cvelistv5 - cve-2016-0755

CVE-2016-0755 (GCVE-0-2016-0755)

Vulnerability from cvelistv5

Published

2016-01-29 20:00

Modified

2024-08-05 22:30

Severity ?

CWE

Summary

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.

References

►

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

fkie_cve-2016-0755

Vulnerability from fkie_nvd

Published

2016-01-29 20:59

Modified

2025-04-12 10:46

Severity ?

7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

References

URL	Tags
secalert@redhat.com	http://curl.haxx.se/docs/adv_20160127A.html	Vendor Advisory
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html
secalert@redhat.com	http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html
secalert@redhat.com	http://www.debian.org/security/2016/dsa-3455
secalert@redhat.com	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
secalert@redhat.com	http://www.securityfocus.com/bid/82307
secalert@redhat.com	http://www.securitytracker.com/id/1034882
secalert@redhat.com	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.519965
secalert@redhat.com	http://www.ubuntu.com/usn/USN-2882-1
secalert@redhat.com	https://security.gentoo.org/glsa/201701-47
secalert@redhat.com	https://support.apple.com/HT207170
af854a3a-2127-422b-91ae-364da2661108	http://curl.haxx.se/docs/adv_20160127A.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3455
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/82307
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034882
af854a3a-2127-422b-91ae-364da2661108	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.519965
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2882-1
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201701-47
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT207170

Impacted products

Vendor	Product	Version
haxx	curl	*
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	15.04
canonical	ubuntu_linux	15.10
debian	debian_linux	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B94835-9FDC-4EFE-A37D-9BFCEFA12197",
              "versionEndIncluding": "7.46.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n ConnectionExists en lib/url.c en libcurl en versiones anteriores a 7.47.0 no reutiliza correctamente las conexiones proxy autenticadas por NTML, lo que podr\u00eda permitir a atacantes remotos autenticarse como otros usuarios a trav\u00e9s de una petici\u00f3n, un problema similar a CVE-2014-0015."
    }
  ],
  "id": "CVE-2016-0755",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-29T20:59:05.653",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20160127A.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2016/dsa-3455"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/82307"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1034882"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2882-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/201701-47"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://support.apple.com/HT207170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://curl.haxx.se/docs/adv_20160127A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/82307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2882-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201701-47"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/HT207170"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

suse-su-2016:0778-1

Vulnerability from csaf_suse

Published

2016-03-15 17:01

Modified

2016-03-15 17:01

Summary

Security update for sles11sp4-docker-image

Notes

Title of the patch

Security update for sles11sp4-docker-image

Description of the patch

This rebuild for sles11sp4-docker-image fixes several important security issues done in libraries contained inside, for glibc, openssl, curl and openldap2. glibc security fixes: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) glibc non-security bugfixes: - bsc#930721: Accept leading and trailing spaces in getdate input string - bsc#942317: Recognize power8 platform - bsc#950944: Always enable pointer guard - bsc#956988: Fix deadlock in __dl_iterate_phdr openssl security issues fixed: - CVE-2016-0800 aka the 'DROWN' attack (bsc#968046): OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle. This update changes the openssl library to: * Disable SSLv2 protocol support by default. This can be overridden by setting the environment variable 'OPENSSL_ALLOW_SSL2' or by using SSL_CTX_clear_options using the SSL_OP_NO_SSLv2 flag. Note that various services and clients had already disabled SSL protocol 2 by default previously. * Disable all weak EXPORT ciphers by default. These can be reenabled if required by old legacy software using the environment variable 'OPENSSL_ALLOW_EXPORT'. - CVE-2016-0705 (bnc#968047): A double free() bug in the DSA ASN1 parser code was fixed that could be abused to facilitate a denial-of-service attack. - CVE-2016-0797 (bnc#968048): The BN_hex2bn() and BN_dec2bn() functions had a bug that could result in an attempt to de-reference a NULL pointer leading to crashes. This could have security consequences if these functions were ever called by user applications with large untrusted hex/decimal data. Also, internal usage of these functions in OpenSSL uses data from config files or application command line arguments. If user developed applications generated config file data based on untrusted data, then this could have had security consequences as well. - CVE-2016-0799 (bnc#968374) On many 64 bit systems, the internal fmtstr() and doapr_outch() functions could miscalculate the length of a string and attempt to access out-of-bounds memory locations. These problems could have enabled attacks where large amounts of untrusted data is passed to the BIO_*printf functions. If applications use these functions in this way then they could have been vulnerable. OpenSSL itself uses these functions when printing out human-readable dumps of ASN.1 data. Therefore applications that print this data could have been vulnerable if the data is from untrusted sources. OpenSSL command line applications could also have been vulnerable when they print out ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is not considered directly vulnerable. - CVE-2015-3197 (bsc#963415): The SSLv2 protocol did not block disabled ciphers. Note that the March 1st 2016 release also references following CVEs that were fixed by us with CVE-2015-0293 in 2015: - CVE-2016-0703 (bsc#968051): This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. - CVE-2016-0704 (bsc#968053): 'Bleichenbacher oracle in SSLv2' This issue only affected versions of OpenSSL prior to March 19th 2015 at which time the code was refactored to address vulnerability CVE-2015-0293. It would have made the above 'DROWN' attack much easier. openssl non-security bugs fixed: - Avoid running OPENSSL_config twice. This avoids breaking engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787) curl security issues fixed: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) curl non-security bugs fixed: - bsc#926511: Check for errors on the control connection during FTP transfers openldap2 security issue fixed: - CVE-2015-6908. Passing a crafted packet to the function ber_get_next(), an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582).

Patchnames

SUSE-SLE-Module-Containers-12-2016-457

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for sles11sp4-docker-image",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis rebuild for sles11sp4-docker-image fixes several important security issues\ndone in libraries contained inside, for glibc, openssl, curl and openldap2.\n\nglibc security fixes:\n\n- CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721)\n- CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944)\n- CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736)\n- CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737)\n- CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738)\n- CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739)\n\nglibc non-security bugfixes:\n\n- bsc#930721: Accept leading and trailing spaces in getdate input string\n- bsc#942317: Recognize power8 platform \n- bsc#950944: Always enable pointer guard\n- bsc#956988: Fix deadlock in __dl_iterate_phdr\n\nopenssl security issues fixed:\n\n- CVE-2016-0800 aka the \u0027DROWN\u0027 attack (bsc#968046):\n  OpenSSL was vulnerable to a cross-protocol attack that could lead to\n  decryption of TLS sessions by using a server supporting SSLv2 and\n  EXPORT cipher suites as a Bleichenbacher RSA padding oracle.\n\n  This update changes the openssl library to:\n\n  * Disable SSLv2 protocol support by default.\n\n    This can be overridden by setting the environment variable\n    \u0027OPENSSL_ALLOW_SSL2\u0027 or by using SSL_CTX_clear_options using the\n    SSL_OP_NO_SSLv2 flag.\n\n    Note that various services and clients had already disabled SSL\n    protocol 2 by default previously.\n\n  * Disable all weak EXPORT ciphers by default. These can be reenabled\n    if required by old legacy software using the environment variable\n    \u0027OPENSSL_ALLOW_EXPORT\u0027.\n\n- CVE-2016-0705 (bnc#968047):\n  A double free() bug in the DSA ASN1 parser code was fixed that could\n  be abused to facilitate a denial-of-service attack.\n\n- CVE-2016-0797 (bnc#968048):\n  The BN_hex2bn() and BN_dec2bn() functions had a bug that could result\n  in an attempt to de-reference a NULL pointer leading to crashes.\n  This could have security consequences if these functions were ever\n  called by user applications with large untrusted hex/decimal data. Also,\n  internal usage of these functions in OpenSSL uses data from config files\n  or application command line arguments. If user developed applications\n  generated config file data based on untrusted data, then this could\n  have had security consequences as well.\n\n- CVE-2016-0799 (bnc#968374)\n  On many 64 bit systems, the internal fmtstr() and doapr_outch()\n  functions could miscalculate the length of a string and attempt to\n  access out-of-bounds memory locations. These problems could have\n  enabled attacks where large amounts of untrusted data is passed to\n  the BIO_*printf functions. If applications use these functions in\n  this way then they could have been vulnerable. OpenSSL itself uses\n  these functions when printing out human-readable dumps of ASN.1\n  data. Therefore applications that print this data could have been\n  vulnerable if the data is from untrusted sources. OpenSSL command line\n  applications could also have been vulnerable when they print out ASN.1\n  data, or if untrusted data is passed as command line arguments. Libssl\n  is not considered directly vulnerable.\n\n- CVE-2015-3197 (bsc#963415):\n  The SSLv2 protocol did not block disabled ciphers.\n\nNote that the March 1st 2016 release also references following CVEs\nthat were fixed by us with CVE-2015-0293 in 2015:\n\n- CVE-2016-0703 (bsc#968051): This issue only affected versions of\n  OpenSSL prior to March 19th 2015 at which time the code was refactored\n  to address vulnerability CVE-2015-0293. It would have made the above\n  \u0027DROWN\u0027 attack much easier.\n- CVE-2016-0704 (bsc#968053): \u0027Bleichenbacher oracle in SSLv2\u0027\n  This issue only affected versions of OpenSSL prior to March 19th\n  2015 at which time the code was refactored to address vulnerability\n  CVE-2015-0293. It would have made the above \u0027DROWN\u0027 attack much easier.\n\nopenssl non-security bugs fixed:\n\n- Avoid running OPENSSL_config twice. This avoids breaking\n  engine loading and also fixes a memory leak in libssl. (bsc#952871 bsc#967787)\n\n\ncurl security issues fixed:\n\n- CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983)\n\ncurl non-security bugs fixed:\n- bsc#926511: Check for errors on the control connection during FTP transfers\n\nopenldap2 security issue fixed:\n\n- CVE-2015-6908. Passing a crafted packet to the function  ber_get_next(),\n  an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Module-Containers-12-2016-457",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0778-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:0778-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160778-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:0778-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-March/001944.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 969591",
        "url": "https://bugzilla.suse.com/969591"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-9761 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-9761/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3197 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3197/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-6908 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-6908/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-7547 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-7547/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8776 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8776/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8777 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8777/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8778 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8778/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8779 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8779/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0702 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0702/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0703 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0703/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0704 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0704/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0705 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0705/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0755 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0755/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0797 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0797/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0799 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0799/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0800 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0800/"
      }
    ],
    "title": "Security update for sles11sp4-docker-image",
    "tracking": {
      "current_release_date": "2016-03-15T17:01:49Z",
      "generator": {
        "date": "2016-03-15T17:01:49Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:0778-1",
      "initial_release_date": "2016-03-15T17:01:49Z",
      "revision_history": [
        {
          "date": "2016-03-15T17:01:49Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sles11sp4-docker-image-1.1.1-20160304104123.s390x",
                "product": {
                  "name": "sles11sp4-docker-image-1.1.1-20160304104123.s390x",
                  "product_id": "sles11sp4-docker-image-1.1.1-20160304104123.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sles11sp4-docker-image-1.1.1-20160304104123.x86_64",
                "product": {
                  "name": "sles11sp4-docker-image-1.1.1-20160304104123.x86_64",
                  "product_id": "sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Containers 12",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Containers 12",
                  "product_id": "SUSE Linux Enterprise Module for Containers 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-containers:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sles11sp4-docker-image-1.1.1-20160304104123.s390x as component of SUSE Linux Enterprise Module for Containers 12",
          "product_id": "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x"
        },
        "product_reference": "sles11sp4-docker-image-1.1.1-20160304104123.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sles11sp4-docker-image-1.1.1-20160304104123.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
          "product_id": "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        },
        "product_reference": "sles11sp4-docker-image-1.1.1-20160304104123.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-9761",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-9761"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-9761",
          "url": "https://www.suse.com/security/cve/CVE-2014-9761"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123874 for CVE-2014-9761",
          "url": "https://bugzilla.suse.com/1123874"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962738 for CVE-2014-9761",
          "url": "https://bugzilla.suse.com/962738"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 986086 for CVE-2014-9761",
          "url": "https://bugzilla.suse.com/986086"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2014-9761"
    },
    {
      "cve": "CVE-2015-3197",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3197"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3197",
          "url": "https://www.suse.com/security/cve/CVE-2015-3197"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963410 for CVE-2015-3197",
          "url": "https://bugzilla.suse.com/963410"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963415 for CVE-2015-3197",
          "url": "https://bugzilla.suse.com/963415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968044 for CVE-2015-3197",
          "url": "https://bugzilla.suse.com/968044"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968046 for CVE-2015-3197",
          "url": "https://bugzilla.suse.com/968046"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-3197"
    },
    {
      "cve": "CVE-2015-6908",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-6908"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-6908",
          "url": "https://www.suse.com/security/cve/CVE-2015-6908"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 945582 for CVE-2015-6908",
          "url": "https://bugzilla.suse.com/945582"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-6908"
    },
    {
      "cve": "CVE-2015-7547",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-7547"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-7547",
          "url": "https://www.suse.com/security/cve/CVE-2015-7547"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077097 for CVE-2015-7547",
          "url": "https://bugzilla.suse.com/1077097"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 847227 for CVE-2015-7547",
          "url": "https://bugzilla.suse.com/847227"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961721 for CVE-2015-7547",
          "url": "https://bugzilla.suse.com/961721"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 967023 for CVE-2015-7547",
          "url": "https://bugzilla.suse.com/967023"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 967061 for CVE-2015-7547",
          "url": "https://bugzilla.suse.com/967061"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 967072 for CVE-2015-7547",
          "url": "https://bugzilla.suse.com/967072"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 967496 for CVE-2015-7547",
          "url": "https://bugzilla.suse.com/967496"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 969216 for CVE-2015-7547",
          "url": "https://bugzilla.suse.com/969216"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 969241 for CVE-2015-7547",
          "url": "https://bugzilla.suse.com/969241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 969591 for CVE-2015-7547",
          "url": "https://bugzilla.suse.com/969591"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 986086 for CVE-2015-7547",
          "url": "https://bugzilla.suse.com/986086"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-7547"
    },
    {
      "cve": "CVE-2015-8776",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8776"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8776",
          "url": "https://www.suse.com/security/cve/CVE-2015-8776"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123874 for CVE-2015-8776",
          "url": "https://bugzilla.suse.com/1123874"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962736 for CVE-2015-8776",
          "url": "https://bugzilla.suse.com/962736"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 986086 for CVE-2015-8776",
          "url": "https://bugzilla.suse.com/986086"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-8776"
    },
    {
      "cve": "CVE-2015-8777",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8777"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8777",
          "url": "https://www.suse.com/security/cve/CVE-2015-8777"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123874 for CVE-2015-8777",
          "url": "https://bugzilla.suse.com/1123874"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 950944 for CVE-2015-8777",
          "url": "https://bugzilla.suse.com/950944"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962735 for CVE-2015-8777",
          "url": "https://bugzilla.suse.com/962735"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-8777"
    },
    {
      "cve": "CVE-2015-8778",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8778"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8778",
          "url": "https://www.suse.com/security/cve/CVE-2015-8778"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123874 for CVE-2015-8778",
          "url": "https://bugzilla.suse.com/1123874"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962737 for CVE-2015-8778",
          "url": "https://bugzilla.suse.com/962737"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 986086 for CVE-2015-8778",
          "url": "https://bugzilla.suse.com/986086"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-8778"
    },
    {
      "cve": "CVE-2015-8779",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8779"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8779",
          "url": "https://www.suse.com/security/cve/CVE-2015-8779"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123874 for CVE-2015-8779",
          "url": "https://bugzilla.suse.com/1123874"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962739 for CVE-2015-8779",
          "url": "https://bugzilla.suse.com/962739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 965453 for CVE-2015-8779",
          "url": "https://bugzilla.suse.com/965453"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 986086 for CVE-2015-8779",
          "url": "https://bugzilla.suse.com/986086"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2015-8779"
    },
    {
      "cve": "CVE-2016-0702",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0702"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0702",
          "url": "https://www.suse.com/security/cve/CVE-2016-0702"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007806 for CVE-2016-0702",
          "url": "https://bugzilla.suse.com/1007806"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968044 for CVE-2016-0702",
          "url": "https://bugzilla.suse.com/968044"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968050 for CVE-2016-0702",
          "url": "https://bugzilla.suse.com/968050"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 971238 for CVE-2016-0702",
          "url": "https://bugzilla.suse.com/971238"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990370 for CVE-2016-0702",
          "url": "https://bugzilla.suse.com/990370"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-0702"
    },
    {
      "cve": "CVE-2016-0703",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0703"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0703",
          "url": "https://www.suse.com/security/cve/CVE-2016-0703"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968044 for CVE-2016-0703",
          "url": "https://bugzilla.suse.com/968044"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968046 for CVE-2016-0703",
          "url": "https://bugzilla.suse.com/968046"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968051 for CVE-2016-0703",
          "url": "https://bugzilla.suse.com/968051"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 986238 for CVE-2016-0703",
          "url": "https://bugzilla.suse.com/986238"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-0703"
    },
    {
      "cve": "CVE-2016-0704",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0704"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0704",
          "url": "https://www.suse.com/security/cve/CVE-2016-0704"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968044 for CVE-2016-0704",
          "url": "https://bugzilla.suse.com/968044"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968053 for CVE-2016-0704",
          "url": "https://bugzilla.suse.com/968053"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 986238 for CVE-2016-0704",
          "url": "https://bugzilla.suse.com/986238"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-0704"
    },
    {
      "cve": "CVE-2016-0705",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0705"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0705",
          "url": "https://www.suse.com/security/cve/CVE-2016-0705"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968044 for CVE-2016-0705",
          "url": "https://bugzilla.suse.com/968044"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968047 for CVE-2016-0705",
          "url": "https://bugzilla.suse.com/968047"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 971238 for CVE-2016-0705",
          "url": "https://bugzilla.suse.com/971238"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 976341 for CVE-2016-0705",
          "url": "https://bugzilla.suse.com/976341"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-0705"
    },
    {
      "cve": "CVE-2016-0755",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0755"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0755",
          "url": "https://www.suse.com/security/cve/CVE-2016-0755"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962983 for CVE-2016-0755",
          "url": "https://bugzilla.suse.com/962983"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-0755"
    },
    {
      "cve": "CVE-2016-0797",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0797"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0797",
          "url": "https://www.suse.com/security/cve/CVE-2016-0797"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968044 for CVE-2016-0797",
          "url": "https://bugzilla.suse.com/968044"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968048 for CVE-2016-0797",
          "url": "https://bugzilla.suse.com/968048"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990370 for CVE-2016-0797",
          "url": "https://bugzilla.suse.com/990370"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-0797"
    },
    {
      "cve": "CVE-2016-0799",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0799"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0799",
          "url": "https://www.suse.com/security/cve/CVE-2016-0799"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968044 for CVE-2016-0799",
          "url": "https://bugzilla.suse.com/968044"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968374 for CVE-2016-0799",
          "url": "https://bugzilla.suse.com/968374"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 969517 for CVE-2016-0799",
          "url": "https://bugzilla.suse.com/969517"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 989345 for CVE-2016-0799",
          "url": "https://bugzilla.suse.com/989345"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990370 for CVE-2016-0799",
          "url": "https://bugzilla.suse.com/990370"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 991722 for CVE-2016-0799",
          "url": "https://bugzilla.suse.com/991722"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-0799"
    },
    {
      "cve": "CVE-2016-0800",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0800"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
          "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0800",
          "url": "https://www.suse.com/security/cve/CVE-2016-0800"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1106871 for CVE-2016-0800",
          "url": "https://bugzilla.suse.com/1106871"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 961377 for CVE-2016-0800",
          "url": "https://bugzilla.suse.com/961377"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968044 for CVE-2016-0800",
          "url": "https://bugzilla.suse.com/968044"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968046 for CVE-2016-0800",
          "url": "https://bugzilla.suse.com/968046"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968888 for CVE-2016-0800",
          "url": "https://bugzilla.suse.com/968888"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 969591 for CVE-2016-0800",
          "url": "https://bugzilla.suse.com/969591"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 979060 for CVE-2016-0800",
          "url": "https://bugzilla.suse.com/979060"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.s390x",
            "SUSE Linux Enterprise Module for Containers 12:sles11sp4-docker-image-1.1.1-20160304104123.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-03-15T17:01:49Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-0800"
    }
  ]
}

suse-su-2016:0347-1

Vulnerability from csaf_suse

Published

2016-02-05 13:51

Modified

2016-02-05 13:51

Summary

Security update for curl

Notes

Title of the patch

Security update for curl

Description of the patch

This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - bsc#926511: Check for errors on the control connection during FTP transfers The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures

Patchnames

sdksp3-curl-12385,sdksp4-curl-12385,sledsp3-curl-12385,sledsp4-curl-12385,slessp3-curl-12385,slessp4-curl-12385

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for curl",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for curl fixes the following issues:\n\n- CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983)\n\nThe following non-security bugs were fixed:\n\n- bsc#926511: Check for errors on the control connection during FTP transfers\n\nThe following tracked bugs only affect the test suite:\n\n- bsc#962996: Expired cookie in test 46 caused test failures\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sdksp3-curl-12385,sdksp4-curl-12385,sledsp3-curl-12385,sledsp4-curl-12385,slessp3-curl-12385,slessp4-curl-12385",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0347-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:0347-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160347-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:0347-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-February/001852.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 926511",
        "url": "https://bugzilla.suse.com/926511"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 962983",
        "url": "https://bugzilla.suse.com/962983"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 962996",
        "url": "https://bugzilla.suse.com/962996"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0755 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0755/"
      }
    ],
    "title": "Security update for curl",
    "tracking": {
      "current_release_date": "2016-02-05T13:51:50Z",
      "generator": {
        "date": "2016-02-05T13:51:50Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:0347-1",
      "initial_release_date": "2016-02-05T13:51:50Z",
      "revision_history": [
        {
          "date": "2016-02-05T13:51:50Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-devel-7.19.7-1.46.1.i586",
                "product": {
                  "name": "libcurl-devel-7.19.7-1.46.1.i586",
                  "product_id": "libcurl-devel-7.19.7-1.46.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "curl-7.19.7-1.46.1.i586",
                "product": {
                  "name": "curl-7.19.7-1.46.1.i586",
                  "product_id": "curl-7.19.7-1.46.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.19.7-1.46.1.i586",
                "product": {
                  "name": "libcurl4-7.19.7-1.46.1.i586",
                  "product_id": "libcurl4-7.19.7-1.46.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-devel-7.19.7-1.46.1.ia64",
                "product": {
                  "name": "libcurl-devel-7.19.7-1.46.1.ia64",
                  "product_id": "libcurl-devel-7.19.7-1.46.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "curl-7.19.7-1.46.1.ia64",
                "product": {
                  "name": "curl-7.19.7-1.46.1.ia64",
                  "product_id": "curl-7.19.7-1.46.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.19.7-1.46.1.ia64",
                "product": {
                  "name": "libcurl4-7.19.7-1.46.1.ia64",
                  "product_id": "libcurl4-7.19.7-1.46.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-x86-7.19.7-1.46.1.ia64",
                "product": {
                  "name": "libcurl4-x86-7.19.7-1.46.1.ia64",
                  "product_id": "libcurl4-x86-7.19.7-1.46.1.ia64"
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-devel-7.19.7-1.46.1.ppc64",
                "product": {
                  "name": "libcurl-devel-7.19.7-1.46.1.ppc64",
                  "product_id": "libcurl-devel-7.19.7-1.46.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "curl-7.19.7-1.46.1.ppc64",
                "product": {
                  "name": "curl-7.19.7-1.46.1.ppc64",
                  "product_id": "curl-7.19.7-1.46.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.19.7-1.46.1.ppc64",
                "product": {
                  "name": "libcurl4-7.19.7-1.46.1.ppc64",
                  "product_id": "libcurl4-7.19.7-1.46.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.19.7-1.46.1.ppc64",
                "product": {
                  "name": "libcurl4-32bit-7.19.7-1.46.1.ppc64",
                  "product_id": "libcurl4-32bit-7.19.7-1.46.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-devel-7.19.7-1.46.1.s390x",
                "product": {
                  "name": "libcurl-devel-7.19.7-1.46.1.s390x",
                  "product_id": "libcurl-devel-7.19.7-1.46.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "curl-7.19.7-1.46.1.s390x",
                "product": {
                  "name": "curl-7.19.7-1.46.1.s390x",
                  "product_id": "curl-7.19.7-1.46.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.19.7-1.46.1.s390x",
                "product": {
                  "name": "libcurl4-7.19.7-1.46.1.s390x",
                  "product_id": "libcurl4-7.19.7-1.46.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.19.7-1.46.1.s390x",
                "product": {
                  "name": "libcurl4-32bit-7.19.7-1.46.1.s390x",
                  "product_id": "libcurl4-32bit-7.19.7-1.46.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-devel-7.19.7-1.46.1.x86_64",
                "product": {
                  "name": "libcurl-devel-7.19.7-1.46.1.x86_64",
                  "product_id": "libcurl-devel-7.19.7-1.46.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "curl-7.19.7-1.46.1.x86_64",
                "product": {
                  "name": "curl-7.19.7-1.46.1.x86_64",
                  "product_id": "curl-7.19.7-1.46.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.19.7-1.46.1.x86_64",
                "product": {
                  "name": "libcurl4-7.19.7-1.46.1.x86_64",
                  "product_id": "libcurl4-7.19.7-1.46.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.19.7-1.46.1.x86_64",
                "product": {
                  "name": "libcurl4-32bit-7.19.7-1.46.1.x86_64",
                  "product_id": "libcurl4-32bit-7.19.7-1.46.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 11 SP3",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:suse:sle-sdk:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:suse:sle-sdk:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 11 SP3",
                  "product_id": "SUSE Linux Enterprise Desktop 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sled:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 11 SP4",
                  "product_id": "SUSE Linux Enterprise Desktop 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sled:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP3",
                  "product_id": "SUSE Linux Enterprise Server 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
                  "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:11:sp3:teradata"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.i586"
        },
        "product_reference": "libcurl-devel-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.ia64"
        },
        "product_reference": "libcurl-devel-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "libcurl-devel-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.s390x"
        },
        "product_reference": "libcurl-devel-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.i586"
        },
        "product_reference": "libcurl-devel-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.ia64"
        },
        "product_reference": "libcurl-devel-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "libcurl-devel-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.s390x"
        },
        "product_reference": "libcurl-devel-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
          "product_id": "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.46.1.i586"
        },
        "product_reference": "curl-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
          "product_id": "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "curl-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP3",
          "product_id": "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.46.1.i586"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
          "product_id": "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP3",
          "product_id": "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4",
          "product_id": "SUSE Linux Enterprise Desktop 11 SP4:curl-7.19.7-1.46.1.i586"
        },
        "product_reference": "curl-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
          "product_id": "SUSE Linux Enterprise Desktop 11 SP4:curl-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "curl-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Desktop 11 SP4",
          "product_id": "SUSE Linux Enterprise Desktop 11 SP4:libcurl4-7.19.7-1.46.1.i586"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
          "product_id": "SUSE Linux Enterprise Desktop 11 SP4:libcurl4-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Desktop 11 SP4",
          "product_id": "SUSE Linux Enterprise Desktop 11 SP4:libcurl4-32bit-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.i586"
        },
        "product_reference": "curl-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.ia64"
        },
        "product_reference": "curl-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "curl-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.s390x"
        },
        "product_reference": "curl-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "curl-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.i586"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.ia64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.s390x"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.46.1.s390x"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-x86-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3",
          "product_id": "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.46.1.ia64"
        },
        "product_reference": "libcurl4-x86-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.i586"
        },
        "product_reference": "curl-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.ia64"
        },
        "product_reference": "curl-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "curl-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.s390x"
        },
        "product_reference": "curl-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "curl-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.i586"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.ia64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.s390x"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.46.1.s390x"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-x86-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.46.1.ia64"
        },
        "product_reference": "libcurl4-x86-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.i586"
        },
        "product_reference": "curl-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.ia64"
        },
        "product_reference": "curl-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "curl-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.s390x"
        },
        "product_reference": "curl-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "curl-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.i586"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.ia64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.s390x"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.46.1.s390x"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-x86-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.46.1.ia64"
        },
        "product_reference": "libcurl4-x86-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.i586"
        },
        "product_reference": "curl-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.ia64"
        },
        "product_reference": "curl-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "curl-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.s390x"
        },
        "product_reference": "curl-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "curl-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.i586"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.ia64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.s390x"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.46.1.s390x"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-x86-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.19.7-1.46.1.ia64"
        },
        "product_reference": "libcurl4-x86-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.i586"
        },
        "product_reference": "curl-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.ia64"
        },
        "product_reference": "curl-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "curl-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.s390x"
        },
        "product_reference": "curl-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "curl-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.i586"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.ia64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.s390x"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl4-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.19.7-1.46.1.ppc64"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.19.7-1.46.1.s390x"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.19.7-1.46.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.19.7-1.46.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.19.7-1.46.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-x86-7.19.7-1.46.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-x86-7.19.7-1.46.1.ia64"
        },
        "product_reference": "libcurl4-x86-7.19.7-1.46.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-0755",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0755"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Desktop 11 SP4:curl-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Desktop 11 SP4:curl-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Desktop 11 SP4:libcurl4-32bit-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Desktop 11 SP4:libcurl4-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Desktop 11 SP4:libcurl4-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-x86-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0755",
          "url": "https://www.suse.com/security/cve/CVE-2016-0755"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962983 for CVE-2016-0755",
          "url": "https://bugzilla.suse.com/962983"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Desktop 11 SP4:curl-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Desktop 11 SP4:curl-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Desktop 11 SP4:libcurl4-32bit-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Desktop 11 SP4:libcurl4-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Desktop 11 SP4:libcurl4-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-x86-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Desktop 11 SP3:curl-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-32bit-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Desktop 11 SP3:libcurl4-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Desktop 11 SP4:curl-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Desktop 11 SP4:curl-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Desktop 11 SP4:libcurl4-32bit-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Desktop 11 SP4:libcurl4-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Desktop 11 SP4:libcurl4-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:curl-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-32bit-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:libcurl4-x86-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:curl-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-32bit-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3:libcurl4-x86-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:curl-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-32bit-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libcurl4-x86-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:curl-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-32bit-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP3:libcurl4-x86-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:curl-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-32bit-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libcurl4-x86-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP3:libcurl-devel-7.19.7-1.46.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libcurl-devel-7.19.7-1.46.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-02-05T13:51:50Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-0755"
    }
  ]
}

suse-su-2016:0340-1

Vulnerability from csaf_suse

Published

2016-02-04 14:51

Modified

2016-02-04 14:51

Summary

Security update for curl

Notes

Title of the patch

Security update for curl

Description of the patch

This update for curl fixes the following issues: - CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983) The following non-security bugs were fixed: - bsc#936676: secure_getenv or __secure_getenv may not be detected correctly at build time The following tracked bugs only affect the test suite: - bsc#962996: Expired cookie in test 46 caused test failures - bsc#934333: Curl test suite was not run, is now enabled during build

Patchnames

SUSE-SLE-DESKTOP-12-2016-201,SUSE-SLE-DESKTOP-12-SP1-2016-201,SUSE-SLE-SDK-12-2016-201,SUSE-SLE-SDK-12-SP1-2016-201,SUSE-SLE-SERVER-12-2016-201,SUSE-SLE-SERVER-12-SP1-2016-201

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for curl",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for curl fixes the following issues:\n\n- CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983)\n\nThe following non-security bugs were fixed:\n\n- bsc#936676: secure_getenv or __secure_getenv may not be detected correctly at build time\n\nThe following tracked bugs only affect the test suite:\n\n- bsc#962996: Expired cookie in test 46 caused test failures\n- bsc#934333: Curl test suite was not run, is now enabled during build\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-2016-201,SUSE-SLE-DESKTOP-12-SP1-2016-201,SUSE-SLE-SDK-12-2016-201,SUSE-SLE-SDK-12-SP1-2016-201,SUSE-SLE-SERVER-12-2016-201,SUSE-SLE-SERVER-12-SP1-2016-201",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0340-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:0340-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20160340-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:0340-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-February/001848.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 934333",
        "url": "https://bugzilla.suse.com/934333"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 936676",
        "url": "https://bugzilla.suse.com/936676"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 962983",
        "url": "https://bugzilla.suse.com/962983"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 962996",
        "url": "https://bugzilla.suse.com/962996"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0755 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0755/"
      }
    ],
    "title": "Security update for curl",
    "tracking": {
      "current_release_date": "2016-02-04T14:51:34Z",
      "generator": {
        "date": "2016-02-04T14:51:34Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:0340-1",
      "initial_release_date": "2016-02-04T14:51:34Z",
      "revision_history": [
        {
          "date": "2016-02-04T14:51:34Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-devel-7.37.0-18.1.ppc64le",
                "product": {
                  "name": "libcurl-devel-7.37.0-18.1.ppc64le",
                  "product_id": "libcurl-devel-7.37.0-18.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "curl-7.37.0-18.1.ppc64le",
                "product": {
                  "name": "curl-7.37.0-18.1.ppc64le",
                  "product_id": "curl-7.37.0-18.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.37.0-18.1.ppc64le",
                "product": {
                  "name": "libcurl4-7.37.0-18.1.ppc64le",
                  "product_id": "libcurl4-7.37.0-18.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libcurl-devel-7.37.0-18.1.s390x",
                "product": {
                  "name": "libcurl-devel-7.37.0-18.1.s390x",
                  "product_id": "libcurl-devel-7.37.0-18.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "curl-7.37.0-18.1.s390x",
                "product": {
                  "name": "curl-7.37.0-18.1.s390x",
                  "product_id": "curl-7.37.0-18.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.37.0-18.1.s390x",
                "product": {
                  "name": "libcurl4-7.37.0-18.1.s390x",
                  "product_id": "libcurl4-7.37.0-18.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.37.0-18.1.s390x",
                "product": {
                  "name": "libcurl4-32bit-7.37.0-18.1.s390x",
                  "product_id": "libcurl4-32bit-7.37.0-18.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.37.0-18.1.x86_64",
                "product": {
                  "name": "curl-7.37.0-18.1.x86_64",
                  "product_id": "curl-7.37.0-18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.37.0-18.1.x86_64",
                "product": {
                  "name": "libcurl4-7.37.0-18.1.x86_64",
                  "product_id": "libcurl4-7.37.0-18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.37.0-18.1.x86_64",
                "product": {
                  "name": "libcurl4-32bit-7.37.0-18.1.x86_64",
                  "product_id": "libcurl4-32bit-7.37.0-18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.37.0-18.1.x86_64",
                "product": {
                  "name": "libcurl-devel-7.37.0-18.1.x86_64",
                  "product_id": "libcurl-devel-7.37.0-18.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12",
                  "product_id": "SUSE Linux Enterprise Desktop 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP1",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12",
                  "product_id": "SUSE Linux Enterprise Server 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
          "product_id": "SUSE Linux Enterprise Desktop 12:curl-7.37.0-18.1.x86_64"
        },
        "product_reference": "curl-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
          "product_id": "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-18.1.x86_64"
        },
        "product_reference": "libcurl4-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
          "product_id": "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-18.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:curl-7.37.0-18.1.x86_64"
        },
        "product_reference": "curl-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:libcurl4-7.37.0-18.1.x86_64"
        },
        "product_reference": "libcurl4-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:libcurl4-32bit-7.37.0-18.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.37.0-18.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-18.1.ppc64le"
        },
        "product_reference": "libcurl-devel-7.37.0-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.37.0-18.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-18.1.s390x"
        },
        "product_reference": "libcurl-devel-7.37.0-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-18.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.37.0-18.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libcurl-devel-7.37.0-18.1.ppc64le"
        },
        "product_reference": "libcurl-devel-7.37.0-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.37.0-18.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libcurl-devel-7.37.0-18.1.s390x"
        },
        "product_reference": "libcurl-devel-7.37.0-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP1",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP1:libcurl-devel-7.37.0-18.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.37.0-18.1.ppc64le as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:curl-7.37.0-18.1.ppc64le"
        },
        "product_reference": "curl-7.37.0-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.37.0-18.1.s390x as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:curl-7.37.0-18.1.s390x"
        },
        "product_reference": "curl-7.37.0-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:curl-7.37.0-18.1.x86_64"
        },
        "product_reference": "curl-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.37.0-18.1.ppc64le as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-18.1.ppc64le"
        },
        "product_reference": "libcurl4-7.37.0-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.37.0-18.1.s390x as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-18.1.s390x"
        },
        "product_reference": "libcurl4-7.37.0-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-18.1.x86_64"
        },
        "product_reference": "libcurl4-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.37.0-18.1.s390x as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-18.1.s390x"
        },
        "product_reference": "libcurl4-32bit-7.37.0-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-18.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.37.0-18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-18.1.ppc64le"
        },
        "product_reference": "curl-7.37.0-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.37.0-18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-18.1.s390x"
        },
        "product_reference": "curl-7.37.0-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-18.1.x86_64"
        },
        "product_reference": "curl-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.37.0-18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-18.1.ppc64le"
        },
        "product_reference": "libcurl4-7.37.0-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.37.0-18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-18.1.s390x"
        },
        "product_reference": "libcurl4-7.37.0-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-18.1.x86_64"
        },
        "product_reference": "libcurl4-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.37.0-18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-18.1.s390x"
        },
        "product_reference": "libcurl4-32bit-7.37.0-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-18.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.37.0-18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:curl-7.37.0-18.1.ppc64le"
        },
        "product_reference": "curl-7.37.0-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.37.0-18.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:curl-7.37.0-18.1.s390x"
        },
        "product_reference": "curl-7.37.0-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:curl-7.37.0-18.1.x86_64"
        },
        "product_reference": "curl-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.37.0-18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libcurl4-7.37.0-18.1.ppc64le"
        },
        "product_reference": "libcurl4-7.37.0-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.37.0-18.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libcurl4-7.37.0-18.1.s390x"
        },
        "product_reference": "libcurl4-7.37.0-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libcurl4-7.37.0-18.1.x86_64"
        },
        "product_reference": "libcurl4-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.37.0-18.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libcurl4-32bit-7.37.0-18.1.s390x"
        },
        "product_reference": "libcurl4-32bit-7.37.0-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:libcurl4-32bit-7.37.0-18.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.37.0-18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:curl-7.37.0-18.1.ppc64le"
        },
        "product_reference": "curl-7.37.0-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.37.0-18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:curl-7.37.0-18.1.s390x"
        },
        "product_reference": "curl-7.37.0-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:curl-7.37.0-18.1.x86_64"
        },
        "product_reference": "curl-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.37.0-18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-7.37.0-18.1.ppc64le"
        },
        "product_reference": "libcurl4-7.37.0-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.37.0-18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-7.37.0-18.1.s390x"
        },
        "product_reference": "libcurl4-7.37.0-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-7.37.0-18.1.x86_64"
        },
        "product_reference": "libcurl4-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.37.0-18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-32bit-7.37.0-18.1.s390x"
        },
        "product_reference": "libcurl4-32bit-7.37.0-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.37.0-18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-32bit-7.37.0-18.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.37.0-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-0755",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0755"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:curl-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libcurl4-32bit-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Desktop 12 SP1:libcurl4-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:curl-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:curl-7.37.0-18.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:curl-7.37.0-18.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:curl-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libcurl4-32bit-7.37.0-18.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libcurl4-32bit-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:libcurl4-7.37.0-18.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:libcurl4-7.37.0-18.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:libcurl4-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Server 12:curl-7.37.0-18.1.ppc64le",
          "SUSE Linux Enterprise Server 12:curl-7.37.0-18.1.s390x",
          "SUSE Linux Enterprise Server 12:curl-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-18.1.s390x",
          "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-18.1.ppc64le",
          "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-18.1.s390x",
          "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:curl-7.37.0-18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:curl-7.37.0-18.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:curl-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-32bit-7.37.0-18.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-32bit-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-7.37.0-18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-7.37.0-18.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-18.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-18.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-18.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libcurl-devel-7.37.0-18.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libcurl-devel-7.37.0-18.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP1:libcurl-devel-7.37.0-18.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-18.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-18.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0755",
          "url": "https://www.suse.com/security/cve/CVE-2016-0755"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962983 for CVE-2016-0755",
          "url": "https://bugzilla.suse.com/962983"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:curl-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libcurl4-32bit-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libcurl4-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:curl-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:curl-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:curl-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:curl-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libcurl4-32bit-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libcurl4-32bit-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libcurl4-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libcurl4-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libcurl4-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server 12:curl-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server 12:curl-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server 12:curl-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:curl-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:curl-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:curl-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-32bit-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-32bit-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libcurl-devel-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libcurl-devel-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libcurl-devel-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-18.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:curl-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libcurl4-32bit-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Desktop 12 SP1:libcurl4-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:curl-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:curl-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:curl-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:curl-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libcurl4-32bit-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libcurl4-32bit-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:libcurl4-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:libcurl4-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:libcurl4-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server 12:curl-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server 12:curl-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server 12:curl-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:curl-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:curl-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:curl-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-32bit-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-32bit-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:libcurl4-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libcurl-devel-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libcurl-devel-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP1:libcurl-devel-7.37.0-18.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-18.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-18.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-02-04T14:51:34Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-0755"
    }
  ]
}

ghsa-ff7q-9j5g-56pg

Vulnerability from github

Published

2022-05-14 02:21

Modified

2022-05-14 02:21

Severity ?

7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-0755"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-01-29T20:59:00Z",
    "severity": "HIGH"
  },
  "details": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.",
  "id": "GHSA-ff7q-9j5g-56pg",
  "modified": "2022-05-14T02:21:19Z",
  "published": "2022-05-14T02:21:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0755"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201701-47"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207170"
    },
    {
      "type": "WEB",
      "url": "http://curl.haxx.se/docs/adv_20160127A.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3455"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/82307"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034882"
    },
    {
      "type": "WEB",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2882-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

opensuse-su-2024:10303-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

curl-7.51.0-1.1 on GA media

Notes

Title of the patch

curl-7.51.0-1.1 on GA media

Description of the patch

These are all security issues fixed in the curl-7.51.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10303

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "curl-7.51.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the curl-7.51.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10303",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10303-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2009-0037 page",
        "url": "https://www.suse.com/security/cve/CVE-2009-0037/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2009-2417 page",
        "url": "https://www.suse.com/security/cve/CVE-2009-2417/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-0249 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-0249/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-1944 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-1944/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-2174 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-2174/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-4545 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-4545/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-0015 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-0015/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-0138 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-0138/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-0139 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-0139/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-3613 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-3613/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-3620 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-3620/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-8150 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-8150/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3143 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3143/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3144 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3144/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3145 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3145/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3148 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3148/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3153 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3153/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3236 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3236/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3237 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3237/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0755 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0755/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-7167 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-7167/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8615 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8615/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8616 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8616/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8617 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8617/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8618 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8618/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8619 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8619/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8620 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8620/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8621 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8621/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8622 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8622/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8623 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8623/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8624 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8624/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-8625 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-8625/"
      }
    ],
    "title": "curl-7.51.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10303-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.51.0-1.1.aarch64",
                "product": {
                  "name": "curl-7.51.0-1.1.aarch64",
                  "product_id": "curl-7.51.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.51.0-1.1.aarch64",
                "product": {
                  "name": "libcurl-devel-7.51.0-1.1.aarch64",
                  "product_id": "libcurl-devel-7.51.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-32bit-7.51.0-1.1.aarch64",
                "product": {
                  "name": "libcurl-devel-32bit-7.51.0-1.1.aarch64",
                  "product_id": "libcurl-devel-32bit-7.51.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.51.0-1.1.aarch64",
                "product": {
                  "name": "libcurl4-7.51.0-1.1.aarch64",
                  "product_id": "libcurl4-7.51.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.51.0-1.1.aarch64",
                "product": {
                  "name": "libcurl4-32bit-7.51.0-1.1.aarch64",
                  "product_id": "libcurl4-32bit-7.51.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.51.0-1.1.ppc64le",
                "product": {
                  "name": "curl-7.51.0-1.1.ppc64le",
                  "product_id": "curl-7.51.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.51.0-1.1.ppc64le",
                "product": {
                  "name": "libcurl-devel-7.51.0-1.1.ppc64le",
                  "product_id": "libcurl-devel-7.51.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-32bit-7.51.0-1.1.ppc64le",
                "product": {
                  "name": "libcurl-devel-32bit-7.51.0-1.1.ppc64le",
                  "product_id": "libcurl-devel-32bit-7.51.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.51.0-1.1.ppc64le",
                "product": {
                  "name": "libcurl4-7.51.0-1.1.ppc64le",
                  "product_id": "libcurl4-7.51.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.51.0-1.1.ppc64le",
                "product": {
                  "name": "libcurl4-32bit-7.51.0-1.1.ppc64le",
                  "product_id": "libcurl4-32bit-7.51.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.51.0-1.1.s390x",
                "product": {
                  "name": "curl-7.51.0-1.1.s390x",
                  "product_id": "curl-7.51.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.51.0-1.1.s390x",
                "product": {
                  "name": "libcurl-devel-7.51.0-1.1.s390x",
                  "product_id": "libcurl-devel-7.51.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-32bit-7.51.0-1.1.s390x",
                "product": {
                  "name": "libcurl-devel-32bit-7.51.0-1.1.s390x",
                  "product_id": "libcurl-devel-32bit-7.51.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.51.0-1.1.s390x",
                "product": {
                  "name": "libcurl4-7.51.0-1.1.s390x",
                  "product_id": "libcurl4-7.51.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.51.0-1.1.s390x",
                "product": {
                  "name": "libcurl4-32bit-7.51.0-1.1.s390x",
                  "product_id": "libcurl4-32bit-7.51.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-7.51.0-1.1.x86_64",
                "product": {
                  "name": "curl-7.51.0-1.1.x86_64",
                  "product_id": "curl-7.51.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-7.51.0-1.1.x86_64",
                "product": {
                  "name": "libcurl-devel-7.51.0-1.1.x86_64",
                  "product_id": "libcurl-devel-7.51.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl-devel-32bit-7.51.0-1.1.x86_64",
                "product": {
                  "name": "libcurl-devel-32bit-7.51.0-1.1.x86_64",
                  "product_id": "libcurl-devel-32bit-7.51.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-7.51.0-1.1.x86_64",
                "product": {
                  "name": "libcurl4-7.51.0-1.1.x86_64",
                  "product_id": "libcurl4-7.51.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-32bit-7.51.0-1.1.x86_64",
                "product": {
                  "name": "libcurl4-32bit-7.51.0-1.1.x86_64",
                  "product_id": "libcurl4-32bit-7.51.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64"
        },
        "product_reference": "curl-7.51.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le"
        },
        "product_reference": "curl-7.51.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.51.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x"
        },
        "product_reference": "curl-7.51.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64"
        },
        "product_reference": "curl-7.51.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64"
        },
        "product_reference": "libcurl-devel-7.51.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le"
        },
        "product_reference": "libcurl-devel-7.51.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.51.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x"
        },
        "product_reference": "libcurl-devel-7.51.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64"
        },
        "product_reference": "libcurl-devel-7.51.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-32bit-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64"
        },
        "product_reference": "libcurl-devel-32bit-7.51.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-32bit-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le"
        },
        "product_reference": "libcurl-devel-32bit-7.51.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-32bit-7.51.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x"
        },
        "product_reference": "libcurl-devel-32bit-7.51.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl-devel-32bit-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64"
        },
        "product_reference": "libcurl-devel-32bit-7.51.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64"
        },
        "product_reference": "libcurl4-7.51.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le"
        },
        "product_reference": "libcurl4-7.51.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.51.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x"
        },
        "product_reference": "libcurl4-7.51.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        },
        "product_reference": "libcurl4-7.51.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64"
        },
        "product_reference": "libcurl4-32bit-7.51.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le"
        },
        "product_reference": "libcurl4-32bit-7.51.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.51.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x"
        },
        "product_reference": "libcurl4-32bit-7.51.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-32bit-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64"
        },
        "product_reference": "libcurl4-32bit-7.51.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0037",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2009-0037"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2009-0037",
          "url": "https://www.suse.com/security/cve/CVE-2009-0037"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 475103 for CVE-2009-0037",
          "url": "https://bugzilla.suse.com/475103"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 527990 for CVE-2009-0037",
          "url": "https://bugzilla.suse.com/527990"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2009-0037"
    },
    {
      "cve": "CVE-2009-2417",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2009-2417"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2009-2417",
          "url": "https://www.suse.com/security/cve/CVE-2009-2417"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 527990 for CVE-2009-2417",
          "url": "https://bugzilla.suse.com/527990"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 528372 for CVE-2009-2417",
          "url": "https://bugzilla.suse.com/528372"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2009-2417"
    },
    {
      "cve": "CVE-2013-0249",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-0249"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-0249",
          "url": "https://www.suse.com/security/cve/CVE-2013-0249"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 802411 for CVE-2013-0249",
          "url": "https://bugzilla.suse.com/802411"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2013-0249"
    },
    {
      "cve": "CVE-2013-1944",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-1944"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-1944",
          "url": "https://www.suse.com/security/cve/CVE-2013-1944"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 814655 for CVE-2013-1944",
          "url": "https://bugzilla.suse.com/814655"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2013-1944"
    },
    {
      "cve": "CVE-2013-2174",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-2174"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a \"%\" (percent) character.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-2174",
          "url": "https://www.suse.com/security/cve/CVE-2013-2174"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 824517 for CVE-2013-2174",
          "url": "https://bugzilla.suse.com/824517"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 917692 for CVE-2013-2174",
          "url": "https://bugzilla.suse.com/917692"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2013-2174"
    },
    {
      "cve": "CVE-2013-4545",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-4545"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-4545",
          "url": "https://www.suse.com/security/cve/CVE-2013-4545"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 849596 for CVE-2013-4545",
          "url": "https://bugzilla.suse.com/849596"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 870444 for CVE-2013-4545",
          "url": "https://bugzilla.suse.com/870444"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 880252 for CVE-2013-4545",
          "url": "https://bugzilla.suse.com/880252"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 882520 for CVE-2013-4545",
          "url": "https://bugzilla.suse.com/882520"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 924250 for CVE-2013-4545",
          "url": "https://bugzilla.suse.com/924250"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2013-4545"
    },
    {
      "cve": "CVE-2014-0015",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-0015"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-0015",
          "url": "https://www.suse.com/security/cve/CVE-2014-0015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 858673 for CVE-2014-0015",
          "url": "https://bugzilla.suse.com/858673"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 868627 for CVE-2014-0015",
          "url": "https://bugzilla.suse.com/868627"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 880252 for CVE-2014-0015",
          "url": "https://bugzilla.suse.com/880252"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 882520 for CVE-2014-0015",
          "url": "https://bugzilla.suse.com/882520"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 927556 for CVE-2014-0015",
          "url": "https://bugzilla.suse.com/927556"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962983 for CVE-2014-0015",
          "url": "https://bugzilla.suse.com/962983"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2014-0015"
    },
    {
      "cve": "CVE-2014-0138",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-0138"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-0138",
          "url": "https://www.suse.com/security/cve/CVE-2014-0138"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 868627 for CVE-2014-0138",
          "url": "https://bugzilla.suse.com/868627"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 880252 for CVE-2014-0138",
          "url": "https://bugzilla.suse.com/880252"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 882520 for CVE-2014-0138",
          "url": "https://bugzilla.suse.com/882520"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-0138"
    },
    {
      "cve": "CVE-2014-0139",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-0139"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject\u0027s Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-0139",
          "url": "https://www.suse.com/security/cve/CVE-2014-0139"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 868629 for CVE-2014-0139",
          "url": "https://bugzilla.suse.com/868629"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 880252 for CVE-2014-0139",
          "url": "https://bugzilla.suse.com/880252"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 882520 for CVE-2014-0139",
          "url": "https://bugzilla.suse.com/882520"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-0139"
    },
    {
      "cve": "CVE-2014-3613",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-3613"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-3613",
          "url": "https://www.suse.com/security/cve/CVE-2014-3613"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 894575 for CVE-2014-3613",
          "url": "https://bugzilla.suse.com/894575"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-3613"
    },
    {
      "cve": "CVE-2014-3620",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-3620"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-3620",
          "url": "https://www.suse.com/security/cve/CVE-2014-3620"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199221 for CVE-2014-3620",
          "url": "https://bugzilla.suse.com/1199221"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 894575 for CVE-2014-3620",
          "url": "https://bugzilla.suse.com/894575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 895991 for CVE-2014-3620",
          "url": "https://bugzilla.suse.com/895991"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-3620"
    },
    {
      "cve": "CVE-2014-8150",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-8150"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-8150",
          "url": "https://www.suse.com/security/cve/CVE-2014-8150"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 911363 for CVE-2014-8150",
          "url": "https://bugzilla.suse.com/911363"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 951391 for CVE-2014-8150",
          "url": "https://bugzilla.suse.com/951391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-8150"
    },
    {
      "cve": "CVE-2015-3143",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3143"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3143",
          "url": "https://www.suse.com/security/cve/CVE-2015-3143"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 927556 for CVE-2015-3143",
          "url": "https://bugzilla.suse.com/927556"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3143"
    },
    {
      "cve": "CVE-2015-3144",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3144"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by \"http://:80\" and \":80.\"",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3144",
          "url": "https://www.suse.com/security/cve/CVE-2015-3144"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 927608 for CVE-2015-3144",
          "url": "https://bugzilla.suse.com/927608"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 951391 for CVE-2015-3144",
          "url": "https://bugzilla.suse.com/951391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-3144"
    },
    {
      "cve": "CVE-2015-3145",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3145"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3145",
          "url": "https://www.suse.com/security/cve/CVE-2015-3145"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 927607 for CVE-2015-3145",
          "url": "https://bugzilla.suse.com/927607"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-3145"
    },
    {
      "cve": "CVE-2015-3148",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3148"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3148",
          "url": "https://www.suse.com/security/cve/CVE-2015-3148"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1092962 for CVE-2015-3148",
          "url": "https://bugzilla.suse.com/1092962"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 927746 for CVE-2015-3148",
          "url": "https://bugzilla.suse.com/927746"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3148"
    },
    {
      "cve": "CVE-2015-3153",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3153"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3153",
          "url": "https://www.suse.com/security/cve/CVE-2015-3153"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 928533 for CVE-2015-3153",
          "url": "https://bugzilla.suse.com/928533"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 951391 for CVE-2015-3153",
          "url": "https://bugzilla.suse.com/951391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3153"
    },
    {
      "cve": "CVE-2015-3236",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3236"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3236",
          "url": "https://www.suse.com/security/cve/CVE-2015-3236"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 934501 for CVE-2015-3236",
          "url": "https://bugzilla.suse.com/934501"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 951391 for CVE-2015-3236",
          "url": "https://bugzilla.suse.com/951391"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3236"
    },
    {
      "cve": "CVE-2015-3237",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3237"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3237",
          "url": "https://www.suse.com/security/cve/CVE-2015-3237"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 934502 for CVE-2015-3237",
          "url": "https://bugzilla.suse.com/934502"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3237"
    },
    {
      "cve": "CVE-2016-0755",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0755"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0755",
          "url": "https://www.suse.com/security/cve/CVE-2016-0755"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 962983 for CVE-2016-0755",
          "url": "https://bugzilla.suse.com/962983"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-0755"
    },
    {
      "cve": "CVE-2016-7167",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-7167"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-7167",
          "url": "https://www.suse.com/security/cve/CVE-2016-7167"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 998760 for CVE-2016-7167",
          "url": "https://bugzilla.suse.com/998760"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-7167"
    },
    {
      "cve": "CVE-2016-8615",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8615"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8615",
          "url": "https://www.suse.com/security/cve/CVE-2016-8615"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005633 for CVE-2016-8615",
          "url": "https://bugzilla.suse.com/1005633"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-8615"
    },
    {
      "cve": "CVE-2016-8616",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8616"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8616",
          "url": "https://www.suse.com/security/cve/CVE-2016-8616"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005634 for CVE-2016-8616",
          "url": "https://bugzilla.suse.com/1005634"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-8616"
    },
    {
      "cve": "CVE-2016-8617",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8617"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8617",
          "url": "https://www.suse.com/security/cve/CVE-2016-8617"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005635 for CVE-2016-8617",
          "url": "https://bugzilla.suse.com/1005635"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-8617"
    },
    {
      "cve": "CVE-2016-8618",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8618"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8618",
          "url": "https://www.suse.com/security/cve/CVE-2016-8618"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005637 for CVE-2016-8618",
          "url": "https://bugzilla.suse.com/1005637"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-8618"
    },
    {
      "cve": "CVE-2016-8619",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8619"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8619",
          "url": "https://www.suse.com/security/cve/CVE-2016-8619"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005638 for CVE-2016-8619",
          "url": "https://bugzilla.suse.com/1005638"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-8619"
    },
    {
      "cve": "CVE-2016-8620",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8620"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The \u0027globbing\u0027 feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8620",
          "url": "https://www.suse.com/security/cve/CVE-2016-8620"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005640 for CVE-2016-8620",
          "url": "https://bugzilla.suse.com/1005640"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-8620"
    },
    {
      "cve": "CVE-2016-8621",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8621"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8621",
          "url": "https://www.suse.com/security/cve/CVE-2016-8621"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005642 for CVE-2016-8621",
          "url": "https://bugzilla.suse.com/1005642"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-8621"
    },
    {
      "cve": "CVE-2016-8622",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8622"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8622",
          "url": "https://www.suse.com/security/cve/CVE-2016-8622"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005643 for CVE-2016-8622",
          "url": "https://bugzilla.suse.com/1005643"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-8622"
    },
    {
      "cve": "CVE-2016-8623",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8623"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8623",
          "url": "https://www.suse.com/security/cve/CVE-2016-8623"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005645 for CVE-2016-8623",
          "url": "https://bugzilla.suse.com/1005645"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-8623"
    },
    {
      "cve": "CVE-2016-8624",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8624"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "curl before version 7.51.0 doesn\u0027t parse the authority component of the URL correctly when the host name part ends with a \u0027#\u0027 character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8624",
          "url": "https://www.suse.com/security/cve/CVE-2016-8624"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005646 for CVE-2016-8624",
          "url": "https://bugzilla.suse.com/1005646"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-8624"
    },
    {
      "cve": "CVE-2016-8625",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-8625"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
          "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-8625",
          "url": "https://www.suse.com/security/cve/CVE-2016-8625"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1005649 for CVE-2016-8625",
          "url": "https://bugzilla.suse.com/1005649"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
            "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-8625"
    }
  ]
}

gsd-2016-0755

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-0755

Aliases

CVE-2016-0755

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-0755",
    "description": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.",
    "id": "GSD-2016-0755",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-0755.html",
      "https://www.debian.org/security/2016/dsa-3455",
      "https://ubuntu.com/security/CVE-2016-0755",
      "https://advisories.mageia.org/CVE-2016-0755.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2016-0755.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-0755"
      ],
      "details": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.",
      "id": "GSD-2016-0755",
      "modified": "2023-12-13T01:21:17.203975Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2016-0755",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "FEDORA-2016-57bebab3b6",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html"
          },
          {
            "name": "openSUSE-SU-2016:0360",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html"
          },
          {
            "name": "FEDORA-2016-3fa315a5dd",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html"
          },
          {
            "name": "APPLE-SA-2016-09-20",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
          },
          {
            "name": "http://curl.haxx.se/docs/adv_20160127A.html",
            "refsource": "CONFIRM",
            "url": "http://curl.haxx.se/docs/adv_20160127A.html"
          },
          {
            "name": "SSA:2016-039-01",
            "refsource": "SLACKWARE",
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965"
          },
          {
            "name": "DSA-3455",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2016/dsa-3455"
          },
          {
            "name": "openSUSE-SU-2016:0376",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "name": "82307",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/82307"
          },
          {
            "name": "https://support.apple.com/HT207170",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT207170"
          },
          {
            "name": "openSUSE-SU-2016:0373",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html"
          },
          {
            "name": "1034882",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034882"
          },
          {
            "name": "FEDORA-2016-5a141de5d9",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html"
          },
          {
            "name": "USN-2882-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2882-1"
          },
          {
            "name": "GLSA-201701-47",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201701-47"
          },
          {
            "name": "FEDORA-2016-55137a3adb",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.46.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-0755"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2882-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2882-1"
            },
            {
              "name": "DSA-3455",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2016/dsa-3455"
            },
            {
              "name": "http://curl.haxx.se/docs/adv_20160127A.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://curl.haxx.se/docs/adv_20160127A.html"
            },
            {
              "name": "https://support.apple.com/HT207170",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/HT207170"
            },
            {
              "name": "APPLE-SA-2016-09-20",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
            },
            {
              "name": "82307",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/82307"
            },
            {
              "name": "openSUSE-SU-2016:0360",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html"
            },
            {
              "name": "SSA:2016-039-01",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.519965"
            },
            {
              "name": "openSUSE-SU-2016:0376",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00047.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/135695/Slackware-Security-Advisory-curl-Updates.html"
            },
            {
              "name": "openSUSE-SU-2016:0373",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00044.html"
            },
            {
              "name": "FEDORA-2016-55137a3adb",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html"
            },
            {
              "name": "FEDORA-2016-5a141de5d9",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html"
            },
            {
              "name": "FEDORA-2016-3fa315a5dd",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html"
            },
            {
              "name": "FEDORA-2016-57bebab3b6",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html"
            },
            {
              "name": "1034882",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034882"
            },
            {
              "name": "GLSA-201701-47",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201701-47"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM"
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2018-10-17T01:29Z",
      "publishedDate": "2016-01-29T20:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-0755 (GCVE-0-2016-0755)

Vulnerability from cvelistv5

fkie_cve-2016-0755

Vulnerability from fkie_nvd

suse-su-2016:0778-1

Vulnerability from csaf_suse

suse-su-2016:0347-1

Vulnerability from csaf_suse

suse-su-2016:0340-1

Vulnerability from csaf_suse

ghsa-ff7q-9j5g-56pg

Vulnerability from github

opensuse-su-2024:10303-1

Vulnerability from csaf_opensuse

gsd-2016-0755

Vulnerability from gsd

Tags

Sightings

Nomenclature