SUSE-CU-2020:443-1: Security update of suse/sle15

sle-security-updates at sle-security-updates at
Thu Sep 10 00:53:28 MDT 2020

SUSE Container Update Advisory: suse/sle15
Container Advisory ID : SUSE-CU-2020:443-1
Container Tags        : suse/sle15:15.2 , suse/sle15:
Container Release     : 8.2.743
Severity              : moderate
Type                  : security
References            : 1174154 1175109 CVE-2020-15719 CVE-2020-8231 

The container suse/sle15 was updated. The following patches have been included in this update:

Advisory ID: SUSE-SU-2020:2445-1
Released:    Wed Sep  2 09:33:02 2020
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1175109,CVE-2020-8231
This update for curl fixes the following issues:

- An application that performs multiple requests with libcurl's
  multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in
  rare circumstances experience that when subsequently using the
  setup connect-only transfer, libcurl will pick and use the wrong
  connection and instead pick another one the application has
  created since then. [bsc#1175109, CVE-2020-8231]

Advisory ID: SUSE-SU-2020:2581-1
Released:    Wed Sep  9 13:07:07 2020
Summary:     Security update for openldap2
Type:        security
Severity:    moderate
References:  1174154,CVE-2020-15719
This update for openldap2 fixes the following issues:

- bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509
  SAN's falling back to CN validation in violation of rfc6125.

More information about the sle-security-updates mailing list