Ubuntu Security Notice USN-726-2 - USN-726-1 fixed a vulnerability in curl. Due to an incomplete fix, a regression was introduced in Ubuntu 8.10 that caused certain types of URLs to fail. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that curl did not enforce any restrictions when following URL redirects. If a user or automated system were tricked into opening a URL to an untrusted server, an attacker could use redirects to gain access to arbitrary files. This update changes curl behavior to prevent following "file" URLs after a redirect.
f5a7df32f5ce2e525d6748cb5ce65cbafa95dd0c4c28e280fdc022870b5adcca===========================================================
Ubuntu Security Notice USN-726-2 March 04, 2009
curl regression
https://launchpad.net/bugs/337501
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
libcurl3 7.18.2-1ubuntu4.3
libcurl3-gnutls 7.18.2-1ubuntu4.3
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
USN-726-1 fixed a vulnerability in curl. Due to an incomplete fix, a regression
was introduced in Ubuntu 8.10 that caused certain types of URLs to fail. This
update fixes the problem. We apologize for the inconvenience.
Original advisory details:
It was discovered that curl did not enforce any restrictions when following
URL redirects. If a user or automated system were tricked into opening a URL to
an untrusted server, an attacker could use redirects to gain access to abitrary
files. This update changes curl behavior to prevent following "file" URLs after
a redirect.
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3.diff.gz
Size/MD5: 22444 f03a34d199a3dfe6862d4f93b6704e10
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3.dsc
Size/MD5: 1491 906af0232a5e1c0a02e921eb508eff57
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2.orig.tar.gz
Size/MD5: 2273077 4fe99398a64a34613c9db7bd61bf6e3c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 210392 605f35f7ab21dc4ed16205f73f5ce335
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 1124818 52b6531b8d0ba56e47844b90faaa7d88
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 216220 700b648d0e4b4346da9dd4ba9421962f
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 223312 58580fc77cdd1a93439ee92875aee1fc
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 926208 16822154e80a941fd4305169d7979379
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_amd64.deb
Size/MD5: 933192 ae5cc0e338e4f2d9f43ceac6c92303f0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 209182 e34d8187746e820d6328fdc4540e7e73
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 1092044 3d9e9bf04f0dd77c09ff967ce0822011
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 212674 bdad3624169c184cdee7153dfdc61a16
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 219586 e9b3008f8cb5047b326b4d3f1f6e0323
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 899702 6dd63d112bdc8055636b2c8edfdd24a2
http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_i386.deb
Size/MD5: 905420 ff0b8f23fd90555ffe215698ac644cdf
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 208850 1c452ad9122b12518bf1b5c8b3996c3b
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 1099132 7735bb7e7c240be1a5f9ee749a67eb6e
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 210934 5f3eea9bf9eece8f91200332c6f41b6a
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 217456 eebef9ad6914c70cb38b0fa08875233c
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 898570 21805c5b24e9477670aad07d167d56ab
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_lpia.deb
Size/MD5: 903918 90628d272b4301c968ef5cf446c778fe
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 212598 4003e25fccb2f67b75f451e60d7e9362
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 1130394 f755328b6c0df8b6963ea39255594cfb
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 223766 b72e7008472791b08bba97fc57857f1b
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 229632 d891ef64864441ba7f2496c29b57d49a
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 925530 35c2284ab719cb773592ea4bc8679af6
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_powerpc.deb
Size/MD5: 931828 f29cf3a604d660801e1b011fa409af90
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 209654 b25b0908a500fb1c6ba5e9af876249ac
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 1072608 7c3c67a9fcd09e1807a22d6ba110790e
http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 209368 cb36362b891401548905671dee5057db
http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 214076 49e05a9531109bcc7cbbce75adb29681
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 904932 56300cb1c407a1b90d23b72a22df0b56
http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_sparc.deb
Size/MD5: 909964 92dc9ddcf638da3dcac80c7f90373b10
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed