Security update for curl
This update for curl fixes the following issues:
Following security issues were fixed:
- CVE-2018-1000120: A buffer overflow exists in the FTP URL handling that allowed an attacker to cause a denial of service or possible code execution (bsc#1084521).
- CVE-2018-1000121: A NULL pointer dereference exists in the LDAP code that allowed an attacker to cause a denial of service (bsc#1084524).
- CVE-2018-1000122: A buffer over-read exists in the RTSP+RTP handling code that allowed an attacker to cause a denial of service or information leakage (bsc#1084532).
This update was imported from the SUSE:SLE-12:Update update project.
- Submitted by Pedro Monreal Gonzalez (pmonrealgonzalez)
Fixed bugs
bnc#1084521
VUL-1: CVE-2018-1000120: curl: FTP path trickery leads to NIL byte out of bounds write
bnc#1084532
VUL-0: CVE-2018-1000122: curl: RTSP RTP buffer over-read
bnc#1084524
VUL-1: CVE-2018-1000121: curl: LDAP NULL pointer dereference