Ubuntu Security Notice 5495-1 - Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS.
1fe65184779786d3ab56c3974f55e77232c7046926fa263b44ad43d6389575e2==========================================================================
Ubuntu Security Notice USN-5495-1
June 27, 2022
curl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages.
An attacker could possibly use this to perform a machine-in-the-diddle attack.
(CVE-2022-32208)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
curl 7.81.0-1ubuntu1.3
libcurl3-gnutls 7.81.0-1ubuntu1.3
libcurl3-nss 7.81.0-1ubuntu1.3
libcurl4 7.81.0-1ubuntu1.3
Ubuntu 21.10:
curl 7.74.0-1.3ubuntu2.3
libcurl3-gnutls 7.74.0-1.3ubuntu2.3
libcurl3-nss 7.74.0-1.3ubuntu2.3
libcurl4 7.74.0-1.3ubuntu2.3
Ubuntu 20.04 LTS:
curl 7.68.0-1ubuntu2.12
libcurl3-gnutls 7.68.0-1ubuntu2.12
libcurl3-nss 7.68.0-1ubuntu2.12
libcurl4 7.68.0-1ubuntu2.12
Ubuntu 18.04 LTS:
curl 7.58.0-2ubuntu3.19
libcurl3-gnutls 7.58.0-2ubuntu3.19
libcurl3-nss 7.58.0-2ubuntu3.19
libcurl4 7.58.0-2ubuntu3.19
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5495-1
CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208
Package Information:
https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3
https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3
https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12
https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed