Ubuntu Security Notice USN-6429-2

Ubuntu Security Notice USN-6429-2: Posted Oct 12, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6429-2 - USN-6429-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that curl incorrectly handled cookies when an application duplicated certain handles. A local attacker could possibly create a cookie file and inject arbitrary cookies into subsequent connections.; tags | advisory, arbitrary, local; systems | linux, ubuntu; advisories | CVE-2023-38546; SHA-256 | 211a76272374a882b7a467a4ffd2ecb79519a76199cb3aad13e8f2d5864a2e82; Download | Favorite | View

Ubuntu Security Notice USN-6429-2

==========================================================================
Ubuntu Security Notice USN-6429-2
October 11, 2023

curl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in curl.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-6429-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS
and Ubuntu 18.04 LTS.

Original advisory details:

 It was discovered that curl incorrectly handled cookies when an application
 duplicated certain handles. A local attacker could possibly create a cookie
 file and inject arbitrary cookies into subsequent connections.
 (CVE-2023-38546)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  curl                            7.58.0-2ubuntu3.24+esm2
  libcurl3-gnutls                 7.58.0-2ubuntu3.24+esm2
  libcurl3-nss                    7.58.0-2ubuntu3.24+esm2
  libcurl4                        7.58.0-2ubuntu3.24+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  curl                            7.47.0-1ubuntu2.19+esm10
  libcurl3                        7.47.0-1ubuntu2.19+esm10
  libcurl3-gnutls                 7.47.0-1ubuntu2.19+esm10
  libcurl3-nss                    7.47.0-1ubuntu2.19+esm10

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
  curl                            7.35.0-1ubuntu2.20+esm17
  libcurl3                        7.35.0-1ubuntu2.20+esm17
  libcurl3-gnutls                 7.35.0-1ubuntu2.20+esm17
  libcurl3-nss                    7.35.0-1ubuntu2.20+esm17

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6429-2
  https://ubuntu.com/security/notices/USN-6429-1
  CVE-2023-38546

Top Authors In Last 30 Days

Red Hat 260 files
Ubuntu 90 files
indoushka 64 files
Jasper Nota 25 files
Gentoo 19 files
Willem Westerhof 19 files
Debian 15 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,090)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,547)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,646)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,459)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,729)
UNIX (9,433)
UnixWare (187)
Windows (6,670)
Other

Ubuntu Security Notice USN-6429-2

Ubuntu Security Notice USN-6429-2

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-6429-2

Share This

Ubuntu Security Notice USN-6429-2

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems