Overview

File _patchinfo of Package patchinfo.4408

<patchinfo incident="4408">
  <issue id="1015332" tracker="bnc">VUL-1: CVE-2016-9586: curl: libcurl printf floating point buffer overflow</issue>
  <issue id="1027712" tracker="bnc">VUL-0: curl: switch to new client side cipher suite default</issue>
  <issue id="1032309" tracker="bnc">VUL-0: CVE-2017-7407: curl: ourWriteOut function might allow physically proximate attacker to obtain sensitive information</issue>
  <issue id="2017-7407" tracker="cve" />
  <issue id="2016-9586" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pmonrealgonzalez</packager>
  <name>curl</name>
  <description>
This update for curl fixes the following issues:

Security issue fixed:

- CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332)
- CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309).

With this release new default ciphers are active (SUSE_DEFAULT, bsc#1027712).
</description>
  <summary>Security update for curl</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places