Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 634
Alerts This Week
Warning Icon 1 634

Ubuntu 14.04 ESM: USN-4129-2 Critical Curl Code Execution Risk

ubuntu
Calendar Grey September 12, 2019
Dist Ubuntu Esm H88
A critical vulnerability in the curl library for Ubuntu ESM has been found, requiring swift action to address memory handling issues and secure systems
curl could be made to crash or possibly execute arbitrary code if it incorrectly handled memory during TFTP transfers.

Summary

curl could be made to crash or possibly execute arbitrary code

if it incorrectly handled memory during TFTP transfers.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-4129-1 fixed a vulnerability in curl. This update provides

the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.

Original advisory details:

Thomas Vegas discovered that curl incorrectly handled memory during TFTP

transfers. A remote attacker could use this issue to crash curl, resulting

in a denial of service, or possibly execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  curl                            7.35.0-1ubuntu2.20+esm3
  libcurl3                        7.35.0-1ubuntu2.20+esm3
  libcurl3-gnutls                 7.35.0-1ubuntu2.20+esm3
  libcurl3-nss                    7.35.0-1ubuntu2.20+esm3

Ubuntu 12.04 ESM:
  curl                            7.22.0-3ubuntu4.27
  libcurl3                        7.22.0-3ubuntu4.27
  libcurl3-gnutls                 7.22.0-3ubuntu4.27
  libcurl3-nss                    7.22.0-3ubuntu4.27

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4129-1

CVE-2019-5482

Severity
critical
Lowest
Low
Medium
High
Critical

September 12, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.