<patchinfo incident="30"> <!-- generated from request(s) 339850 --> <issue tracker="bnc" id="1221665">VUL-0: CVE-2024-2004: curl: Usage of disabled protocol</issue> <issue tracker="bnc" id="1221666">VUL-0: CVE-2024-2379: curl: QUIC certificate check bypass with wolfSSL</issue> <issue tracker="bnc" id="1221667">VUL-0: CVE-2024-2398: curl: HTTP/2 push headers memory-leak</issue> <issue tracker="bnc" id="1221668">VUL-0: CVE-2024-2466: curl: TLS certificate check bypass with mbedTLS</issue> <issue tracker="bnc" id="1227888">VUL-0: CVE-2024-6197: curl: freeing stack buffer in utf8asn1str</issue> <issue tracker="bnc" id="1228535">VUL-0: CVE-2024-7264: curl: ASN.1 date parser overread</issue> <issue tracker="cve" id="2024-2004"/> <issue tracker="cve" id="2024-2379"/> <issue tracker="cve" id="2024-2398"/> <issue tracker="cve" id="2024-2466"/> <issue tracker="cve" id="2024-6197"/> <issue tracker="cve" id="2024-7264"/> <packager>pmonrealgonzalez</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for curl</summary> <description>This update for curl fixes the following issues: Security issues fixed: - CVE-2024-7264: ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Freeing stack buffer in utf8asn1str (bsc#1227888) - CVE-2024-2379: QUIC certificate check bypass with wolfSSL (bsc#1221666) - CVE-2024-2466: TLS certificate check bypass with mbedTLS (bsc#1221668) - CVE-2024-2004: Usage of disabled protocol (bsc#1221665) - CVE-2024-2398: HTTP/2 push headers memory-leak (bsc#1221667) Non-security issue fixed: - Fixed various TLS related issues including FTP over SSL transmission timeouts. </description> <package>curl</package> <seperate_build_arch/> </patchinfo>