{"affected":[{"ecosystem_specific":{"binaries":[{"libcurl-devel":"7.19.7-1.20.47.2"}]},"package":{"ecosystem":"SUSE:Studio Onsite 1.3","name":"curl","purl":"pkg:rpm/suse/curl&distro=SUSE%20Studio%20Onsite%201.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.19.7-1.20.47.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for curl fixes the following issues:\n\n- CVE-2016-8624: invalid URL parsing with '#' (bsc#1005646)\n- CVE-2016-8623: Use-after-free via shared cookies (bsc#1005645)\n- CVE-2016-8621: curl_getdate read out of bounds (bsc#1005642)\n- CVE-2016-8619: double-free in krb5 code (bsc#1005638)\n- CVE-2016-8618: double-free in curl_maprintf (bsc#1005637)\n- CVE-2016-8617: OOB write via unchecked multiplication (bsc#1005635)\n- CVE-2016-8616: case insensitive password comparison (bsc#1005634)\n- CVE-2016-8615: cookie injection for other servers (bsc#1005633)\n- CVE-2016-7167: escape and unescape integer overflows (bsc#998760)\n- CVE-2016-7141: Fixed incorrect reuse of client certificates with NSS not fixed in CVE-2016-5420 (bsc#997420)\n","id":"SUSE-SU-2016:2700-1","modified":"2016-11-02T11:07:24Z","published":"2016-11-02T11:07:24Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20162700-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005633"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005634"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005635"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005637"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005638"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005642"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005645"},{"type":"REPORT","url":"https://bugzilla.suse.com/1005646"},{"type":"REPORT","url":"https://bugzilla.suse.com/997420"},{"type":"REPORT","url":"https://bugzilla.suse.com/998760"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5420"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7141"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7167"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8615"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8616"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8617"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8618"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8619"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8620"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8621"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8622"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8623"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8624"}],"related":["CVE-2016-5420","CVE-2016-7141","CVE-2016-7167","CVE-2016-8615","CVE-2016-8616","CVE-2016-8617","CVE-2016-8618","CVE-2016-8619","CVE-2016-8620","CVE-2016-8621","CVE-2016-8622","CVE-2016-8623","CVE-2016-8624"],"summary":"Security update for curl","upstream":["CVE-2016-5420","CVE-2016-7141","CVE-2016-7167","CVE-2016-8615","CVE-2016-8616","CVE-2016-8617","CVE-2016-8618","CVE-2016-8619","CVE-2016-8620","CVE-2016-8621","CVE-2016-8622","CVE-2016-8623","CVE-2016-8624"]}