{"affected":[{"ecosystem_specific":{"binaries":[{"curl":"8.14.1-slfo.1.1_1.1","libcurl4":"8.14.1-slfo.1.1_1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.1","name":"curl","purl":"pkg:rpm/suse/curl&distro=SUSE%20Linux%20Micro%206.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.14.1-slfo.1.1_1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for curl fixes the following issues:\n\n- CVE-2025-5399: libcurl can possibly get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933).\n- CVE-2025-5025: No QUIC certificate pinning with wolfSSL (bsc#1243706).\n- CVE-2025-4947: QUIC certificate check skip with wolfSSL (bsc#1243397).\n\nOther bugfixes:\n\n- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).\n","id":"SUSE-SU-2025:20675-1","modified":"2025-09-09T10:21:16Z","published":"2025-09-09T10:21:16Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520675-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243397"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243706"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243933"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246197"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-4947"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-5025"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-5399"}],"related":["CVE-2025-4947","CVE-2025-5025","CVE-2025-5399"],"summary":"Security update for curl","upstream":["CVE-2025-4947","CVE-2025-5025","CVE-2025-5399"]}