36 lines
1.7 KiB
Plaintext
36 lines
1.7 KiB
Plaintext
<patchinfo incident="30">
|
|
<!-- generated from request(s) 339850 -->
|
|
<issue tracker="bnc" id="1221665">VUL-0: CVE-2024-2004: curl: Usage of disabled protocol</issue>
|
|
<issue tracker="bnc" id="1221666">VUL-0: CVE-2024-2379: curl: QUIC certificate check bypass with wolfSSL</issue>
|
|
<issue tracker="bnc" id="1221667">VUL-0: CVE-2024-2398: curl: HTTP/2 push headers memory-leak</issue>
|
|
<issue tracker="bnc" id="1221668">VUL-0: CVE-2024-2466: curl: TLS certificate check bypass with mbedTLS</issue>
|
|
<issue tracker="bnc" id="1227888">VUL-0: CVE-2024-6197: curl: freeing stack buffer in utf8asn1str</issue>
|
|
<issue tracker="bnc" id="1228535">VUL-0: CVE-2024-7264: curl: ASN.1 date parser overread</issue>
|
|
<issue tracker="cve" id="2024-2004"/>
|
|
<issue tracker="cve" id="2024-2379"/>
|
|
<issue tracker="cve" id="2024-2398"/>
|
|
<issue tracker="cve" id="2024-2466"/>
|
|
<issue tracker="cve" id="2024-6197"/>
|
|
<issue tracker="cve" id="2024-7264"/>
|
|
<packager>pmonrealgonzalez</packager>
|
|
<rating>moderate</rating>
|
|
<category>security</category>
|
|
<summary>Security update for curl</summary>
|
|
<description>This update for curl fixes the following issues:
|
|
|
|
Security issues fixed:
|
|
|
|
- CVE-2024-7264: ASN.1 date parser overread (bsc#1228535)
|
|
- CVE-2024-6197: Freeing stack buffer in utf8asn1str (bsc#1227888)
|
|
- CVE-2024-2379: QUIC certificate check bypass with wolfSSL (bsc#1221666)
|
|
- CVE-2024-2466: TLS certificate check bypass with mbedTLS (bsc#1221668)
|
|
- CVE-2024-2004: Usage of disabled protocol (bsc#1221665)
|
|
- CVE-2024-2398: HTTP/2 push headers memory-leak (bsc#1221667)
|
|
|
|
Non-security issue fixed:
|
|
|
|
- Fixed various TLS related issues including FTP over SSL transmission timeouts.
|
|
</description>
|
|
<package>curl</package>
|
|
<seperate_build_arch/>
|
|
</patchinfo> |