Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Ubuntu 11.10: 1346-1 Moderate: Curl Data Injection Risk

Calendar Jan 24, 2012 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory ubuntu curl moderate alert data injection
curl could be tricked into injecting arbitrary data if it handled a malicious URL. 
=========================================================================Ubuntu Security Notice USN-1346-1
January 24, 2012

curl vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10

Summary:

curl could be tricked into injecting arbitrary data if it handled a
malicious URL.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Dan Fandrich discovered that curl incorrectly handled URLs containing
embedded or percent-encoded control characters. If a user or automated
system were tricked into processing a specially crafted URL, arbitrary
data could be injected.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  libcurl3                        7.21.6-3ubuntu3.2
  libcurl3-gnutls                 7.21.6-3ubuntu3.2
  libcurl3-nss                    7.21.6-3ubuntu3.2

Ubuntu 11.04:
  libcurl3                        7.21.3-1ubuntu1.5
  libcurl3-gnutls                 7.21.3-1ubuntu1.5
  libcurl3-nss                    7.21.3-1ubuntu1.5

Ubuntu 10.10:
  libcurl3                        7.21.0-1ubuntu1.3
  libcurl3-gnutls                 7.21.0-1ubuntu1.3

In general, a standard system update will make all the necessary changes.

References:
  
  CVE-2012-0036

Package Information:
  https://launchpad.net/ubuntu/+source/curl/7.21.6-3ubuntu3.2
  https://launchpad.net/ubuntu/+source/curl/7.21.3-1ubuntu1.5
  https://launchpad.net/ubuntu/+source/curl/7.21.0-1ubuntu1.3

Ubuntu 11.10: 1346-1 Moderate: Curl Data Injection Risk

ubuntu
Calendar Grey January 24, 2012
Dist Ubuntu Esm H88
Recent security flaw in Ubuntu's curl could permit unauthorized data injection via compromised URLs. Immediate update suggested to ensure protection.
curl could be tricked into injecting arbitrary data if it handled a malicious URL.

Summary

Topics%20covered

Topics Covered

security advisory ubuntu curl moderate alert data injection

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libcurl3 7.21.6-3ubuntu3.2 libcurl3-gnutls 7.21.6-3ubuntu3.2 libcurl3-nss 7.21.6-3ubuntu3.2 Ubuntu 11.04: libcurl3 7.21.3-1ubuntu1.5 libcurl3-gnutls 7.21.3-1ubuntu1.5 libcurl3-nss 7.21.3-1ubuntu1.5 Ubuntu 10.10: libcurl3 7.21.0-1ubuntu1.3 libcurl3-gnutls 7.21.0-1ubuntu1.3 In general, a standard system update will make all the necessary changes.

References

CVE-2012-0036

Severity
important
Lowest
Low
Medium
High
Critical

January 24, 2012

Topics%20covered

Topics Covered

security advisory ubuntu curl moderate alert data injection

Package Information

https://launchpad.net/ubuntu/+source/curl/7.21.6-3ubuntu3.2 https://launchpad.net/ubuntu/+source/curl/7.21.3-1ubuntu1.5 https://launchpad.net/ubuntu/+source/curl/7.21.0-1ubuntu1.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here