Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 20.10: USN-4900-1 Moderate: Security Vulnerability in wget

ubuntu
Calendar Grey March 31, 2021
Dist Ubuntu Esm H88
Critical data might be compromised via network channels due to curl flaws impacting various Ubuntu versions.
curl could be made to expose sensitive information over the network.

Summary

curl could be made to expose sensitive information over the network.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Viktor Szakats discovered that curl did not strip off user credentials

from referrer header fields. A remote attacker could possibly use this

issue to obtain sensitive information. (CVE-2021-22876)

Mingtao Yang discovered that curl incorrectly handled session tickets when

using an HTTPS proxy. A remote attacker in control of an HTTPS proxy could

use this issue to bypass certificate checks and intercept communications.

This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10.

(CVE-2021-22890)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  curl                            7.68.0-1ubuntu4.3
  libcurl3-gnutls                 7.68.0-1ubuntu4.3
  libcurl3-nss                    7.68.0-1ubuntu4.3
  libcurl4                        7.68.0-1ubuntu4.3

Ubuntu 20.04 LTS:
  curl                            7.68.0-1ubuntu2.5
  libcurl3-gnutls                 7.68.0-1ubuntu2.5
  libcurl3-nss                    7.68.0-1ubuntu2.5
  libcurl4                        7.68.0-1ubuntu2.5

Ubuntu 18.04 LTS:
  curl                            7.58.0-2ubuntu3.13
  libcurl3-gnutls                 7.58.0-2ubuntu3.13
  libcurl3-nss                    7.58.0-2ubuntu3.13
  libcurl4                        7.58.0-2ubuntu3.13

Ubuntu 16.04 LTS:
  curl                            7.47.0-1ubuntu2.19
  libcurl3                        7.47.0-1ubuntu2.19
  libcurl3-gnutls                 7.47.0-1ubuntu2.19
  libcurl3-nss                    7.47.0-1ubuntu2.19

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4898-1

CVE-2021-22876, CVE-2021-22890

March 31, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here