Security update for curl SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:4284-2 Final 1 1 2024-12-19T10:22:01Z current 2024-12-19T10:22:01Z 2024-12-19T10:22:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for curl This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/ltss/sle12.5/sles12sp5:latest-2024-4284,Image SLES12-SP5-Azure-BYOS-2024-4284,Image SLES12-SP5-Azure-HPC-BYOS-2024-4284,Image SLES12-SP5-Azure-HPC-On-Demand-2024-4284,Image SLES12-SP5-Azure-SAP-BYOS-2024-4284,Image SLES12-SP5-Azure-SAP-On-Demand-2024-4284,Image SLES12-SP5-Azure-Standard-On-Demand-2024-4284,Image SLES12-SP5-EC2-BYOS-2024-4284,Image SLES12-SP5-EC2-ECS-On-Demand-2024-4284,Image SLES12-SP5-EC2-On-Demand-2024-4284,Image SLES12-SP5-EC2-SAP-BYOS-2024-4284,Image SLES12-SP5-EC2-SAP-On-Demand-2024-4284,Image SLES12-SP5-GCE-BYOS-2024-4284,Image SLES12-SP5-GCE-On-Demand-2024-4284,Image SLES12-SP5-GCE-SAP-BYOS-2024-4284,Image SLES12-SP5-GCE-SAP-On-Demand-2024-4284,Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2024-4284,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2024-4284,SUSE-2024-4284,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-4284 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20244284-2/ Link for SUSE-SU-2024:4284-2 https://lists.suse.com/pipermail/sle-security-updates/2024-December/020031.html E-Mail link for SUSE-SU-2024:4284-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1234068 SUSE Bug 1234068 https://www.suse.com/security/cve/CVE-2024-11053/ SUSE CVE CVE-2024-11053 page Container suse/ltss/sle12.5/sles12sp5:latest Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-HPC-On-Demand Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-Azure-Standard-On-Demand Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-On-Demand Image SLES12-SP5-GCE-SAP-BYOS Image SLES12-SP5-GCE-SAP-On-Demand Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libcurl4-8.0.1-11.101.1 curl-8.0.1-11.101.1 libcurl-devel-8.0.1-11.101.1 libcurl-devel-32bit-8.0.1-11.101.1 libcurl-devel-64bit-8.0.1-11.101.1 libcurl4-32bit-8.0.1-11.101.1 libcurl4-64bit-8.0.1-11.101.1 libcurl4-8.0.1-11.101.1 as a component of Container suse/ltss/sle12.5/sles12sp5:latest curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-Azure-BYOS libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-Azure-BYOS curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-Azure-HPC-On-Demand libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-Azure-HPC-On-Demand curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-Azure-Standard-On-Demand libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-Azure-Standard-On-Demand curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-EC2-BYOS libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-EC2-BYOS libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-EC2-On-Demand libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-EC2-On-Demand curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-GCE-BYOS libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-GCE-BYOS curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-GCE-On-Demand libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-GCE-On-Demand curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production curl-8.0.1-11.101.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libcurl4-8.0.1-11.101.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production curl-8.0.1-11.101.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libcurl-devel-8.0.1-11.101.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libcurl4-8.0.1-11.101.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libcurl4-32bit-8.0.1-11.101.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password. CVE-2024-11053 Container suse/ltss/sle12.5/sles12sp5:latest:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-Azure-BYOS:curl-8.0.1-11.101.1 Image SLES12-SP5-Azure-BYOS:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-Azure-HPC-BYOS:curl-8.0.1-11.101.1 Image SLES12-SP5-Azure-HPC-BYOS:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-Azure-HPC-On-Demand:curl-8.0.1-11.101.1 Image SLES12-SP5-Azure-HPC-On-Demand:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-Azure-SAP-BYOS:curl-8.0.1-11.101.1 Image SLES12-SP5-Azure-SAP-BYOS:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-Azure-SAP-On-Demand:curl-8.0.1-11.101.1 Image SLES12-SP5-Azure-SAP-On-Demand:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-Azure-Standard-On-Demand:curl-8.0.1-11.101.1 Image SLES12-SP5-Azure-Standard-On-Demand:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-EC2-BYOS:curl-8.0.1-11.101.1 Image SLES12-SP5-EC2-BYOS:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-EC2-ECS-On-Demand:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-EC2-On-Demand:curl-8.0.1-11.101.1 Image SLES12-SP5-EC2-On-Demand:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-EC2-SAP-BYOS:curl-8.0.1-11.101.1 Image SLES12-SP5-EC2-SAP-BYOS:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-EC2-SAP-On-Demand:curl-8.0.1-11.101.1 Image SLES12-SP5-EC2-SAP-On-Demand:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-GCE-BYOS:curl-8.0.1-11.101.1 Image SLES12-SP5-GCE-BYOS:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-GCE-On-Demand:curl-8.0.1-11.101.1 Image SLES12-SP5-GCE-On-Demand:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-GCE-SAP-BYOS:curl-8.0.1-11.101.1 Image SLES12-SP5-GCE-SAP-BYOS:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-GCE-SAP-On-Demand:curl-8.0.1-11.101.1 Image SLES12-SP5-GCE-SAP-On-Demand:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:curl-8.0.1-11.101.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libcurl4-8.0.1-11.101.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:curl-8.0.1-11.101.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libcurl4-8.0.1-11.101.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:curl-8.0.1-11.101.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libcurl-devel-8.0.1-11.101.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libcurl4-32bit-8.0.1-11.101.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libcurl4-8.0.1-11.101.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20244284-2/ https://www.suse.com/security/cve/CVE-2024-11053.html CVE-2024-11053 https://bugzilla.suse.com/1234068 SUSE Bug 1234068