Ubuntu Security Notice USN-3262-1

Ubuntu Security Notice USN-3262-1: Posted Apr 21, 2017; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3262-1 - It was discovered that curl incorrectly handled client certificates when resuming a TLS session. A remote attacker could use this to hijack a previously authenticated connection.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2017-7468; SHA-256 | 4d0f9cc1207ab7e0a120544717caa6484e9e7480b27c6d6a66b424de792e25bc; Download | Favorite | View

Ubuntu Security Notice USN-3262-1


==========================================================================
Ubuntu Security Notice USN-3262-1
April 20, 2017

curl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04

Summary:

Applications using curl could allow unintended access over the network.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

It was discovered that curl incorrectly handled client certificates when
resuming a TLS session. A remote attacker could use this to hijack a
previously authenticated connection.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  curl                            7.52.1-4ubuntu1.1
  libcurl3                        7.52.1-4ubuntu1.1
  libcurl3-gnutls                 7.52.1-4ubuntu1.1
  libcurl3-nss                    7.52.1-4ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-3262-1
  CVE-2017-7468

Package Information:
  https://launchpad.net/ubuntu/+source/curl/7.52.1-4ubuntu1.1


--Izn7cH1Com+I3R9J

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJY+VPZAAoJEC8Jno0AXoH0Y8oP/1Udei2YXPYMXcgEnzAmNuhg
aW2VVS0nwefdqzuBSDAKr5LnDry5gB+sTeEWiIoOD7LiYEHkuNBNrvjpbSEhrLu3
XvPN1vhJOdlIyFu9CQcjRwyAdDsqVYdmYi67BAISA/XgINPtYE6myUIKlu7Sj2KR
JJNzUZ0ysDw6gllIANW3lbqHGHPtFNjdnAtJO4xek3o9GIN140Nvozka/GF+XLXH
V+Hfa1HV2CJ+/ByhWHEI8MS2Ym0cBzMb5ehnO8LdxPjqa0FLRBBCFXW1ELxleiAj
4frn2s3vuAF0FU/yWndQk7ha9C8EGJoD+stKgvPbe+yVrWE7+yM82ytBcdu651fA
UFLQfmzJrDjCel16hL1ASj7jrONfP75EpMuMRXA7XYfdaC3QeWey/VgRgn6Dac2A
s7060PjlOsjicJH9KV0xhMM/jqp4Xd54CangOHctHg+0hEYoYGUiVzJrgLiuVQ46
FyZi5QONDFNSIOvMIMQjIm3tupgYICzv5Qo2geww8IHDtkwkLDe+fvqKhKGiTJKO
yqD+eUrS3zkDQO7xKkY5CmkYRagyx5YO19/rtadMMWS7gNXxqz6iUWozd5ksRMBd
Y1uzaxhUHKxVay2+S1+GIBM8z5AUA4hguho+OQYCkUDixEkaJFOfFNtqJ4y/P7EP
UlBQo4piCyVqdBMUlc0I
=fh04
-----END PGP SIGNATURE-----

--Izn7cH1Com+I3R9J--

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Ubuntu Security Notice USN-3262-1

Ubuntu Security Notice USN-3262-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-3262-1

Share This

Ubuntu Security Notice USN-3262-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems