Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Ubuntu 17.04 USN-3262-1 Moderate: Curl Network Access Threat

Calendar Apr 21, 2017 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate severity ubuntu curl network access tls
Applications using curl could allow unintended access over the network. 
=========================================================================Ubuntu Security Notice USN-3262-1
April 20, 2017

curl vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04

Summary:

Applications using curl could allow unintended access over the network.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

It was discovered that curl incorrectly handled client certificates when
resuming a TLS session. A remote attacker could use this to hijack a
previously authenticated connection.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  curl                            7.52.1-4ubuntu1.1
  libcurl3                        7.52.1-4ubuntu1.1
  libcurl3-gnutls                 7.52.1-4ubuntu1.1
  libcurl3-nss                    7.52.1-4ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
  
  CVE-2017-7468

Package Information:
  https://launchpad.net/ubuntu/+source/curl/7.52.1-4ubuntu1.1

Ubuntu 17.04 USN-3262-1 Moderate: Curl Network Access Threat

ubuntu
Calendar Grey April 21, 2017
Dist Ubuntu Esm H88
Ubuntu Security Alert USN-3262-1 addresses a curl vulnerability that enables unauthorized network access stemming from improper TLS handling.
Applications using curl could allow unintended access over the network.

Summary

Topics%20covered

Topics Covered

security advisory moderate severity ubuntu curl network access tls

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: curl 7.52.1-4ubuntu1.1 libcurl3 7.52.1-4ubuntu1.1 libcurl3-gnutls 7.52.1-4ubuntu1.1 libcurl3-nss 7.52.1-4ubuntu1.1 In general, a standard system update will make all the necessary changes.

References

CVE-2017-7468

April 20, 2017

Topics%20covered

Topics Covered

security advisory moderate severity ubuntu curl network access tls

Package Information

https://launchpad.net/ubuntu/+source/curl/7.52.1-4ubuntu1.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here