SUSE Security Update: Security update for curl
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2629-1
Rating:             moderate
References:         #1084521 #1101811 #1106019 
Cross-References:   CVE-2018-1000120 CVE-2018-14618
Affected Products:
                    SUSE Studio Onsite 1.3
______________________________________________________________________________

   An update that solves two vulnerabilities and has one
   errata is now available.

Description:

   This update for curl fixes the following security issues:

   - CVE-2018-1000120: Prevent buffer overflow in the FTP URL handling that
     allowed an attacker to cause a denial of service (bsc#1084521).
   - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code
     (bsc#1106019)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation
 methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Studio Onsite 1.3:

      zypper in -t patch slestso13-curl-13769=1



Package List:

   - SUSE Studio Onsite 1.3 (x86_64):

      libcurl-devel-7.19.7-1.20.53.16.1


References:

   https://www.suse.com/security/cve/CVE-2018-1000120.html
   https://www.suse.com/security/cve/CVE-2018-14618.html
   https://bugzilla.suse.com/1084521
   https://bugzilla.suse.com/1101811
   https://bugzilla.suse.com/1106019

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates