davix-0.8.4-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12714-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z davix-0.8.4-1.1 on GA media These are all security issues fixed in the davix-0.8.4-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12714 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-32221/ SUSE CVE CVE-2022-32221 page openSUSE Tumbleweed davix-0.8.4-1.1 davix-devel-0.8.4-1.1 libdavix0-0.8.4-1.1 davix-0.8.4-1.1 as a component of openSUSE Tumbleweed davix-devel-0.8.4-1.1 as a component of openSUSE Tumbleweed libdavix0-0.8.4-1.1 as a component of openSUSE Tumbleweed When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. CVE-2022-32221 openSUSE Tumbleweed:davix-0.8.4-1.1 openSUSE Tumbleweed:davix-devel-0.8.4-1.1 openSUSE Tumbleweed:libdavix0-0.8.4-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-32221.html CVE-2022-32221 https://bugzilla.suse.com/1204383 SUSE Bug 1204383 https://bugzilla.suse.com/1205287 SUSE Bug 1205287 https://bugzilla.suse.com/1205834 SUSE Bug 1205834 https://bugzilla.suse.com/1206236 SUSE Bug 1206236 https://bugzilla.suse.com/1208340 SUSE Bug 1208340 https://bugzilla.suse.com/1211233 SUSE Bug 1211233