SUSE: 2021:199-1 suse/sles12sp5 Security Update
Summary
Advisory ID: SUSE-SU-2021:1763-1 Released: Wed May 26 12:31:57 2021 Summary: Security update for curl Type: security Severity: moderate
References
References : 1186114 CVE-2021-22898
1186114,CVE-2021-22898
This update for curl fixes the following issues:
- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).
- Allow partial chain verification [jsc#SLE-17956]
* Have intermediate certificates in the trust store be treated
as trust-anchors, in the same way as self-signed root CA
certificates are. This allows users to verify servers using
the intermediate cert only, instead of needing the whole chain.
* Set FLAG_TRUSTED_FIRST unconditionally.
* Do not check partial chains with CRL check.