Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP
credentials when subsequently connecting to the same host over HTTP.
(CVE-2015-3143)
Hanno Böck discovered that curl incorrectly handled zero-length host names.
If a user or automated system were tricked into using a specially crafted
host name, an attacker could possibly use this issue to cause curl to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04.
(CVE-2015-3144)
Hanno Böck discovered that curl incorrectly handled cookie path elements.
If a user or automated system were tricked into parsing a specially crafted
cookie, an attacker could possibly use this issue to cause curl to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only a...
The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libcurl3 7.38.0-3ubuntu2.2 libcurl3-gnutls 7.38.0-3ubuntu2.2 libcurl3-nss 7.38.0-3ubuntu2.2 Ubuntu 14.10: libcurl3 7.37.1-1ubuntu3.4 libcurl3-gnutls 7.37.1-1ubuntu3.4 libcurl3-nss 7.37.1-1ubuntu3.4 Ubuntu 14.04 LTS: libcurl3 7.35.0-1ubuntu2.5 libcurl3-gnutls 7.35.0-1ubuntu2.5 libcurl3-nss 7.35.0-1ubuntu2.5 Ubuntu 12.04 LTS: libcurl3 7.22.0-3ubuntu4.14 libcurl3-gnutls 7.22.0-3ubuntu4.14 libcurl3-nss 7.22.0-3ubuntu4.14 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-2591-1
CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148,
CVE-2015-3153
Get the latest Linux and open source security news straight to your inbox.