Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE Linux Micro 6.0: 2025:20029-1 moderate: curl security issues

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
Update for curl resolves six security concerns including TLS issues and authentication bypasses. Install for protection.
* bsc#1221665 * bsc#1221666 * bsc#1221667 * bsc#1221668 * bsc#1227888

Summary

## This update for curl fixes the following issues: Security issues fixed: * CVE-2024-7264: ASN.1 date parser overread (bsc#1228535) * CVE-2024-6197: Freeing stack buffer in utf8asn1str (bsc#1227888) * CVE-2024-2379: QUIC certificate check bypass with wolfSSL (bsc#1221666) * CVE-2024-2466: TLS certificate check bypass with mbedTLS (bsc#1221668) * CVE-2024-2004: Usage of disabled protocol (bsc#1221665) * CVE-2024-2398: HTTP/2 push headers memory-leak (bsc#1221667) Non-security issue fixed: * Fixed various TLS related issues including FTP over SSL transmission timeouts. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0

References

* bsc#1221665

* bsc#1221666

* bsc#1221667

* bsc#1221668

* bsc#1227888

* bsc#1228535

Cross-

* CVE-2024-2004

* CVE-2024-2379

* CVE-2024-2398

* CVE-2024-2466

* CVE-2024-6197

* CVE-2024-7264

CVSS scores:

* CVE-2024-2004 ( SUSE ): 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

* CVE-2024-2004 ( NVD ): 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

* CVE-2024-2379 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

* CVE-2024-2379 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

* CVE-2024-2398 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-2466 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

* CVE-2024-6197 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Announcement ID: SUSE-SU-2025:20029-1
Release Date: 2025-02-03T08:51:45Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here