Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Ubuntu: 2097-1 Moderate Vulnerability in libcurl Authentication

Calendar Feb 03, 2014 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate authentication information exposure ubuntu curl libcurl
libcurl could be made to expose sensitive information. 
=========================================================================Ubuntu Security Notice USN-2097-1
February 03, 2014

curl vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

libcurl could be made to expose sensitive information.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly
reused connections when NTLM authentication was being used. This could lead
to the use of unintended credentials, possibly exposing sensitive
information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
  libcurl3                        7.32.0-1ubuntu1.3
  libcurl3-gnutls                 7.32.0-1ubuntu1.3
  libcurl3-nss                    7.32.0-1ubuntu1.3

Ubuntu 12.10:
  libcurl3                        7.27.0-1ubuntu1.8
  libcurl3-gnutls                 7.27.0-1ubuntu1.8
  libcurl3-nss                    7.27.0-1ubuntu1.8

Ubuntu 12.04 LTS:
  libcurl3                        7.22.0-3ubuntu4.7
  libcurl3-gnutls                 7.22.0-3ubuntu4.7
  libcurl3-nss                    7.22.0-3ubuntu4.7

Ubuntu 10.04 LTS:
  libcurl3                        7.19.7-1ubuntu1.6
  libcurl3-gnutls                 7.19.7-1ubuntu1.6

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2097-1
  CVE-2014-0015

Package Information:
  https://launchpad.net/ubuntu/+source/curl/7.32.0-1ubuntu1.3
  https://launchpad.net/ubuntu/+source/curl/7.27.0-1ubuntu1.8
  https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.7
  https://launchpad.net/ubuntu/+source/curl/7.19.7-1ubuntu1.6

Ubuntu: 2097-1 Moderate Vulnerability in libcurl Authentication

ubuntu
Calendar Grey February 3, 2014
Dist Ubuntu Esm H88
Ensure your Ubuntu system is secure from curl vulnerabilities that may jeopardize your sensitive data. Execute the necessary commands to apply recent security updates
libcurl could be made to expose sensitive information.

Summary

Topics%20covered

Topics Covered

security advisory moderate authentication information exposure ubuntu curl libcurl

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libcurl3 7.32.0-1ubuntu1.3 libcurl3-gnutls 7.32.0-1ubuntu1.3 libcurl3-nss 7.32.0-1ubuntu1.3 Ubuntu 12.10: libcurl3 7.27.0-1ubuntu1.8 libcurl3-gnutls 7.27.0-1ubuntu1.8 libcurl3-nss 7.27.0-1ubuntu1.8 Ubuntu 12.04 LTS: libcurl3 7.22.0-3ubuntu4.7 libcurl3-gnutls 7.22.0-3ubuntu4.7 libcurl3-nss 7.22.0-3ubuntu4.7 Ubuntu 10.04 LTS: libcurl3 7.19.7-1ubuntu1.6 libcurl3-gnutls 7.19.7-1ubuntu1.6 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2097-1

CVE-2014-0015

February 03, 2014

Topics%20covered

Topics Covered

security advisory moderate authentication information exposure ubuntu curl libcurl

Package Information

https://launchpad.net/ubuntu/+source/curl/7.32.0-1ubuntu1.3 https://launchpad.net/ubuntu/+source/curl/7.27.0-1ubuntu1.8 https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.7 https://launchpad.net/ubuntu/+source/curl/7.19.7-1ubuntu1.6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here