curl-8.11.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14575-1 Final 1 1 2024-12-13T00:00:00Z current 2024-12-13T00:00:00Z 2024-12-13T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z curl-8.11.1-1.1 on GA media These are all security issues fixed in the curl-8.11.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14575 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-11053/ SUSE CVE CVE-2024-11053 page openSUSE Tumbleweed curl-8.11.1-1.1 curl-fish-completion-8.11.1-1.1 curl-zsh-completion-8.11.1-1.1 libcurl-devel-8.11.1-1.1 libcurl-devel-32bit-8.11.1-1.1 libcurl-devel-doc-8.11.1-1.1 libcurl4-8.11.1-1.1 libcurl4-32bit-8.11.1-1.1 curl-8.11.1-1.1 as a component of openSUSE Tumbleweed curl-fish-completion-8.11.1-1.1 as a component of openSUSE Tumbleweed curl-zsh-completion-8.11.1-1.1 as a component of openSUSE Tumbleweed libcurl-devel-8.11.1-1.1 as a component of openSUSE Tumbleweed libcurl-devel-32bit-8.11.1-1.1 as a component of openSUSE Tumbleweed libcurl-devel-doc-8.11.1-1.1 as a component of openSUSE Tumbleweed libcurl4-8.11.1-1.1 as a component of openSUSE Tumbleweed libcurl4-32bit-8.11.1-1.1 as a component of openSUSE Tumbleweed When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password. CVE-2024-11053 openSUSE Tumbleweed:curl-8.11.1-1.1 openSUSE Tumbleweed:curl-fish-completion-8.11.1-1.1 openSUSE Tumbleweed:curl-zsh-completion-8.11.1-1.1 openSUSE Tumbleweed:libcurl-devel-32bit-8.11.1-1.1 openSUSE Tumbleweed:libcurl-devel-8.11.1-1.1 openSUSE Tumbleweed:libcurl-devel-doc-8.11.1-1.1 openSUSE Tumbleweed:libcurl4-32bit-8.11.1-1.1 openSUSE Tumbleweed:libcurl4-8.11.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-11053.html CVE-2024-11053 https://bugzilla.suse.com/1234068 SUSE Bug 1234068