Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for curl

This update for curl fixes the following security issues:

- CVE-2016-8624: invalid URL parsing with '#' (bsc#1005646)
- CVE-2016-8623: Use-after-free via shared cookies (bsc#1005645)
- CVE-2016-8622: URL unescape heap overflow via integer truncation (bsc#1005643)
- CVE-2016-8621: curl_getdate read out of bounds (bsc#1005642)
- CVE-2016-8620: glob parser write/read out of bounds (bsc#1005640)
- CVE-2016-8619: double-free in krb5 code (bsc#1005638)
- CVE-2016-8618: double-free in curl_maprintf (bsc#1005637)
- CVE-2016-8617: OOB write via unchecked multiplication (bsc#1005635)
- CVE-2016-8616: case insensitive password comparison (bsc#1005634)
- CVE-2016-8615: cookie injection for other servers (bsc#1005633)
- CVE-2016-7167: escape and unescape integer overflows (bsc#998760)

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#1005646
VUL-0: CVE-2016-8624: curl: invalid URL parsing with '#'
bnc#1005645
VUL-0: CVE-2016-8623: curl: Use-after-free via shared cookies
bnc#1005643
VUL-0: CVE-2016-8622: curl: URL unescape heap overflow via integer truncation
bnc#1005642
VUL-0: CVE-2016-8621: curl: curl_getdate read out of bounds
bnc#1005640
VUL-0: CVE-2016-8620: curl: glob parser write/read out of bounds
bnc#1005633
VUL-0: CVE-2016-8615: curl: cookie injection for other servers
bnc#998760
VUL-1: CVE-2016-7167: curl: escape and unescape integer overflows
bnc#1005634
VUL-1: CVE-2016-8616: curl: case insensitive password comparison
bnc#1005635
VUL-0: CVE-2016-8617: curl: OOB write via unchecked multiplication
bnc#1005638
VUL-0: CVE-2016-8619: curl: double-free in krb5 code
bnc#1005637
VUL-0: CVE-2016-8618: curl: double-free in curl_maprintf
CVE-2016-8618
CVE-2016-8619
CVE-2016-7167
CVE-2016-8615
CVE-2016-8616
CVE-2016-8617
CVE-2016-8621
CVE-2016-8620
CVE-2016-8623
CVE-2016-8622
CVE-2016-8624
Selected Binaries
openSUSE Build Service is sponsored by
Places