<div class="container">
<h1>Security update for curl</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:20239-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-03-13T10:37:02Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230093">bsc#1230093</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232528">bsc#1232528</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1234068">bsc#1234068</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236589">bsc#1236589</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-11053.html">CVE-2024-11053</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-8096.html">CVE-2024-8096</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-9681.html">CVE-2024-9681</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-0665.html">CVE-2025-0665</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-11053</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-11053</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">3.4</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-8096</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.3</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-8096</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-8096</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-9681</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.9</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-9681</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-9681</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-9681</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-0665</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-0665</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-0665</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">9.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Micro 6.1</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves four vulnerabilities can now be installed.</p>
<h2>Description:</h2>
<p>This update for curl fixes the following issues:</p>
<p>Update to 8.12.1:</p>
<ul>
<li>
<p>Bugfixes:</p>
<ul>
<li>asyn-thread: fix build with 'CURL_DISABLE_SOCKETPAIR'</li>
<li>asyn-thread: fix HTTPS RR crash</li>
<li>asyn-thread: fix the returned bitmask from Curl_resolver_getsock</li>
<li>asyn-thread: survive a c-ares channel set to NULL</li>
<li>cmake: always reference OpenSSL and ZLIB via imported targets</li>
<li>cmake: respect 'GNUTLS_CFLAGS' when detected via 'pkg-config'</li>
<li>cmake: respect 'GNUTLS_LIBRARY_DIRS' in 'libcurl.pc' and 'curl-config'</li>
<li>content_encoding: #error on too old zlib</li>
<li>imap: TLS upgrade fix</li>
<li>ldap: drop support for legacy Novell LDAP SDK</li>
<li>libssh2: comparison is always true because rc <= -1</li>
<li>libssh2: raise lowest supported version to 1.2.8</li>
<li>libssh: drop support for libssh older than 0.9.0</li>
<li>openssl-quic: ignore ciphers for h3</li>
<li>pop3: TLS upgrade fix</li>
<li>runtests: fix the disabling of the memory tracking</li>
<li>runtests: quote commands to support paths with spaces</li>
<li>scache: add magic checks</li>
<li>smb: silence '-Warray-bounds' with gcc 13+</li>
<li>smtp: TLS upgrade fix</li>
<li>tool_cfgable: sort struct fields by size, use bitfields for booleans</li>
<li>tool_getparam: add "TLS required" flag for each such option</li>
<li>vtls: fix multissl-init</li>
<li>wakeup_write: make sure the eventfd write sends eight bytes</li>
</ul>
</li>
</ul>
<p>Update to 8.12.0:</p>
<ul>
<li>
<p>Security fixes:</p>
<ul>
<li>[bsc#1234068, CVE-2024-11053] curl could leak the password used
for the first host to the followed-to host under certain circumstances.</li>
<li>[bsc#1232528, CVE-2024-9681] HSTS subdomain overwrites parent cache entry</li>
<li>[bsc#1236589, CVE-2025-0665] eventfd double close</li>
</ul>
</li>
<li>
<p>Changes:</p>
<ul>
<li>curl: add byte range support to --variable reading from file</li>
<li>curl: make --etag-save acknowledge --create-dirs</li>
<li>getinfo: fix CURLINFO_QUEUE_TIME_T and add 'time_queue' var</li>
<li>getinfo: provide info which auth was used for HTTP and proxy</li>
<li>hyper: drop support</li>
<li>openssl: add support to use keys and certificates from PKCS#11 provider</li>
<li>QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA</li>
<li>vtls: feature ssls-export for SSL session im-/export</li>
</ul>
</li>
<li>
<p>Bugfixes:</p>
<ul>
<li>altsvc: avoid integer overflow in expire calculation</li>
<li>asyn-ares: acknowledge CURLOPT_DNS_SERVERS set to NULL</li>
<li>asyn-ares: fix memory leak</li>
<li>asyn-ares: initial HTTPS resolve support</li>
<li>asyn-thread: use c-ares to resolve HTTPS RR</li>
<li>async-thread: avoid closing eventfd twice</li>
<li>cd2nroff: do not insist on quoted <> within backticks</li>
<li>cd2nroff: support "none" as a TLS backend</li>
<li>conncache: count shutdowns against host and max limits</li>
<li>content_encoding: drop support for zlib before 1.2.0.4</li>
<li>content_encoding: namespace GZIP flag constants</li>
<li>content_encoding: put the decomp buffers into the writer structs</li>
<li>content_encoding: support use of custom libzstd memory functions</li>
<li>cookie: cap expire times to 400 days</li>
<li>cookie: parse only the exact expire date</li>
<li>curl: return error if etag options are used with multiple URLs</li>
<li>curl_multi_fdset: include the shutdown connections in the set</li>
<li>curl_sha512_256: rename symbols to the curl namespace</li>
<li>curl_url_set.md: adjust the added-in to 7.62.0</li>
<li>doh: send HTTPS RR requests for all HTTP(S) transfers</li>
<li>easy: allow connect-only handle reuse with easy_perform</li>
<li>easy: make curl_easy_perform() return error if connection still there</li>
<li>easy_lock: use Sleep(1) for thread yield on old Windows</li>
<li>ECH: update APIs to those agreed with OpenSSL maintainers</li>
<li>GnuTLS: fix 'time_appconnect' for early data</li>
<li>HTTP/2: strip TE request header</li>
<li>http2: fix data_pending check</li>
<li>http2: fix value stored to 'result' is never read</li>
<li>http: ignore invalid Retry-After times</li>
<li>http_aws_sigv4: Fix invalid compare function handling zero-length pairs</li>
<li>https-connect: start next immediately on failure</li>
<li>lib: redirect handling by protocol handler</li>
<li>multi: fix curl_multi_waitfds reporting of fd_count</li>
<li>netrc: 'default' with no credentials is not a match</li>
<li>netrc: fix password-only entries</li>
<li>netrc: restore _netrc fallback logic</li>
<li>ngtcp2: fix memory leak on connect failure</li>
<li>openssl: define <code>HAVE_KEYLOG_CALLBACK</code> before use</li>
<li>openssl: fix ECH logic</li>
<li>osslq: use SSL_poll to determine writeability of QUIC streams</li>
<li>sectransp: free certificate on error</li>
<li>select: avoid a NULL deref in cwfds_add_sock</li>
<li>src: omit hugehelp and ca-embed from libcurltool</li>
<li>ssl session cache: change cache dimensions</li>
<li>system.h: add 64-bit curl_off_t definitions for NonStop</li>
<li>telnet: handle single-byte input option</li>
<li>TLS: check connection for SSL use, not handler</li>
<li>tool_formparse.c: make curlx_uztoso a static in here</li>
<li>tool_formparse: accept digits in --form type= strings</li>
<li>tool_getparam: ECH param parsing refix</li>
<li>tool_getparam: fail --hostpubsha256 if libssh2 is not used</li>
<li>tool_getparam: fix "Ignored Return Value"</li>
<li>tool_getparam: fix memory leak on error in parse_ech</li>
<li>tool_getparam: fix the ECH parser</li>
<li>tool_operate: make --etag-compare always accept a non-existing file</li>
<li>transfer: fix CURLOPT_CURLU override logic</li>
<li>urlapi: fix redirect to a new fragment or query (only)</li>
<li>vquic: make vquic_send_packets not return without setting psent</li>
<li>vtls: fix default SSL backend as a fallback</li>
<li>vtls: only remember the expiry timestamp in session cache</li>
<li>websocket: fix message send corruption</li>
<li>x509asn1: add parse recursion limit</li>
</ul>
</li>
</ul>
<p>Update to 8.11.1:</p>
<ul>
<li>
<p>Security fixes:</p>
<ul>
<li>netrc and redirect credential leak [bsc#1234068, CVE-2024-11053]</li>
</ul>
</li>
<li>
<p>Bugfixes:</p>
<ul>
<li>build: fix ECH to always enable HTTPS RR</li>
<li>cookie: treat cookie name case sensitively</li>
<li>curl-rustls.m4: keep existing 'CPPFLAGS'/'LDFLAGS' when detected</li>
<li>curl: use realtime in trace timestamps</li>
<li>digest: produce a shorter cnonce in Digest headers</li>
<li>docs: document default 'User-Agent'</li>
<li>docs: suggest --ssl-reqd instead of --ftp-ssl</li>
<li>duphandle: also init netrc</li>
<li>hostip: don't use the resolver for FQDN localhost</li>
<li>http_negotiate: allow for a one byte larger channel binding buffer</li>
<li>krb5: fix socket/sockindex confusion, MSVC compiler warnings</li>
<li>libssh: use libssh sftp_aio to upload file</li>
<li>libssh: when using IPv6 numerical address, add brackets</li>
<li>mime: fix reader stall on small read lengths</li>
<li>mk-ca-bundle: remove CKA_NSS_SERVER_DISTRUST_AFTER conditions</li>
<li>mprintf: fix the integer overflow checks</li>
<li>multi: fix callback for 'CURLMOPT_TIMERFUNCTION' not being called again when...</li>
<li>netrc: address several netrc parser flaws</li>
<li>netrc: support large file, longer lines, longer tokens</li>
<li>nghttp2: use custom memory functions</li>
<li>OpenSSL: improvde error message on expired certificate</li>
<li>openssl: remove three "Useless Assignments"</li>
<li>openssl: stop using SSL_CTX_ function prefix for our functions</li>
<li>pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS</li>
<li>rtsp: check EOS in the RTSP receive and return an error code</li>
<li>schannel: remove TLS 1.3 ciphersuite-list support</li>
<li>setopt: fix CURLOPT_HTTP_CONTENT_DECODING</li>
<li>setopt: fix missing options for builds without HTTP & MQTT</li>
<li>socket: handle binding to "host!<ip>"</li>
<li>socketpair: fix enabling 'USE_EVENTFD'</li>
<li>strtok: use namespaced 'strtok_r' macro instead of redefining it</li>
</ul>
</li>
</ul>
<p>Update to 8.11.0:</p>
<ul>
<li>
<p>Security fixes: [bsc#1232528, CVE-2024-9681]</p>
<ul>
<li>curl: HSTS subdomain overwrites parent cache entry</li>
</ul>
</li>
<li>
<p>Changes:</p>
<ul>
<li>curl: --create-dirs works for --dump-header as well</li>
<li>gtls: Add P12 format support</li>
<li>ipfs: add options to disable</li>
<li>TLS: TLSv1.3 earlydata support for curl</li>
<li>WebSockets: make support official (non-experimental)</li>
</ul>
</li>
<li>
<p>Bugfixes:</p>
<ul>
<li>build: clarify CA embed is for curl tool, mark default, improve summary</li>
<li>build: show if CA bundle to embed was found</li>
<li>build: tidy up and improve versioned-symbols options</li>
<li>cmake/FindNGTCP2: use library path as hint for finding crypto module</li>
<li>cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled</li>
<li>cmake: rename LDAP dependency config variables to match Find modules</li>
<li>cmake: replace 'check_include_file_concat()' for LDAP and GSS detection</li>
<li>cmake: use OpenSSL for LDAP detection only if available</li>
<li>curl: add build options for safe/no CA bundle search (Windows)</li>
<li>curl: detect ECH support dynamically, not at build time</li>
<li>curl_addrinfo: support operating systems with only getaddrinfo(3)</li>
<li>ftp: fix 0-length last write on upload from stdin</li>
<li>gnutls: use session cache for QUIC</li>
<li>hsts: improve subdomain handling</li>
<li>hsts: support "implied LWS" properly around max-age</li>
<li>http2: auto reset stream on server eos</li>
<li>json.md: cli-option '--json' is an alias of '--data-binary'</li>
<li>lib: move curl_path.[ch] into vssh/</li>
<li>lib: remove function pointer typecasts for hmac/sha256/md5</li>
<li>libssh.c: handle EGAINS during proto-connect correctly</li>
<li>libssh2: use the filename buffer when getting the homedir</li>
<li>multi.c: warn/assert on stall only without timer</li>
<li>negotiate: conditional check around GSS & SSL specific code</li>
<li>netrc: cache the netrc file in memory</li>
<li>ngtcp2: do not loop on recv</li>
<li>ngtcp2: set max window size to 10x of initial (128KB)</li>
<li>openssl quic: populate x509 store before handshake</li>
<li>openssl: extend the OpenSSL error messages</li>
<li>openssl: improve retries on shutdown</li>
<li>quic: use send/recvmmsg when available</li>
<li>schannel: fix TLS cert verification by IP SAN</li>
<li>schannel: ignore error on recv beyond close notify</li>
<li>select: use poll() if existing, avoid poll() with no sockets</li>
<li>sendf: add condition to max-filesize check</li>
<li>server/mqttd: fix two memory leaks</li>
<li>setopt: return error for bad input to CURLOPT_RTSP_REQUEST</li>
<li>setopt_cptr: make overflow check only done when needed</li>
<li>tls: avoid abusing CURLE_SSL_ENGINE_INITFAILED</li>
<li>tool: support --show-headers AND --remote-header-name</li>
<li>tool_operate: make --skip-existing work for --parallel</li>
<li>url: connection reuse on h3 connections</li>
<li>url: use same credentials on redirect</li>
<li>urlapi: normalize the IPv6 address</li>
<li>version: say quictls in MSH3 builds</li>
<li>vquic: fix compiler warning with gcc + MUSL</li>
<li>vquic: recv_mmsg, use fewer, but larger buffers</li>
<li>vtls: convert Curl_pin_peer_pubkey to use dynbuf</li>
<li>vtls: convert pubkey_pem_to_der to use dynbuf</li>
</ul>
</li>
</ul>
<p>Update to 8.10.1:</p>
<ul>
<li>
<p>Bugfixes:</p>
<ul>
<li>autotools: fix <code>--with-ca-embed</code> build rule</li>
<li>cmake: ensure <code>CURL_USE_OPENSSL</code>/<code>USE_OPENSSL_QUIC</code> are set in sync</li>
<li>cmake: fix MSH3 to appear on the feature list</li>
<li>connect: store connection info when really done</li>
<li>FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a</li>
<li>http2: when uploading data from stdin, fix eos forwarding</li>
<li>http: make max-filesize check not count ignored bodies</li>
<li>lib: fix AF_INET6 use outside of USE_IPV6</li>
<li>multi: check that the multi handle is valid in curl_multi_assign</li>
<li>QUIC: on connect, keep on trying on draining server</li>
<li>request: correctly reset the eos_sent flag</li>
<li>setopt: remove superfluous use of ternary expressions</li>
<li>singleuse: drop <code>Curl_memrchr()</code> for no-HTTP builds</li>
<li>tool_cb_wrt: use "curl_response" if no file name in URL</li>
<li>transfer: fix sendrecv() without interim poll</li>
<li>vtls: fix <code>Curl_ssl_conn_config_match</code> doc param</li>
</ul>
</li>
</ul>
<p>Update to version 8.10.0:</p>
<ul>
<li>
<p>Security fixes:</p>
<ul>
<li>[bsc#1230093, CVE-2024-8096] curl: OCSP stapling bypass with GnuTLS</li>
</ul>
</li>
<li>
<p>Changes:</p>
<ul>
<li>curl: make --rate accept "number of units"</li>
<li>curl: make --show-headers the same as --include</li>
<li>curl: support --dump-header % to direct to stderr</li>
<li>curl: support embedding a CA bundle and --dump-ca-embed</li>
<li>curl: support repeated use of the verbose option; -vv etc</li>
<li>curl: use libuv for parallel transfers with --test-event</li>
<li>vtls: stop offering alpn http/1.1 for http2-prior-knowledge</li>
</ul>
</li>
<li>
<p>Bugfixes:</p>
<ul>
<li>curl: allow 500MB data URL encode strings</li>
<li>curl: warn on unsupported SSL options</li>
<li>Curl_rand_bytes to control env override</li>
<li>curl_sha512_256: fix symbol collisions with nettle library</li>
<li>dist: fix reproducible build from release tarball</li>
<li>http2: fix GOAWAY message sent to server</li>
<li>http2: improve rate limiting of downloads</li>
<li>INSTALL.md: MultiSSL and QUIC are mutually exclusive</li>
<li>lib: add eos flag to send methods</li>
<li>lib: make SSPI global symbols use Curl_ prefix</li>
<li>lib: prefer <code>CURL_SHA256_DIGEST_LENGTH</code> over the unprefixed name</li>
<li>lib: remove the final strncpy() calls</li>
<li>lib: remove use of RANDOM_FILE</li>
<li>Makefile.mk: fixup enabling libidn2</li>
<li>max-filesize.md: mention zero disables the limit</li>
<li>mime: avoid inifite loop in client reader</li>
<li>ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks</li>
<li>openssl quic: fix memory leak</li>
<li>openssl: certinfo errors now fail correctly</li>
<li>openssl: fix the data race when sharing an SSL session between threads</li>
<li>openssl: improve shutdown handling</li>
<li>POP3: fix multi-line responses</li>
<li>pop3: use the protocol handler ->write_resp</li>
<li>progress: ratelimit/progress tweaks</li>
<li>rand: only provide weak random when needed</li>
<li>sectransp: fix setting tls version</li>
<li>setopt: make CURLOPT_TFTP_BLKSIZE accept bad values</li>
<li>sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL</li>
<li>sigpipe: init the struct so that first apply ignores</li>
<li>smb: convert superflous assign into assert</li>
<li>smtp: add tracing feature</li>
<li>spnego_gssapi: implement TLS channel bindings for openssl</li>
<li>src: delete <code>curlx_m*printf()</code> aliases</li>
<li>ssh: deduplicate SSH backend includes (and fix libssh cmake unity build)</li>
<li>tool_operhlp: fix "potentially uninitialized local variable 'pc' used"</li>
<li>tool_paramhlp: bump maximum post data size in memory to 16GB</li>
<li>transfer: skip EOS read when download done</li>
<li>url: fix connection reuse for HTTP/2 upgrades</li>
<li>urlapi: verify URL <em>decoded</em> hostname when set</li>
<li>urldata: introduce <code>data->mid</code>, a unique identifier inside a multi</li>
<li>vtls: add SSLSUPP_CIPHER_LIST</li>
<li>vtls: fix static function name collisions between TLS backends</li>
<li>vtls: init ssl peer only once</li>
<li>websocket: introduce blocking sends</li>
<li>ws: flags to opcodes should ignore CURLWS_CONT flag</li>
<li>x509asn1: raise size limit for x509 certification information</li>
</ul>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Micro 6.1
<br/>
<code>zypper in -t patch SUSE-SLE-Micro-6.1-44=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64)
<ul>
<li>curl-debugsource-8.12.1-slfo.1.1_1.1</li>
<li>curl-8.12.1-slfo.1.1_1.1</li>
<li>libcurl4-8.12.1-slfo.1.1_1.1</li>
<li>libcurl4-debuginfo-8.12.1-slfo.1.1_1.1</li>
<li>curl-debuginfo-8.12.1-slfo.1.1_1.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-11053.html">https://www.suse.com/security/cve/CVE-2024-11053.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-8096.html">https://www.suse.com/security/cve/CVE-2024-8096.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-9681.html">https://www.suse.com/security/cve/CVE-2024-9681.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-0665.html">https://www.suse.com/security/cve/CVE-2025-0665.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230093">https://bugzilla.suse.com/show_bug.cgi?id=1230093</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1232528">https://bugzilla.suse.com/show_bug.cgi?id=1232528</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1234068">https://bugzilla.suse.com/show_bug.cgi?id=1234068</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236589">https://bugzilla.suse.com/show_bug.cgi?id=1236589</a>
</li>
</ul>
</div>