SUSE-CU-2021:200-1: Security update of suse/sle15
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Thu May 27 06:28:53 UTC 2021
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:200-1
Container Tags : suse/sle15:15.2 , suse/sle15:15.2.8.2.922
Container Release : 8.2.922
Severity : moderate
Type : security
References : 1186114 CVE-2021-22898
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1762-1
Released: Wed May 26 12:30:01 2021
Summary: Security update for curl
Type: security
Severity: moderate
References: 1186114,CVE-2021-22898
This update for curl fixes the following issues:
- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).
- Allow partial chain verification [jsc#SLE-17956]
* Have intermediate certificates in the trust store be treated
as trust-anchors, in the same way as self-signed root CA
certificates are. This allows users to verify servers using
the intermediate cert only, instead of needing the whole chain.
* Set FLAG_TRUSTED_FIRST unconditionally.
* Do not check partial chains with CRL check.
More information about the sle-updates
mailing list