Security update for curl SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:1809-1 Final 1 1 2021-05-31T14:25:34Z current 2021-05-31T14:25:34Z 2021-05-31T14:25:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for curl This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials (bsc#1183933). - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Fix for SFTP uploads when it results in empty uploaded files (bsc#1177976). - Allow partial chain verification (jsc#SLE-17956). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container caasp/v4/389-ds:1.4.2-2021-1809,Container caasp/v4/busybox:1.34.1-2021-1809,Container caasp/v4/caasp-dex:2.16.0-2021-1809,Container caasp/v4/cert-exporter:2.3.0-2021-1809,Container caasp/v4/cilium-etcd-operator:2.0.5-2021-1809,Container caasp/v4/cilium-init:1.5.3-2021-1809,Container caasp/v4/cilium-operator:1.6.6-2021-1809,Container caasp/v4/cilium:1.6.6-2021-1809,Container caasp/v4/cloud-provider-openstack:1.15.0-2021-1809,Container caasp/v4/configmap-reload:0.3.0-2021-1809,Container caasp/v4/coredns:1.6.7-2021-1809,Container caasp/v4/curl:7.60.0-2021-1809,Container caasp/v4/etcd:3.4.13-2021-1809,Container caasp/v4/gangway:3.1.0-2021-1809,Container caasp/v4/grafana:7.5.12-2021-1809,Container caasp/v4/helm-tiller:2.16.12-2021-1809,Container caasp/v4/hyperkube:v1.17.17-2021-1809,Container caasp/v4/k8s-sidecar:0.1.75-2021-1809,Container caasp/v4/kube-state-metrics:1.9.3-2021-1809,Container caasp/v4/kubernetes-client:1.17.17-2021-1809,Container caasp/v4/kucero:1.3.0-2021-1809,Container caasp/v4/kured:1.3.0-2021-1809,Container caasp/v4/metrics-server:0.3.6-2021-1809,Container caasp/v4/prometheus-alertmanager:0.16.2-2021-1809,Container caasp/v4/prometheus-node-exporter:1.1.2-2021-1809,Container caasp/v4/prometheus-pushgateway:0.6.0-2021-1809,Container caasp/v4/prometheus-server:2.7.1-2021-1809,Container caasp/v4/rsyslog:8.39.0-2021-1809,Container caasp/v4/skuba-tooling:0.1.0-2021-1809,Container caasp/v4/test-update:beta-2021-1809,Container caasp/v4/velero-plugin-for-aws:1.0.1-2021-1809,Container caasp/v4/velero-plugin-for-gcp:1.0.1-2021-1809,Container caasp/v4/velero-plugin-for-microsoft-azure:1.0.1-2021-1809,Container caasp/v4/velero-restic-restore-helper:1.3.1-2021-1809,Container caasp/v4/velero:1.3.1-2021-1809,Container ses/6/cephcsi/cephcsi:latest-2021-1809,Container ses/6/rook/ceph:latest-2021-1809,Container suse/sle15:15.0-2021-1809,Container suse/sle15:15.1-2021-1809,SUSE-2021-1809,SUSE-SLE-Product-HPC-15-2021-1809,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1809,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1809,SUSE-SLE-Product-SLES-15-2021-1809,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1809,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1809,SUSE-SLE-Product-SLES_SAP-15-2021-1809,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1809,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1809,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1809,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1809,SUSE-Storage-6-2021-1809 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20211809-1/ Link for SUSE-SU-2021:1809-1 https://lists.suse.com/pipermail/sle-security-updates/2021-May/008887.html E-Mail link for SUSE-SU-2021:1809-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1177976 SUSE Bug 1177976 https://bugzilla.suse.com/1183933 SUSE Bug 1183933 https://bugzilla.suse.com/1186114 SUSE Bug 1186114 https://www.suse.com/security/cve/CVE-2021-22876/ SUSE CVE CVE-2021-22876 page https://www.suse.com/security/cve/CVE-2021-22898/ SUSE CVE CVE-2021-22898 page Container caasp/v4/389-ds:1.4.2 Container caasp/v4/busybox:1.34.1 Container caasp/v4/caasp-dex:2.16.0 Container caasp/v4/cert-exporter:2.3.0 Container caasp/v4/cilium-etcd-operator:2.0.5 Container caasp/v4/cilium-init:1.5.3 Container caasp/v4/cilium-operator:1.6.6 Container caasp/v4/cilium:1.6.6 Container caasp/v4/cloud-provider-openstack:1.15.0 Container caasp/v4/configmap-reload:0.3.0 Container caasp/v4/coredns:1.6.7 Container caasp/v4/curl:7.60.0 Container caasp/v4/etcd:3.4.13 Container caasp/v4/gangway:3.1.0 Container caasp/v4/grafana:7.5.12 Container caasp/v4/helm-tiller:2.16.12 Container caasp/v4/hyperkube:v1.17.17 Container caasp/v4/k8s-sidecar:0.1.75 Container caasp/v4/kube-state-metrics:1.9.3 Container caasp/v4/kubernetes-client:1.17.17 Container caasp/v4/kucero:1.3.0 Container caasp/v4/kured:1.3.0 Container caasp/v4/metrics-server:0.3.6 Container caasp/v4/prometheus-alertmanager:0.16.2 Container caasp/v4/prometheus-node-exporter:1.1.2 Container caasp/v4/prometheus-pushgateway:0.6.0 Container caasp/v4/prometheus-server:2.7.1 Container caasp/v4/rsyslog:8.39.0 Container caasp/v4/skuba-tooling:0.1.0 Container caasp/v4/test-update:beta Container caasp/v4/velero-plugin-for-aws:1.0.1 Container caasp/v4/velero-plugin-for-gcp:1.0.1 Container caasp/v4/velero-plugin-for-microsoft-azure:1.0.1 Container caasp/v4/velero-restic-restore-helper:1.3.1 Container caasp/v4/velero:1.3.1 Container ses/6/cephcsi/cephcsi:latest Container ses/6/rook/ceph:latest Container suse/sle15:15.0 Container suse/sle15:15.1 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15 SP1-BCL SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 libcurl4-7.60.0-3.42.1 curl-7.60.0-3.42.1 curl-mini-7.60.0-3.42.1 libcurl-devel-7.60.0-3.42.1 libcurl-devel-32bit-7.60.0-3.42.1 libcurl-devel-64bit-7.60.0-3.42.1 libcurl-mini-devel-7.60.0-3.42.1 libcurl4-32bit-7.60.0-3.42.1 libcurl4-64bit-7.60.0-3.42.1 libcurl4-mini-7.60.0-3.42.1 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/389-ds:1.4.2 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/busybox:1.34.1 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/caasp-dex:2.16.0 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/cert-exporter:2.3.0 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/cilium-etcd-operator:2.0.5 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/cilium-init:1.5.3 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/cilium-operator:1.6.6 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/cilium:1.6.6 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/cloud-provider-openstack:1.15.0 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/configmap-reload:0.3.0 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/coredns:1.6.7 curl-7.60.0-3.42.1 as a component of Container caasp/v4/curl:7.60.0 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/curl:7.60.0 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/etcd:3.4.13 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/gangway:3.1.0 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/grafana:7.5.12 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/helm-tiller:2.16.12 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/hyperkube:v1.17.17 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/k8s-sidecar:0.1.75 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/kube-state-metrics:1.9.3 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/kubernetes-client:1.17.17 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/kucero:1.3.0 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/kured:1.3.0 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/metrics-server:0.3.6 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/prometheus-alertmanager:0.16.2 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/prometheus-node-exporter:1.1.2 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/prometheus-pushgateway:0.6.0 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/prometheus-server:2.7.1 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/rsyslog:8.39.0 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/skuba-tooling:0.1.0 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/test-update:beta libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/velero-plugin-for-aws:1.0.1 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/velero-plugin-for-gcp:1.0.1 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/velero-plugin-for-microsoft-azure:1.0.1 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/velero-restic-restore-helper:1.3.1 libcurl4-7.60.0-3.42.1 as a component of Container caasp/v4/velero:1.3.1 libcurl4-7.60.0-3.42.1 as a component of Container ses/6/cephcsi/cephcsi:latest libcurl4-7.60.0-3.42.1 as a component of Container ses/6/rook/ceph:latest libcurl4-7.60.0-3.42.1 as a component of Container suse/sle15:15.0 libcurl4-7.60.0-3.42.1 as a component of Container suse/sle15:15.1 curl-7.60.0-3.42.1 as a component of SUSE Enterprise Storage 6 libcurl-devel-7.60.0-3.42.1 as a component of SUSE Enterprise Storage 6 libcurl4-7.60.0-3.42.1 as a component of SUSE Enterprise Storage 6 libcurl4-32bit-7.60.0-3.42.1 as a component of SUSE Enterprise Storage 6 curl-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS libcurl-devel-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS libcurl4-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS libcurl4-32bit-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS curl-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libcurl-devel-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libcurl4-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS libcurl4-32bit-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS curl-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS libcurl-devel-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS libcurl4-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS libcurl4-32bit-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS curl-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS libcurl-devel-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS libcurl4-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS libcurl4-32bit-7.60.0-3.42.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS curl-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL libcurl-devel-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL libcurl4-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL libcurl4-32bit-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL curl-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libcurl-devel-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libcurl4-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS libcurl4-32bit-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS curl-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server 15-LTSS libcurl-devel-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server 15-LTSS libcurl4-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server 15-LTSS libcurl4-32bit-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server 15-LTSS curl-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 libcurl-devel-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 libcurl4-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 libcurl4-32bit-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 curl-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libcurl-devel-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libcurl4-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 libcurl4-32bit-7.60.0-3.42.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 curl-7.60.0-3.42.1 as a component of SUSE Manager Proxy 4.0 libcurl-devel-7.60.0-3.42.1 as a component of SUSE Manager Proxy 4.0 libcurl4-7.60.0-3.42.1 as a component of SUSE Manager Proxy 4.0 libcurl4-32bit-7.60.0-3.42.1 as a component of SUSE Manager Proxy 4.0 curl-7.60.0-3.42.1 as a component of SUSE Manager Retail Branch Server 4.0 libcurl-devel-7.60.0-3.42.1 as a component of SUSE Manager Retail Branch Server 4.0 libcurl4-7.60.0-3.42.1 as a component of SUSE Manager Retail Branch Server 4.0 libcurl4-32bit-7.60.0-3.42.1 as a component of SUSE Manager Retail Branch Server 4.0 curl-7.60.0-3.42.1 as a component of SUSE Manager Server 4.0 libcurl-devel-7.60.0-3.42.1 as a component of SUSE Manager Server 4.0 libcurl4-7.60.0-3.42.1 as a component of SUSE Manager Server 4.0 libcurl4-32bit-7.60.0-3.42.1 as a component of SUSE Manager Server 4.0 curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. CVE-2021-22876 Container caasp/v4/389-ds:1.4.2:libcurl4-7.60.0-3.42.1 Container caasp/v4/busybox:1.34.1:libcurl4-7.60.0-3.42.1 Container caasp/v4/caasp-dex:2.16.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/cert-exporter:2.3.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/cilium-etcd-operator:2.0.5:libcurl4-7.60.0-3.42.1 Container caasp/v4/cilium-init:1.5.3:libcurl4-7.60.0-3.42.1 Container caasp/v4/cilium-operator:1.6.6:libcurl4-7.60.0-3.42.1 Container caasp/v4/cilium:1.6.6:libcurl4-7.60.0-3.42.1 Container caasp/v4/cloud-provider-openstack:1.15.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/configmap-reload:0.3.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/coredns:1.6.7:libcurl4-7.60.0-3.42.1 Container caasp/v4/curl:7.60.0:curl-7.60.0-3.42.1 Container caasp/v4/curl:7.60.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/etcd:3.4.13:libcurl4-7.60.0-3.42.1 Container caasp/v4/gangway:3.1.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/grafana:7.5.12:libcurl4-7.60.0-3.42.1 Container caasp/v4/helm-tiller:2.16.12:libcurl4-7.60.0-3.42.1 Container caasp/v4/hyperkube:v1.17.17:libcurl4-7.60.0-3.42.1 Container caasp/v4/k8s-sidecar:0.1.75:libcurl4-7.60.0-3.42.1 Container caasp/v4/kube-state-metrics:1.9.3:libcurl4-7.60.0-3.42.1 Container caasp/v4/kubernetes-client:1.17.17:libcurl4-7.60.0-3.42.1 Container caasp/v4/kucero:1.3.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/kured:1.3.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/metrics-server:0.3.6:libcurl4-7.60.0-3.42.1 Container caasp/v4/prometheus-alertmanager:0.16.2:libcurl4-7.60.0-3.42.1 Container caasp/v4/prometheus-node-exporter:1.1.2:libcurl4-7.60.0-3.42.1 Container caasp/v4/prometheus-pushgateway:0.6.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/prometheus-server:2.7.1:libcurl4-7.60.0-3.42.1 Container caasp/v4/rsyslog:8.39.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/skuba-tooling:0.1.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/test-update:beta:libcurl4-7.60.0-3.42.1 Container caasp/v4/velero-plugin-for-aws:1.0.1:libcurl4-7.60.0-3.42.1 Container caasp/v4/velero-plugin-for-gcp:1.0.1:libcurl4-7.60.0-3.42.1 Container caasp/v4/velero-plugin-for-microsoft-azure:1.0.1:libcurl4-7.60.0-3.42.1 Container caasp/v4/velero-restic-restore-helper:1.3.1:libcurl4-7.60.0-3.42.1 Container caasp/v4/velero:1.3.1:libcurl4-7.60.0-3.42.1 Container ses/6/cephcsi/cephcsi:latest:libcurl4-7.60.0-3.42.1 Container ses/6/rook/ceph:latest:libcurl4-7.60.0-3.42.1 Container suse/sle15:15.0:libcurl4-7.60.0-3.42.1 Container suse/sle15:15.1:libcurl4-7.60.0-3.42.1 SUSE Enterprise Storage 6:curl-7.60.0-3.42.1 SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.42.1 SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.42.1 SUSE Enterprise Storage 6:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.42.1 SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.42.1 SUSE Manager Proxy 4.0:curl-7.60.0-3.42.1 SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.42.1 SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.42.1 SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.42.1 SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.42.1 SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.42.1 SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.42.1 SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.42.1 SUSE Manager Server 4.0:curl-7.60.0-3.42.1 SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.42.1 SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.42.1 SUSE Manager Server 4.0:libcurl4-7.60.0-3.42.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211809-1/ https://www.suse.com/security/cve/CVE-2021-22876.html CVE-2021-22876 https://bugzilla.suse.com/1183933 SUSE Bug 1183933 curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. CVE-2021-22898 Container caasp/v4/389-ds:1.4.2:libcurl4-7.60.0-3.42.1 Container caasp/v4/busybox:1.34.1:libcurl4-7.60.0-3.42.1 Container caasp/v4/caasp-dex:2.16.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/cert-exporter:2.3.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/cilium-etcd-operator:2.0.5:libcurl4-7.60.0-3.42.1 Container caasp/v4/cilium-init:1.5.3:libcurl4-7.60.0-3.42.1 Container caasp/v4/cilium-operator:1.6.6:libcurl4-7.60.0-3.42.1 Container caasp/v4/cilium:1.6.6:libcurl4-7.60.0-3.42.1 Container caasp/v4/cloud-provider-openstack:1.15.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/configmap-reload:0.3.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/coredns:1.6.7:libcurl4-7.60.0-3.42.1 Container caasp/v4/curl:7.60.0:curl-7.60.0-3.42.1 Container caasp/v4/curl:7.60.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/etcd:3.4.13:libcurl4-7.60.0-3.42.1 Container caasp/v4/gangway:3.1.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/grafana:7.5.12:libcurl4-7.60.0-3.42.1 Container caasp/v4/helm-tiller:2.16.12:libcurl4-7.60.0-3.42.1 Container caasp/v4/hyperkube:v1.17.17:libcurl4-7.60.0-3.42.1 Container caasp/v4/k8s-sidecar:0.1.75:libcurl4-7.60.0-3.42.1 Container caasp/v4/kube-state-metrics:1.9.3:libcurl4-7.60.0-3.42.1 Container caasp/v4/kubernetes-client:1.17.17:libcurl4-7.60.0-3.42.1 Container caasp/v4/kucero:1.3.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/kured:1.3.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/metrics-server:0.3.6:libcurl4-7.60.0-3.42.1 Container caasp/v4/prometheus-alertmanager:0.16.2:libcurl4-7.60.0-3.42.1 Container caasp/v4/prometheus-node-exporter:1.1.2:libcurl4-7.60.0-3.42.1 Container caasp/v4/prometheus-pushgateway:0.6.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/prometheus-server:2.7.1:libcurl4-7.60.0-3.42.1 Container caasp/v4/rsyslog:8.39.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/skuba-tooling:0.1.0:libcurl4-7.60.0-3.42.1 Container caasp/v4/test-update:beta:libcurl4-7.60.0-3.42.1 Container caasp/v4/velero-plugin-for-aws:1.0.1:libcurl4-7.60.0-3.42.1 Container caasp/v4/velero-plugin-for-gcp:1.0.1:libcurl4-7.60.0-3.42.1 Container caasp/v4/velero-plugin-for-microsoft-azure:1.0.1:libcurl4-7.60.0-3.42.1 Container caasp/v4/velero-restic-restore-helper:1.3.1:libcurl4-7.60.0-3.42.1 Container caasp/v4/velero:1.3.1:libcurl4-7.60.0-3.42.1 Container ses/6/cephcsi/cephcsi:latest:libcurl4-7.60.0-3.42.1 Container ses/6/rook/ceph:latest:libcurl4-7.60.0-3.42.1 Container suse/sle15:15.0:libcurl4-7.60.0-3.42.1 Container suse/sle15:15.1:libcurl4-7.60.0-3.42.1 SUSE Enterprise Storage 6:curl-7.60.0-3.42.1 SUSE Enterprise Storage 6:libcurl-devel-7.60.0-3.42.1 SUSE Enterprise Storage 6:libcurl4-32bit-7.60.0-3.42.1 SUSE Enterprise Storage 6:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:curl-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:curl-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:curl-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:curl-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-BCL:curl-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-BCL:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-BCL:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-LTSS:curl-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise Server 15 SP1-LTSS:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise Server 15-LTSS:curl-7.60.0-3.42.1 SUSE Linux Enterprise Server 15-LTSS:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise Server 15-LTSS:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise Server 15-LTSS:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:curl-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:libcurl4-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15:curl-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15:libcurl-devel-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-32bit-7.60.0-3.42.1 SUSE Linux Enterprise Server for SAP Applications 15:libcurl4-7.60.0-3.42.1 SUSE Manager Proxy 4.0:curl-7.60.0-3.42.1 SUSE Manager Proxy 4.0:libcurl-devel-7.60.0-3.42.1 SUSE Manager Proxy 4.0:libcurl4-32bit-7.60.0-3.42.1 SUSE Manager Proxy 4.0:libcurl4-7.60.0-3.42.1 SUSE Manager Retail Branch Server 4.0:curl-7.60.0-3.42.1 SUSE Manager Retail Branch Server 4.0:libcurl-devel-7.60.0-3.42.1 SUSE Manager Retail Branch Server 4.0:libcurl4-32bit-7.60.0-3.42.1 SUSE Manager Retail Branch Server 4.0:libcurl4-7.60.0-3.42.1 SUSE Manager Server 4.0:curl-7.60.0-3.42.1 SUSE Manager Server 4.0:libcurl-devel-7.60.0-3.42.1 SUSE Manager Server 4.0:libcurl4-32bit-7.60.0-3.42.1 SUSE Manager Server 4.0:libcurl4-7.60.0-3.42.1 moderate 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20211809-1/ https://www.suse.com/security/cve/CVE-2021-22898.html CVE-2021-22898 https://bugzilla.suse.com/1186114 SUSE Bug 1186114 https://bugzilla.suse.com/1192450 SUSE Bug 1192450