Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 565
Alerts This Week
Warning Icon 1 565

Ubuntu 12.04 ESM USN-3598-2 Important: Curl Denial of Service Issues

ubuntu
Calendar Grey May 24, 2018
Scroller Ubuntu
A number of vulnerabilities in curl were addressed to mitigate DoS and remote code execution threats in Ubuntu 12.04 ESM.
Several security issues were fixed in curl.

Summary

Several security issues were fixed in curl.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-3598-1 fixed a vulnerability in curl. This update provides

the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Phan Thanh discovered that curl incorrectly handled certain FTP paths.

 An attacker could use this to cause a denial of service or possibly

 execute arbitrary code. (CVE-2018-1000120)

 Dario Weisser discovered that curl incorrectly handled certain LDAP

 URLs. An attacker could possibly use this issue to cause a denial of

 service. (CVE-2018-1000121)

 Max Dymond discovered that curl incorrectly handled certain RTSP data.

 An attacker could possibly use this to cause a denial of service or

 even to get access to sensitive data. (CVE-2018-1000122)

 Max Dymond discovered that curl incorrectly handled certain RTSP

 responses. If a user or automated system were tricked into conn...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  curl                            7.22.0-3ubuntu4.21
  libcurl3                        7.22.0-3ubuntu4.21
  libcurl3-gnutls                 7.22.0-3ubuntu4.21
  libcurl3-nss                    7.22.0-3ubuntu4.21

In general, a standard system update will make all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-3598-2

 

  CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301

Severity
important
Lowest
Low
Medium
High
Critical

May 24, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.