Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2022:2813-1 Important: Curl Infinite Loop And Memory Problem

suse
Calendar Grey August 16, 2022
Dist Suse Esm H88
Crucial SUSE enhancement for wget tackles vulnerabilities and boosts system security against various risks.
An update that fixes four vulnerabilities is now available

Summary

This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory important memory issue SUSE infinite loop curl

References

#1199223 #1199224 #1200735 #1200737

Cross- CVE-2022-27781 CVE-2022-27782 CVE-2022-32206

CVE-2022-32208

CVSS scores:

CVE-2022-27781 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-27781 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2022-27782 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2022-27782 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2022-32206 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-32206 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVE-2022-32208 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2022-32208 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Server 12-SP4-LTSS

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2813-1
Rating: important

Topics%20covered

Topics Covered

security advisory important memory issue SUSE infinite loop curl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here