{"affected":[{"ecosystem_specific":{"binaries":[{"curl":"7.60.0-3.14.3","libcurl-devel":"7.60.0-3.14.3","libcurl4":"7.60.0-3.14.3","libcurl4-32bit":"7.60.0-3.14.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"curl","purl":"pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.60.0-3.14.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for curl fixes the following issues:\n\n- CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758)\n- CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758)\n- CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660)\n\n","id":"SUSE-SU-2018:3624-1","modified":"2018-11-05T16:55:38Z","published":"2018-11-05T16:55:38Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20183624-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112758"},{"type":"REPORT","url":"https://bugzilla.suse.com/1113660"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16839"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16840"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16842"}],"related":["CVE-2018-16839","CVE-2018-16840","CVE-2018-16842"],"summary":"Security update for curl","upstream":["CVE-2018-16839","CVE-2018-16840","CVE-2018-16842"]}