Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

Ubuntu 14.04 ESM: USN-4466-2 High: curl Information Exposure Risk

ubuntu
Calendar Grey August 20, 2020
Dist Ubuntu Esm H88
Ubuntu 14.04 LTS ESM patch addresses curl vulnerabilities that threaten user data security.
curl could be made to expose sensitive information over the network.

Summary

curl could be made to expose sensitive information over the network.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-4466-1 fixed a vulnerability in curl. This update provides

the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Marc Aldorasi discovered that curl incorrectly handled the libcurl

CURLOPT_CONNECT_ONLY option. This could result in data being sent to the

wrong destination, possibly exposing sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  curl                            7.35.0-1ubuntu2.20+esm5
  libcurl3-gnutls                 7.35.0-1ubuntu2.20+esm5
  libcurl3-nss                    7.35.0-1ubuntu2.20+esm5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4466-2

https://ubuntu.com/security/notices/USN-4466-1

CVE-2020-8231

August 20, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here