## This update for curl fixes the following issues: Security issues fixed: * CVE-2024-7264: ASN.1 date parser overread (bsc#1228535) * CVE-2024-6197: Freeing stack buffer in utf8asn1str (bsc#1227888) * CVE-2024-2379: QUIC certificate check bypass with wolfSSL (bsc#1221666) * CVE-2024-2466: TLS certificate check bypass with mbedTLS (bsc#1221668) * CVE-2024-2004: Usage of disabled protocol (bsc#1221665) * CVE-2024-2398: HTTP/2 push headers memory-leak (bsc#1221667) Non-security issue fixed: * Fixed various TLS related issues including FTP over SSL transmission timeouts. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0
* bsc#1221665
* bsc#1221666
* bsc#1221667
* bsc#1221668
* bsc#1227888
* bsc#1228535
Cross-
* CVE-2024-2004
* CVE-2024-2379
* CVE-2024-2398
* CVE-2024-2466
* CVE-2024-6197
* CVE-2024-7264
CVSS scores:
* CVE-2024-2004 ( SUSE ): 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
* CVE-2024-2004 ( NVD ): 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
* CVE-2024-2379 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-2379 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2024-2398 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-2466 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-6197 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Get the latest Linux and open source security news straight to your inbox.