "libcurl4-7.60.0-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-mini-7.60.0-4.3.1.aarch64",
"product": {
"name": "libcurl4-mini-7.60.0-4.3.1.aarch64",
"product_id": "libcurl4-mini-7.60.0-4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-64bit-7.60.0-4.3.1.aarch64_ilp32",
"product": {
"name": "libcurl-devel-64bit-7.60.0-4.3.1.aarch64_ilp32",
"product_id": "libcurl-devel-64bit-7.60.0-4.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libcurl4-64bit-7.60.0-4.3.1.aarch64_ilp32",
"product": {
"name": "libcurl4-64bit-7.60.0-4.3.1.aarch64_ilp32",
"product_id": "libcurl4-64bit-7.60.0-4.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.60.0-4.3.1.i586",
"product": {
"name": "curl-7.60.0-4.3.1.i586",
"product_id": "curl-7.60.0-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "curl-mini-7.60.0-4.3.1.i586",
"product": {
"name": "curl-mini-7.60.0-4.3.1.i586",
"product_id": "curl-mini-7.60.0-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.60.0-4.3.1.i586",
"product": {
"name": "libcurl-devel-7.60.0-4.3.1.i586",
"product_id": "libcurl-devel-7.60.0-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "libcurl-mini-devel-7.60.0-4.3.1.i586",
"product": {
"name": "libcurl-mini-devel-7.60.0-4.3.1.i586",
"product_id": "libcurl-mini-devel-7.60.0-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "libcurl4-7.60.0-4.3.1.i586",
"product": {
"name": "libcurl4-7.60.0-4.3.1.i586",
"product_id": "libcurl4-7.60.0-4.3.1.i586"
}
},
{
"category": "product_version",
"name": "libcurl4-mini-7.60.0-4.3.1.i586",
"product": {
"name": "libcurl4-mini-7.60.0-4.3.1.i586",
"product_id": "libcurl4-mini-7.60.0-4.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.60.0-4.3.1.ppc64le",
"product": {
"name": "curl-7.60.0-4.3.1.ppc64le",
"product_id": "curl-7.60.0-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "curl-mini-7.60.0-4.3.1.ppc64le",
"product": {
"name": "curl-mini-7.60.0-4.3.1.ppc64le",
"product_id": "curl-mini-7.60.0-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.60.0-4.3.1.ppc64le",
"product": {
"name": "libcurl-devel-7.60.0-4.3.1.ppc64le",
"product_id": "libcurl-devel-7.60.0-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-mini-devel-7.60.0-4.3.1.ppc64le",
"product": {
"name": "libcurl-mini-devel-7.60.0-4.3.1.ppc64le",
"product_id": "libcurl-mini-devel-7.60.0-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-7.60.0-4.3.1.ppc64le",
"product": {
"name": "libcurl4-7.60.0-4.3.1.ppc64le",
"product_id": "libcurl4-7.60.0-4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-mini-7.60.0-4.3.1.ppc64le",
"product": {
"name": "libcurl4-mini-7.60.0-4.3.1.ppc64le",
"product_id": "libcurl4-mini-7.60.0-4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.60.0-4.3.1.s390",
"product": {
"name": "curl-7.60.0-4.3.1.s390",
"product_id": "curl-7.60.0-4.3.1.s390"
}
},
{
"category": "product_version",
"name": "curl-mini-7.60.0-4.3.1.s390",
"product": {
"name": "curl-mini-7.60.0-4.3.1.s390",
"product_id": "curl-mini-7.60.0-4.3.1.s390"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.60.0-4.3.1.s390",
"product": {
"name": "libcurl-devel-7.60.0-4.3.1.s390",
"product_id": "libcurl-devel-7.60.0-4.3.1.s390"
}
},
{
"category": "product_version",
"name": "libcurl-mini-devel-7.60.0-4.3.1.s390",
"product": {
"name": "libcurl-mini-devel-7.60.0-4.3.1.s390",
"product_id": "libcurl-mini-devel-7.60.0-4.3.1.s390"
}
},
{
"category": "product_version",
"name": "libcurl4-7.60.0-4.3.1.s390",
"product": {
"name": "libcurl4-7.60.0-4.3.1.s390",
"product_id": "libcurl4-7.60.0-4.3.1.s390"
}
},
{
"category": "product_version",
"name": "libcurl4-mini-7.60.0-4.3.1.s390",
"product": {
"name": "libcurl4-mini-7.60.0-4.3.1.s390",
"product_id": "libcurl4-mini-7.60.0-4.3.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.60.0-4.3.1.s390x",
"product": {
"name": "curl-7.60.0-4.3.1.s390x",
"product_id": "curl-7.60.0-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "curl-mini-7.60.0-4.3.1.s390x",
"product": {
"name": "curl-mini-7.60.0-4.3.1.s390x",
"product_id": "curl-mini-7.60.0-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.60.0-4.3.1.s390x",
"product": {
"name": "libcurl-devel-7.60.0-4.3.1.s390x",
"product_id": "libcurl-devel-7.60.0-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.60.0-4.3.1.s390x",
"product": {
"name": "libcurl-devel-32bit-7.60.0-4.3.1.s390x",
"product_id": "libcurl-devel-32bit-7.60.0-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-mini-devel-7.60.0-4.3.1.s390x",
"product": {
"name": "libcurl-mini-devel-7.60.0-4.3.1.s390x",
"product_id": "libcurl-mini-devel-7.60.0-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-7.60.0-4.3.1.s390x",
"product": {
"name": "libcurl4-7.60.0-4.3.1.s390x",
"product_id": "libcurl4-7.60.0-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.60.0-4.3.1.s390x",
"product": {
"name": "libcurl4-32bit-7.60.0-4.3.1.s390x",
"product_id": "libcurl4-32bit-7.60.0-4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-mini-7.60.0-4.3.1.s390x",
"product": {
"name": "libcurl4-mini-7.60.0-4.3.1.s390x",
"product_id": "libcurl4-mini-7.60.0-4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.60.0-4.3.1.x86_64",
"product": {
"name": "curl-7.60.0-4.3.1.x86_64",
"product_id": "curl-7.60.0-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "curl-mini-7.60.0-4.3.1.x86_64",
"product": {
"name": "curl-mini-7.60.0-4.3.1.x86_64",
"product_id": "curl-mini-7.60.0-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.60.0-4.3.1.x86_64",
"product": {
"name": "libcurl-devel-7.60.0-4.3.1.x86_64",
"product_id": "libcurl-devel-7.60.0-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.60.0-4.3.1.x86_64",
"product": {
"name": "libcurl-devel-32bit-7.60.0-4.3.1.x86_64",
"product_id": "libcurl-devel-32bit-7.60.0-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-mini-devel-7.60.0-4.3.1.x86_64",
"product": {
"name": "libcurl-mini-devel-7.60.0-4.3.1.x86_64",
"product_id": "libcurl-mini-devel-7.60.0-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.60.0-4.3.1.x86_64",
"product": {
"name": "libcurl4-7.60.0-4.3.1.x86_64",
"product_id": "libcurl4-7.60.0-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.60.0-4.3.1.x86_64",
"product": {
"name": "libcurl4-32bit-7.60.0-4.3.1.x86_64",
"product_id": "libcurl4-32bit-7.60.0-4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-mini-7.60.0-4.3.1.x86_64",
"product": {
"name": "libcurl4-mini-7.60.0-4.3.1.x86_64",
"product_id": "libcurl4-mini-7.60.0-4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.60.0-4.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64"
},
"product_reference": "curl-7.60.0-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.60.0-4.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64"
},
"product_reference": "libcurl4-7.60.0-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.60.0-4.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64"
},
"product_reference": "libcurl4-32bit-7.60.0-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.60.0-4.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64"
},
"product_reference": "libcurl-devel-7.60.0-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.60.0-4.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le"
},
"product_reference": "libcurl-devel-7.60.0-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.60.0-4.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x"
},
"product_reference": "libcurl-devel-7.60.0-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.60.0-4.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
},
"product_reference": "libcurl-devel-7.60.0-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.60.0-4.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64"
},
"product_reference": "curl-7.60.0-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.60.0-4.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le"
},
"product_reference": "curl-7.60.0-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.60.0-4.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x"
},
"product_reference": "curl-7.60.0-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.60.0-4.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64"
},
"product_reference": "curl-7.60.0-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.60.0-4.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64"
},
"product_reference": "libcurl4-7.60.0-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.60.0-4.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le"
},
"product_reference": "libcurl4-7.60.0-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.60.0-4.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x"
},
"product_reference": "libcurl4-7.60.0-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.60.0-4.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64"
},
"product_reference": "libcurl4-7.60.0-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.60.0-4.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x"
},
"product_reference": "libcurl4-32bit-7.60.0-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.60.0-4.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64"
},
"product_reference": "libcurl4-32bit-7.60.0-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.60.0-4.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64"
},
"product_reference": "curl-7.60.0-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.60.0-4.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le"
},
"product_reference": "curl-7.60.0-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.60.0-4.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x"
},
"product_reference": "curl-7.60.0-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.60.0-4.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64"
},
"product_reference": "curl-7.60.0-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.60.0-4.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64"
},
"product_reference": "libcurl4-7.60.0-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.60.0-4.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le"
},
"product_reference": "libcurl4-7.60.0-4.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.60.0-4.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x"
},
"product_reference": "libcurl4-7.60.0-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.60.0-4.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64"
},
"product_reference": "libcurl4-7.60.0-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.60.0-4.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x"
},
"product_reference": "libcurl4-32bit-7.60.0-4.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.60.0-4.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64"
},
"product_reference": "libcurl4-32bit-7.60.0-4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16839"
}
],
"notes": [
{
"category": "general",
"text": "Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16839",
"url": "https://www.suse.com/security/cve/CVE-2018-16839"
},
{
"category": "external",
"summary": "SUSE Bug 1112758 for CVE-2018-16839",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "external",
"summary": "SUSE Bug 1113029 for CVE-2018-16839",
"url": "https://bugzilla.suse.com/1113029"
},
{
"category": "external",
"summary": "SUSE Bug 1131886 for CVE-2018-16839",
"url": "https://bugzilla.suse.com/1131886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-13T07:33:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-16839"
},
{
"cve": "CVE-2018-16840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16840"
}
],
"notes": [
{
"category": "general",
"text": "A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an \u0027easy\u0027 handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16840",
"url": "https://www.suse.com/security/cve/CVE-2018-16840"
},
{
"category": "external",
"summary": "SUSE Bug 1112758 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "external",
"summary": "SUSE Bug 1113029 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1113029"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-13T07:33:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-16840"
},
{
"cve": "CVE-2018-16842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16842"
}
],
"notes": [
{
"category": "general",
"text": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16842",
"url": "https://www.suse.com/security/cve/CVE-2018-16842"
},
{
"category": "external",
"summary": "SUSE Bug 1113660 for CVE-2018-16842",
"url": "https://bugzilla.suse.com/1113660"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-16842",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-13T07:33:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-16842"
},
{
"cve": "CVE-2018-16890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16890"
}
],
"notes": [
{
"category": "general",
"text": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16890",
"url": "https://www.suse.com/security/cve/CVE-2018-16890"
},
{
"category": "external",
"summary": "SUSE Bug 1123371 for CVE-2018-16890",
"url": "https://bugzilla.suse.com/1123371"
},
{
"category": "external",
"summary": "SUSE Bug 1123378 for CVE-2018-16890",
"url": "https://bugzilla.suse.com/1123378"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2018-16890",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-13T07:33:54Z",
"details": "low"
}
],
"title": "CVE-2018-16890"
},
{
"cve": "CVE-2019-3822",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3822"
}
],
"notes": [
{
"category": "general",
"text": "libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large \u0027nt response\u0027 data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a \u0027large value\u0027 needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3822",
"url": "https://www.suse.com/security/cve/CVE-2019-3822"
},
{
"category": "external",
"summary": "SUSE Bug 1123377 for CVE-2019-3822",
"url": "https://bugzilla.suse.com/1123377"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-3822",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-13T07:33:54Z",
"details": "important"
}
],
"title": "CVE-2019-3822"
},
{
"cve": "CVE-2019-3823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3823"
}
],
"notes": [
{
"category": "general",
"text": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn\u0027t NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3823",
"url": "https://www.suse.com/security/cve/CVE-2019-3823"
},
{
"category": "external",
"summary": "SUSE Bug 1123378 for CVE-2019-3823",
"url": "https://bugzilla.suse.com/1123378"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2019-3823",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-3823",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:curl-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-32bit-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libcurl4-7.60.0-4.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libcurl-devel-7.60.0-4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-13T07:33:54Z",
"details": "moderate"
}
],
"title": "CVE-2019-3823"
}
]
}
WID-SEC-W-2023-1641
Vulnerability from csaf_certbund - Published: 2018-10-30 23:00 - Updated: 2025-02-04 23:00Summary
cURL: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.
libcurl ist eine Bibliothek für Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cURL und libcurl ausnutzen, um Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen und um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
Es existiert eine Schwachstelle in libcurl im SASL-Authentifizierungscode von libcurl aufgrund eines Fehlers bei der Längenüberprüfung in der Funktion "Curl_auth_create_plain_message". Ein Angreifer kann diesen Heap-Überlauf mit nicht spezifizierten Auswirkungen ausnutzen, indem er zu lange Benutzernamen- und Passworteingaben macht. Die betroffene Funktion kann nur bei Verwendung von POP3(S), IMAP(S) oder SMTP(S) aufgerufen werden.
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Avamar <19.12
Dell / Avamar
|
<19.12 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source cURL <7.62.0
Open Source / cURL
|
<7.62.0 | ||
|
Open Source libcurl <7.62.0
Open Source / libcurl
|
<7.62.0 | ||
|
Dell NetWorker <19.9.0.1
Dell / NetWorker
|
<19.9.0.1 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— |
Es existiert eine heap use-after-free Schwachstelle in cURL und libcurl in der "Curl_close()" Funktion. Ein Angreifer kann dies ausnutzen, um einen Denial of Service zu erstellen oder andere nicht spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte URL oder Webseite in seinem Web-Browser zu öffnen.
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Avamar <19.12
Dell / Avamar
|
<19.12 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source cURL <7.62.0
Open Source / cURL
|
<7.62.0 | ||
|
Open Source libcurl <7.62.0
Open Source / libcurl
|
<7.62.0 | ||
|
Dell NetWorker <19.9.0.1
Dell / NetWorker
|
<19.9.0.1 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— |
Es besteht eine Heap-out-of-buffer-read Schwachstelle in cURL und libcurl aufgrund eines Fehlers in der Wrap-Logik einer generischen Funktion zur Anzeige von Warn- und Informationsmeldungen. Ein Angreifer kann dies ausnutzen, um Informationen offenzulegen oder einen Denial-of-Service Zustand zu erzeugen, wenn Curl in einem Serverkontext verwendet wird.
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell Avamar <19.12
Dell / Avamar
|
<19.12 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source cURL <7.62.0
Open Source / cURL
|
<7.62.0 | ||
|
Open Source libcurl <7.62.0
Open Source / libcurl
|
<7.62.0 | ||
|
Dell NetWorker <19.9.0.1
Dell / NetWorker
|
<19.9.0.1 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— |
References
17 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.\r\nlibcurl ist eine Bibliothek f\u00fcr Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cURL und libcurl ausnutzen, um Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren und um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1641 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2023-1641.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1641 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1641"
},
{
"category": "external",
"summary": "Curl CVE-2018-16842 vom 2018-10-31",
"url": "https://curl.haxx.se/docs/CVE-2018-16842.html"
},
{
"category": "external",
"summary": "Curl CVE-2018-16840 vom 2018-10-31",
"url": "https://curl.haxx.se/docs/CVE-2018-16840.html"
},
{
"category": "external",
"summary": "Curl CVE-2018-16839 vom 2018-10-31",
"url": "https://curl.haxx.se/docs/CVE-2018-16839.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3805-1 vom 2018-11-01",
"url": "http://www.ubuntu.com/usn/usn-3805-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:3608-1 vom 2018-11-03",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183608-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:3607-1 vom 2018-11-03",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183607-1.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4331 vom 2018-11-03",
"url": "https://www.debian.org/security/2018/dsa-4331"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:3624-1 vom 2018-11-06",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183624-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:3681-1 vom 2018-11-09",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183681-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0339-1 vom 2019-02-13",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190339-1.html"
},
{
"category": "external",
"summary": "Gentoo Security Advisory GLSA 201903-03 vom 2019-03-10",
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2019:0996-1 vom 2019-04-24",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190996-1.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:2181 vom 2019-08-06",
"url": "https://access.redhat.com/errata/RHSA-2019:2181"
},
{
"category": "external",
"summary": "Security update for Dell NetWorker",
"url": "https://www.dell.com/support/kbdoc/de-de/000215497/dsa-2023-233-security-update-for-dell-networker-curl-7-51-0"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-071 vom 2025-02-05",
"url": "https://www.dell.com/support/kbdoc/de-de/000281275/dsa-2025-071-security-update-for-dell-avamar-for-multiple-component-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "cURL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-02-04T23:00:00.000+00:00",
"generator": {
"date": "2025-02-05T11:40:19.445+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2023-1641",
"initial_release_date": "2018-10-30T23:00:00.000+00:00",
"revision_history": [
{
"date": "2018-10-30T23:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2018-10-31T23:00:00.000+00:00",
"number": "2",
"summary": "New remediations available"
},
{
"date": "2018-11-04T23:00:00.000+00:00",
"number": "3",
"summary": "New remediations available"
},
{
"date": "2018-11-05T23:00:00.000+00:00",
"number": "4",
"summary": "New remediations available"
},
{
"date": "2018-11-11T23:00:00.000+00:00",
"number": "5",
"summary": "New remediations available"
},
{
"date": "2018-11-15T23:00:00.000+00:00",
"number": "6",
"summary": "Added references"
},
{
"date": "2019-02-13T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-03-10T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von GENTOO aufgenommen"
},
{
"date": "2019-03-11T23:00:00.000+00:00",
"number": "9",
"summary": "Referenz(en) aufgenommen: GLSA-201903-03"
},
{
"date": "2019-04-24T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2019-08-06T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-07-04T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-02-04T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "13"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.12",
"product": {
"name": "Dell Avamar \u003c19.12",
"product_id": "T040818"
}
},
{
"category": "product_version",
"name": "19.12",
"product": {
"name": "Dell Avamar 19.12",
"product_id": "T040818-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:19.12"
}
}
}
],
"category": "product_name",
"name": "Avamar"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.9.0.1",
"product": {
"name": "Dell NetWorker \u003c19.9.0.1",
"product_id": "T028404"
}
},
{
"category": "product_version",
"name": "19.9.0.1",
"product": {
"name": "Dell NetWorker 19.9.0.1",
"product_id": "T028404-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.9.0.1"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.62.0",
"product": {
"name": "Open Source cURL \u003c7.62.0",
"product_id": "T013017"
}
},
{
"category": "product_version",
"name": "7.62.0",
"product": {
"name": "Open Source cURL 7.62.0",
"product_id": "T013017-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:curl:curl:7.62.0"
}
}
}
],
"category": "product_name",
"name": "cURL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.62.0",
"product": {
"name": "Open Source libcurl \u003c7.62.0",
"product_id": "T013018"
}
},
{
"category": "product_version",
"name": "7.62.0",
"product": {
"name": "Open Source libcurl 7.62.0",
"product_id": "T013018-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:libcurl:7.62.0"
}
}
}
],
"category": "product_name",
"name": "libcurl"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16839",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in libcurl im SASL-Authentifizierungscode von libcurl aufgrund eines Fehlers bei der L\u00e4ngen\u00fcberpr\u00fcfung in der Funktion \"Curl_auth_create_plain_message\". Ein Angreifer kann diesen Heap-\u00dcberlauf mit nicht spezifizierten Auswirkungen ausnutzen, indem er zu lange Benutzernamen- und Passworteingaben macht. Die betroffene Funktion kann nur bei Verwendung von POP3(S), IMAP(S) oder SMTP(S) aufgerufen werden."
}
],
"product_status": {
"known_affected": [
"T040818",
"2951",
"T002207",
"67646",
"T000126",
"T013017",
"T013018",
"T028404",
"T012167"
]
},
"release_date": "2018-10-30T23:00:00.000+00:00",
"title": "CVE-2018-16839"
},
{
"cve": "CVE-2018-16840",
"notes": [
{
"category": "description",
"text": "Es existiert eine heap use-after-free Schwachstelle in cURL und libcurl in der \"Curl_close()\" Funktion. Ein Angreifer kann dies ausnutzen, um einen Denial of Service zu erstellen oder andere nicht spezifizierte Auswirkungen zu erzielen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte URL oder Webseite in seinem Web-Browser zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"T040818",
"2951",
"T002207",
"67646",
"T000126",
"T013017",
"T013018",
"T028404",
"T012167"
]
},
"release_date": "2018-10-30T23:00:00.000+00:00",
"title": "CVE-2018-16840"
},
{
"cve": "CVE-2018-16842",
"notes": [
{
"category": "description",
"text": "Es besteht eine Heap-out-of-buffer-read Schwachstelle in cURL und libcurl aufgrund eines Fehlers in der Wrap-Logik einer generischen Funktion zur Anzeige von Warn- und Informationsmeldungen. Ein Angreifer kann dies ausnutzen, um Informationen offenzulegen oder einen Denial-of-Service Zustand zu erzeugen, wenn Curl in einem Serverkontext verwendet wird."
}
],
"product_status": {
"known_affected": [
"T040818",
"2951",
"T002207",
"67646",
"T000126",
"T013017",
"T013018",
"T028404",
"T012167"
]
},
"release_date": "2018-10-30T23:00:00.000+00:00",
"title": "CVE-2018-16842"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…