curl-8.10.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14333-1 Final 1 1 2024-09-12T00:00:00Z current 2024-09-12T00:00:00Z 2024-09-12T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z curl-8.10.0-1.1 on GA media These are all security issues fixed in the curl-8.10.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14333 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-8096/ SUSE CVE CVE-2024-8096 page openSUSE Tumbleweed curl-8.10.0-1.1 curl-fish-completion-8.10.0-1.1 curl-zsh-completion-8.10.0-1.1 libcurl-devel-8.10.0-1.1 libcurl-devel-32bit-8.10.0-1.1 libcurl-devel-doc-8.10.0-1.1 libcurl4-8.10.0-1.1 libcurl4-32bit-8.10.0-1.1 curl-8.10.0-1.1 as a component of openSUSE Tumbleweed curl-fish-completion-8.10.0-1.1 as a component of openSUSE Tumbleweed curl-zsh-completion-8.10.0-1.1 as a component of openSUSE Tumbleweed libcurl-devel-8.10.0-1.1 as a component of openSUSE Tumbleweed libcurl-devel-32bit-8.10.0-1.1 as a component of openSUSE Tumbleweed libcurl-devel-doc-8.10.0-1.1 as a component of openSUSE Tumbleweed libcurl4-8.10.0-1.1 as a component of openSUSE Tumbleweed libcurl4-32bit-8.10.0-1.1 as a component of openSUSE Tumbleweed When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate. CVE-2024-8096 openSUSE Tumbleweed:curl-8.10.0-1.1 openSUSE Tumbleweed:curl-fish-completion-8.10.0-1.1 openSUSE Tumbleweed:curl-zsh-completion-8.10.0-1.1 openSUSE Tumbleweed:libcurl-devel-32bit-8.10.0-1.1 openSUSE Tumbleweed:libcurl-devel-8.10.0-1.1 openSUSE Tumbleweed:libcurl-devel-doc-8.10.0-1.1 openSUSE Tumbleweed:libcurl4-32bit-8.10.0-1.1 openSUSE Tumbleweed:libcurl4-8.10.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-8096.html CVE-2024-8096 https://bugzilla.suse.com/1230093 SUSE Bug 1230093