openSUSE Security Update : curl (openSUSE-2017-513)
Medium Nessus Plugin ID 99702
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for curl fixes the following issues :
Security issue fixed :
- CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332)
- CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309).
With this release new default ciphers are active (SUSE_DEFAULT, bsc#1027712).
This update was imported from the SUSE:SLE-12:Update update project.
SolutionUpdate the affected curl packages.