Overview

File _patchinfo of Package patchinfo.25399

<patchinfo incident="25399">
  <issue tracker="bnc" id="1199223">VUL-0: CVE-2022-27781: curl: CERTINFO never-ending busy-loop (4/6)</issue>
  <issue tracker="bnc" id="1199224">VUL-0: CVE-2022-27782: curl: TLS and SSH connection too eager reuse (5/6)</issue>
  <issue tracker="bnc" id="1200735">VUL-0: CVE-2022-32206: curl: HTTP compression denial of service</issue>
  <issue tracker="bnc" id="1200737">VUL-0: CVE-2022-32208: curl: FTP-KRB bad message verification</issue>
  <issue tracker="cve" id="2022-27781"/>
  <issue tracker="cve" id="2022-27782"/>
  <issue tracker="cve" id="2022-32206"/>
  <issue tracker="cve" id="2022-32208"/>
  <packager>david.anes</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for curl</summary>
  <description>This update for curl fixes the following issues:

- CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite
  loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223).
- CVE-2022-27782: Fixed an issue where TLS and SSH connections would
  be reused even when a related option had been changed (bsc#1199224).
- CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused
  by an unbounded number of compression layers (bsc#1200735).
- CVE-2022-32208: Fixed an incorrect message verification issue when
  performing FTP transfers using krb5 (bsc#1200737).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places