opensuse-su-2024:13805-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
curl-8.7.1-1.1 on GA media
Notes
Title of the patch
curl-8.7.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the curl-8.7.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13805
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "curl-8.7.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the curl-8.7.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13805",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13805-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2004 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2379 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2398 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2398/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-2466 page",
"url": "https://www.suse.com/security/cve/CVE-2024-2466/"
}
],
"title": "curl-8.7.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13805-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "curl-8.7.1-1.1.aarch64",
"product": {
"name": "curl-8.7.1-1.1.aarch64",
"product_id": "curl-8.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.7.1-1.1.aarch64",
"product": {
"name": "libcurl-devel-8.7.1-1.1.aarch64",
"product_id": "libcurl-devel-8.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-8.7.1-1.1.aarch64",
"product": {
"name": "libcurl-devel-32bit-8.7.1-1.1.aarch64",
"product_id": "libcurl-devel-32bit-8.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-8.7.1-1.1.aarch64",
"product": {
"name": "libcurl4-8.7.1-1.1.aarch64",
"product_id": "libcurl4-8.7.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-8.7.1-1.1.aarch64",
"product": {
"name": "libcurl4-32bit-8.7.1-1.1.aarch64",
"product_id": "libcurl4-32bit-8.7.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-8.7.1-1.1.ppc64le",
"product": {
"name": "curl-8.7.1-1.1.ppc64le",
"product_id": "curl-8.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.7.1-1.1.ppc64le",
"product": {
"name": "libcurl-devel-8.7.1-1.1.ppc64le",
"product_id": "libcurl-devel-8.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"product": {
"name": "libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"product_id": "libcurl-devel-32bit-8.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-8.7.1-1.1.ppc64le",
"product": {
"name": "libcurl4-8.7.1-1.1.ppc64le",
"product_id": "libcurl4-8.7.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-8.7.1-1.1.ppc64le",
"product": {
"name": "libcurl4-32bit-8.7.1-1.1.ppc64le",
"product_id": "libcurl4-32bit-8.7.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-8.7.1-1.1.s390x",
"product": {
"name": "curl-8.7.1-1.1.s390x",
"product_id": "curl-8.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.7.1-1.1.s390x",
"product": {
"name": "libcurl-devel-8.7.1-1.1.s390x",
"product_id": "libcurl-devel-8.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-8.7.1-1.1.s390x",
"product": {
"name": "libcurl-devel-32bit-8.7.1-1.1.s390x",
"product_id": "libcurl-devel-32bit-8.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-8.7.1-1.1.s390x",
"product": {
"name": "libcurl4-8.7.1-1.1.s390x",
"product_id": "libcurl4-8.7.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-8.7.1-1.1.s390x",
"product": {
"name": "libcurl4-32bit-8.7.1-1.1.s390x",
"product_id": "libcurl4-32bit-8.7.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-8.7.1-1.1.x86_64",
"product": {
"name": "curl-8.7.1-1.1.x86_64",
"product_id": "curl-8.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-8.7.1-1.1.x86_64",
"product": {
"name": "libcurl-devel-8.7.1-1.1.x86_64",
"product_id": "libcurl-devel-8.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-8.7.1-1.1.x86_64",
"product": {
"name": "libcurl-devel-32bit-8.7.1-1.1.x86_64",
"product_id": "libcurl-devel-32bit-8.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-8.7.1-1.1.x86_64",
"product": {
"name": "libcurl4-8.7.1-1.1.x86_64",
"product_id": "libcurl4-8.7.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-8.7.1-1.1.x86_64",
"product": {
"name": "libcurl4-32bit-8.7.1-1.1.x86_64",
"product_id": "libcurl4-32bit-8.7.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-8.7.1-1.1.aarch64"
},
"product_reference": "curl-8.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-8.7.1-1.1.ppc64le"
},
"product_reference": "curl-8.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-8.7.1-1.1.s390x"
},
"product_reference": "curl-8.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-8.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-8.7.1-1.1.x86_64"
},
"product_reference": "curl-8.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.aarch64"
},
"product_reference": "libcurl-devel-8.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.ppc64le"
},
"product_reference": "libcurl-devel-8.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.s390x"
},
"product_reference": "libcurl-devel-8.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-8.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.x86_64"
},
"product_reference": "libcurl-devel-8.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-8.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.aarch64"
},
"product_reference": "libcurl-devel-32bit-8.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-8.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.ppc64le"
},
"product_reference": "libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-8.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.s390x"
},
"product_reference": "libcurl-devel-32bit-8.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-8.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.x86_64"
},
"product_reference": "libcurl-devel-32bit-8.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-8.7.1-1.1.aarch64"
},
"product_reference": "libcurl4-8.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-8.7.1-1.1.ppc64le"
},
"product_reference": "libcurl4-8.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-8.7.1-1.1.s390x"
},
"product_reference": "libcurl4-8.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-8.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-8.7.1-1.1.x86_64"
},
"product_reference": "libcurl4-8.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-8.7.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.aarch64"
},
"product_reference": "libcurl4-32bit-8.7.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-8.7.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.ppc64le"
},
"product_reference": "libcurl4-32bit-8.7.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-8.7.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.s390x"
},
"product_reference": "libcurl4-32bit-8.7.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-8.7.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.x86_64"
},
"product_reference": "libcurl4-32bit-8.7.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-2004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2004"
}
],
"notes": [
{
"category": "general",
"text": "When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:curl-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2004",
"url": "https://www.suse.com/security/cve/CVE-2024-2004"
},
{
"category": "external",
"summary": "SUSE Bug 1221665 for CVE-2024-2004",
"url": "https://bugzilla.suse.com/1221665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:curl-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:curl-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-2004"
},
{
"cve": "CVE-2024-2379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2379"
}
],
"notes": [
{
"category": "general",
"text": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:curl-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2379",
"url": "https://www.suse.com/security/cve/CVE-2024-2379"
},
{
"category": "external",
"summary": "SUSE Bug 1221666 for CVE-2024-2379",
"url": "https://bugzilla.suse.com/1221666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:curl-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:curl-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-2379"
},
{
"cve": "CVE-2024-2398",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2398"
}
],
"notes": [
{
"category": "general",
"text": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:curl-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2398",
"url": "https://www.suse.com/security/cve/CVE-2024-2398"
},
{
"category": "external",
"summary": "SUSE Bug 1221667 for CVE-2024-2398",
"url": "https://bugzilla.suse.com/1221667"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:curl-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:curl-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-2398"
},
{
"cve": "CVE-2024-2466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-2466"
}
],
"notes": [
{
"category": "general",
"text": "libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:curl-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-2466",
"url": "https://www.suse.com/security/cve/CVE-2024-2466"
},
{
"category": "external",
"summary": "SUSE Bug 1221668 for CVE-2024-2466",
"url": "https://bugzilla.suse.com/1221668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:curl-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:curl-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-8.7.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-8.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-2466"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…