Security update for curl
This update for curl fixes the following issues:
Security issue fixed:
- CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332)
- CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309).
With this release new default ciphers are active (SUSE_DEFAULT, bsc#1027712).
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Pedro Monreal Gonzalez (pmonrealgonzalez)
Fixed bugs
bnc#1015332
VUL-1: CVE-2016-9586: curl: libcurl printf floating point buffer overflow
bnc#1027712
VUL-0: curl: switch to new client side cipher suite default
bnc#1032309
VUL-0: CVE-2017-7407: curl: ourWriteOut function might allow physically proximate attacker to obtain sensitive information
