Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 16.04 ESM: USN-4910-1 Moderate: wget Sensitive Data Exposure

ubuntu
Calendar Grey April 7, 2021
Dist Ubuntu Esm H88
Debian Security Alert DSA-4823-1 uncovers a wget flaw that risks disclosing confidential data across network channels.
curl could be made to expose sensitive information over the network.

Summary

curl could be made to expose sensitive information over the

network.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Viktor Szakats discovered that curl did not strip off user credentials

from referrer header fields. A remote attacker could possibly use this

issue to obtain sensitive information.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  curl                            7.35.0-1ubuntu2.20+esm7
  libcurl3                        7.35.0-1ubuntu2.20+esm7
  libcurl3-gnutls                 7.35.0-1ubuntu2.20+esm7
  libcurl3-nss                    7.35.0-1ubuntu2.20+esm7

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-4903-1

  CVE-2021-22876

Severity
important
Lowest
Low
Medium
High
Critical

April 07, 2021

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here