============================================================================ Ubuntu Security Notice USN-2474-1 January 15, 2015 curl vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: curl could be tricked into adding arbitrary requests when following certain URLs. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially crafted URL, an attacker could possibly use this issue to inject arbitrary HTTP requests. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libcurl3 7.37.1-1ubuntu3.2 libcurl3-gnutls 7.37.1-1ubuntu3.2 libcurl3-nss 7.37.1-1ubuntu3.2 Ubuntu 14.04 LTS: libcurl3 7.35.0-1ubuntu2.3 libcurl3-gnutls 7.35.0-1ubuntu2.3 libcurl3-nss 7.35.0-1ubuntu2.3 Ubuntu 12.04 LTS: libcurl3 7.22.0-3ubuntu4.12 libcurl3-gnutls 7.22.0-3ubuntu4.12 libcurl3-nss 7.22.0-3ubuntu4.12 Ubuntu 10.04 LTS: libcurl3 7.19.7-1ubuntu1.11 libcurl3-gnutls 7.19.7-1ubuntu1.11 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2474-1 CVE-2014-8150 Package Information: https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.2 https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.3 https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.12 https://launchpad.net/ubuntu/+source/curl/7.19.7-1ubuntu1.11