Security update for curl SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:3699-1 Final 1 1 2018-11-09T20:10:46Z current 2018-11-09T20:10:46Z 2018-11-09T20:10:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for curl This update for curl fixes the following issues: - CVE-2018-16840: A use after free in closing SASL handles was fixed (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00009.html E-Mail link for openSUSE-SU-2018:3699-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 curl-7.37.0-42.1 libcurl-devel-7.37.0-42.1 libcurl-devel-32bit-7.37.0-42.1 libcurl4-7.37.0-42.1 libcurl4-32bit-7.37.0-42.1 curl-7.37.0-42.1 as a component of openSUSE Leap 42.3 libcurl-devel-7.37.0-42.1 as a component of openSUSE Leap 42.3 libcurl-devel-32bit-7.37.0-42.1 as a component of openSUSE Leap 42.3 libcurl4-7.37.0-42.1 as a component of openSUSE Leap 42.3 libcurl4-32bit-7.37.0-42.1 as a component of openSUSE Leap 42.3 A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. CVE-2018-16840 openSUSE Leap 42.3:curl-7.37.0-42.1 openSUSE Leap 42.3:libcurl-devel-32bit-7.37.0-42.1 openSUSE Leap 42.3:libcurl-devel-7.37.0-42.1 openSUSE Leap 42.3:libcurl4-32bit-7.37.0-42.1 openSUSE Leap 42.3:libcurl4-7.37.0-42.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00009.html https://www.suse.com/security/cve/CVE-2018-16840.html CVE-2018-16840 https://bugzilla.suse.com/1112758 SUSE Bug 1112758 https://bugzilla.suse.com/1113029 SUSE Bug 1113029 https://bugzilla.suse.com/1122464 SUSE Bug 1122464 Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. CVE-2018-16842 openSUSE Leap 42.3:curl-7.37.0-42.1 openSUSE Leap 42.3:libcurl-devel-32bit-7.37.0-42.1 openSUSE Leap 42.3:libcurl-devel-7.37.0-42.1 openSUSE Leap 42.3:libcurl4-32bit-7.37.0-42.1 openSUSE Leap 42.3:libcurl4-7.37.0-42.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00009.html https://www.suse.com/security/cve/CVE-2018-16842.html CVE-2018-16842 https://bugzilla.suse.com/1113660 SUSE Bug 1113660 https://bugzilla.suse.com/1122464 SUSE Bug 1122464