{"affected":[{"ecosystem_specific":{"binaries":[{"libcurl-devel":"7.60.0-11.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP5","name":"curl","purl":"pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.60.0-11.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"curl":"7.60.0-11.18.1","libcurl4":"7.60.0-11.18.1","libcurl4-32bit":"7.60.0-11.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP5","name":"curl","purl":"pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.60.0-11.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"curl":"7.60.0-11.18.1","libcurl4":"7.60.0-11.18.1","libcurl4-32bit":"7.60.0-11.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP5","name":"curl","purl":"pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.60.0-11.18.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for curl fixes the following issues:\n\n- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).\n- Allow partial chain verification [jsc#SLE-17956]\n  * Have intermediate certificates in the trust store be treated\n    as trust-anchors, in the same way as self-signed root CA\n    certificates are. This allows users to verify servers using\n    the intermediate cert only, instead of needing the whole chain.\n  * Set FLAG_TRUSTED_FIRST unconditionally.\n  * Do not check partial chains with CRL check.\n","id":"SUSE-SU-2021:1763-1","modified":"2021-05-26T10:32:05Z","published":"2021-05-26T10:32:05Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20211763-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1186114"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-22898"}],"related":["CVE-2021-22898"],"summary":"Security update for curl","upstream":["CVE-2021-22898"]}