Overview

File _patchinfo of Package patchinfo.27112

<patchinfo incident="27112">
  <issue tracker="bnc" id="1211339">[Build :27111:curl] openQA test fails in update_minimal</issue>
  <issue tracker="bnc" id="1207992">VUL-0: CVE-2023-23916: curl: HTTP multi-header compression denial of service</issue>
  <issue tracker="bnc" id="1209214">VUL-0: CVE-2023-27538: curl: SSH connection too eager reuse still</issue>
  <issue tracker="bnc" id="1209210">VUL-0: CVE-2023-27534: curl: SFTP path ~ resolving discrepancy</issue>
  <issue tracker="bnc" id="1206309">VUL-0: CVE-2022-43552: curl: HTTP Proxy deny use-after-free</issue>
  <issue tracker="bnc" id="1211232">VUL-0: EMBARGOED: CVE-2023-28321: curl: IDN wildcard match</issue>
  <issue tracker="bnc" id="1209211">VUL-0: CVE-2023-27535: curl: FTP too eager connection reuse</issue>
  <issue tracker="bnc" id="1209212">VUL-0: CVE-2023-27536: curl: GSS delegation too eager connection re-use</issue>
  <issue tracker="bnc" id="1209209">VUL-0: CVE-2023-27533: curl: TELNET option IAC injection</issue>
  <issue tracker="bnc" id="1211233">VUL-0: EMBARGOED: CVE-2023-28322: curl: POST-after-PUT confusion</issue>
  <issue tracker="bnc" id="1211231">VUL-0: EMBARGOED: CVE-2023-28320: curl: siglongjmp race condition</issue>
  <issue tracker="cve" id="2023-27533"/>
  <issue tracker="cve" id="2023-27536"/>
  <issue tracker="cve" id="2022-43552"/>
  <issue tracker="cve" id="2023-27534"/>
  <issue tracker="cve" id="2023-28320"/>
  <issue tracker="cve" id="2023-27535"/>
  <issue tracker="cve" id="2023-27538"/>
  <issue tracker="cve" id="2023-23916"/>
  <issue tracker="cve" id="2023-28321"/>
  <issue tracker="cve" id="2023-28322"/>
  <packager>pmonrealgonzalez</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for curl</summary>
  <description>This update for curl fixes the following issues:

- CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233).
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places