Security update for curl SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4300-1 Final 1 1 2025-11-28T12:57:53Z current 2025-11-28T12:57:53Z 2025-11-28T12:57:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for curl This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/gcc:latest-2025-4300,Container bci/golang:1.24-2025-4300,Container bci/golang:1.24-openssl-2025-4300,Container bci/golang:latest-2025-4300,Container bci/nodejs:latest-2025-4300,Container bci/openjdk:17-2025-4300,Container bci/openjdk:latest-2025-4300,Container bci/python:3-2025-4300,Container bci/python:latest-2025-4300,Container bci/ruby:2-2025-4300,Container bci/ruby:latest-2025-4300,Container suse/git:latest-2025-4300,Container suse/kiosk/firefox-esr:latest-2025-4300,SUSE-2025-4300,SUSE-SLE-Module-Basesystem-15-SP7-2025-4300 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254300-1/ Link for SUSE-SU-2025:4300-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023440.html E-Mail link for SUSE-SU-2025:4300-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1253757 SUSE Bug 1253757 https://www.suse.com/security/cve/CVE-2025-11563/ SUSE CVE CVE-2025-11563 page Container bci/gcc:latest Container bci/golang:1.24 Container bci/golang:1.24-openssl Container bci/golang:latest Container bci/nodejs:latest Container bci/openjdk:17 Container bci/openjdk:latest Container bci/python:3 Container bci/python:latest Container bci/ruby:2 Container bci/ruby:latest Container suse/git:latest Container suse/kiosk/firefox-esr:latest SUSE Linux Enterprise Module for Basesystem 15 SP7 curl-8.14.1-150700.7.5.1 libcurl4-8.14.1-150700.7.5.1 curl-fish-completion-8.14.1-150700.7.5.1 curl-zsh-completion-8.14.1-150700.7.5.1 libcurl-devel-8.14.1-150700.7.5.1 libcurl-devel-32bit-8.14.1-150700.7.5.1 libcurl-devel-64bit-8.14.1-150700.7.5.1 libcurl-devel-doc-8.14.1-150700.7.5.1 libcurl-mini4-8.14.1-150700.7.5.1 libcurl4-32bit-8.14.1-150700.7.5.1 libcurl4-64bit-8.14.1-150700.7.5.1 curl-8.14.1-150700.7.5.1 as a component of Container bci/gcc:latest curl-8.14.1-150700.7.5.1 as a component of Container bci/golang:1.24 curl-8.14.1-150700.7.5.1 as a component of Container bci/golang:1.24-openssl curl-8.14.1-150700.7.5.1 as a component of Container bci/golang:latest curl-8.14.1-150700.7.5.1 as a component of Container bci/nodejs:latest curl-8.14.1-150700.7.5.1 as a component of Container bci/openjdk:17 curl-8.14.1-150700.7.5.1 as a component of Container bci/openjdk:latest curl-8.14.1-150700.7.5.1 as a component of Container bci/python:3 curl-8.14.1-150700.7.5.1 as a component of Container bci/python:latest curl-8.14.1-150700.7.5.1 as a component of Container bci/ruby:2 curl-8.14.1-150700.7.5.1 as a component of Container bci/ruby:latest libcurl4-8.14.1-150700.7.5.1 as a component of Container suse/git:latest libcurl4-8.14.1-150700.7.5.1 as a component of Container suse/kiosk/firefox-esr:latest curl-8.14.1-150700.7.5.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libcurl-devel-8.14.1-150700.7.5.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libcurl4-8.14.1-150700.7.5.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libcurl4-32bit-8.14.1-150700.7.5.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 unknown CVE-2025-11563 Container bci/gcc:latest:curl-8.14.1-150700.7.5.1 Container bci/golang:1.24-openssl:curl-8.14.1-150700.7.5.1 Container bci/golang:1.24:curl-8.14.1-150700.7.5.1 Container bci/golang:latest:curl-8.14.1-150700.7.5.1 Container bci/nodejs:latest:curl-8.14.1-150700.7.5.1 Container bci/openjdk:17:curl-8.14.1-150700.7.5.1 Container bci/openjdk:latest:curl-8.14.1-150700.7.5.1 Container bci/python:3:curl-8.14.1-150700.7.5.1 Container bci/python:latest:curl-8.14.1-150700.7.5.1 Container bci/ruby:2:curl-8.14.1-150700.7.5.1 Container bci/ruby:latest:curl-8.14.1-150700.7.5.1 Container suse/git:latest:libcurl4-8.14.1-150700.7.5.1 Container suse/kiosk/firefox-esr:latest:libcurl4-8.14.1-150700.7.5.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:curl-8.14.1-150700.7.5.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libcurl-devel-8.14.1-150700.7.5.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libcurl4-32bit-8.14.1-150700.7.5.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libcurl4-8.14.1-150700.7.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254300-1/ https://www.suse.com/security/cve/CVE-2025-11563.html CVE-2025-11563 https://bugzilla.suse.com/1253757 SUSE Bug 1253757