========================================================================= Ubuntu Security Notice USN-4129-2 September 12, 2019 curl vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: curl could be made to crash or possibly execute arbitrary code if it incorrectly handled memory during TFTP transfers. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: USN-4129-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm3 libcurl3 7.35.0-1ubuntu2.20+esm3 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm3 libcurl3-nss 7.35.0-1ubuntu2.20+esm3 Ubuntu 12.04 ESM: curl 7.22.0-3ubuntu4.27 libcurl3 7.22.0-3ubuntu4.27 libcurl3-gnutls 7.22.0-3ubuntu4.27 libcurl3-nss 7.22.0-3ubuntu4.27 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4129-2 https://usn.ubuntu.com/4129-1 CVE-2019-5482