References : 1198608 1203248 1203249 1208329 1210593 1211230 1211231 1211232
1211233 428822 CVE-2022-27774 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321
This update for curl adds the following feature:
Update to version 8.0.1 (jsc#PED-2580)
- CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230).
- CVE-2023-28320: siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).
This update for libzypp, zypper fixes the following issues:
- Removing a PTF without enabled repos should always fail (bsc#1203248)
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329)
- Add expert (allow-*) options to all installer commands (bsc#428822)
- Provide 'removeptf' command (bsc#1203249)
A remove command which prefers replacing dependant packages to removing them as well.
A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant
packages. But you don't want the dependant packages to be removed together with the PTF, which is what the remove
command would do. The removeptf command however will aim to replace the dependant packages by their official
This update for zlib fixes the following issues:
- Fix crash when calling deflateBound() function (bsc#1210593)
The following package changes have been done:
- libcurl4-8.0.1-11.65.2 updated
- libz1-1.2.11-11.34.1 updated
- libzypp-16.22.7-48.2 updated
- zypper-1.13.64-21.55.2 updated