Security update for curl (important)

ID OPENSUSE-SU-2019:0174-1
Type suse
Reporter Suse
Modified 2019-02-14T15:11:11


This update for curl fixes the following issues:

Security issues fixed:

  • CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378).
  • CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377).
  • CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371).

This update was imported from the SUSE:SLE-15:Update update project.