Bug 1063824 - (CVE-2017-1000257) VUL-0: CVE-2017-1000257: curl: IMAP FETCH response out of bounds read
(CVE-2017-1000257)
VUL-0: CVE-2017-1000257: curl: IMAP FETCH response out of bounds read
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2017-1000257:4.0:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-17 14:31 UTC by Johannes Segitz
Modified: 2017-10-27 22:40 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Johannes Segitz 2017-10-17 14:32:27 UTC
CRD: 2017-10-23
Comment 2 Johannes Segitz 2017-10-17 14:34:31 UTC
SLE 12 and up affected.
Comment 4 Johannes Segitz 2017-10-18 07:19:35 UTC
This is CVE-2017-1000257
Comment 5 Pedro Monreal Gonzalez 2017-10-18 09:53:04 UTC
Packages submitted:

SUSE:SLE-12:Update              7.37.0  sr#144228
SUSE:SLE-11-SP3:Update          7.19.7  Not affected
SUSE:SLE-11-SP1:Update          7.19.7  Not affected
SUSE:SLE-10-SP3:Update          7.15.1  Not affected

We will update to version 7.56.1 in Factory as soon as available.
Comment 7 Pedro Monreal Gonzalez 2017-10-23 09:46:40 UTC
Updated to version 7.56.1 in Factory, see sr#535940.
Comment 8 Swamp Workflow Management 2017-10-23 10:11:38 UTC
SUSE-SU-2017:2831-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1060653,1061876,1063824
CVE References: CVE-2017-1000254,CVE-2017-1000257
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    curl-7.37.0-37.8.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    curl-7.37.0-37.8.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    curl-7.37.0-37.8.1
SUSE Linux Enterprise Server 12-SP3 (src):    curl-7.37.0-37.8.1
SUSE Linux Enterprise Server 12-SP2 (src):    curl-7.37.0-37.8.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    curl-7.37.0-37.8.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    curl-7.37.0-37.8.1
SUSE Container as a Service Platform ALL (src):    curl-7.37.0-37.8.1
OpenStack Cloud Magnum Orchestration 7 (src):    curl-7.37.0-37.8.1
Comment 10 Johannes Segitz 2017-10-23 10:32:46 UTC
public
Comment 11 Marcus Meissner 2017-10-24 07:04:41 UTC
released
Comment 12 Swamp Workflow Management 2017-10-27 01:12:36 UTC
SUSE-SU-2017:2861-1: An update that solves three vulnerabilities and has 22 fixes is now available.

Category: security (moderate)
Bug References: 1005063,1008325,1009269,1012523,1025176,1028485,1032680,1036659,1042781,1045628,1045735,1050767,1050943,1054028,1054088,1054671,1055920,1056995,1060653,1061876,1063824,903543,978055,998893,999878
CVE References: CVE-2017-1000254,CVE-2017-1000257,CVE-2017-11462
Sources used:
SUSE Container as a Service Platform ALL (src):    sles12-mariadb-docker-image-1.1.0-2.5.19, sles12-pause-docker-image-1.1.0-2.5.21, sles12-pv-recycler-node-docker-image-1.1.0-2.5.19, sles12-salt-api-docker-image-1.1.0-2.5.19, sles12-salt-master-docker-image-1.1.0-4.5.18, sles12-salt-minion-docker-image-1.1.0-2.5.18, sles12-velum-docker-image-1.1.0-4.5.18
Comment 13 Swamp Workflow Management 2017-10-27 22:12:38 UTC
openSUSE-SU-2017:2880-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1060653,1061876,1063824
CVE References: CVE-2017-1000254,CVE-2017-1000257
Sources used:
openSUSE Leap 42.3 (src):    curl-7.37.0-23.1
openSUSE Leap 42.2 (src):    curl-7.37.0-16.9.1