Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Ubuntu 22.04 LTS: USN-5495-1 Critical: Curl Denial Of Service

ubuntu
Calendar Grey June 27, 2022
Dist Ubuntu Esm H88
Essential enhancements for curl targeting various security vulnerabilities in all active Ubuntu LTS editions.
Several security issues were fixed in curl.

Summary

Several security issues were fixed in curl.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Harry Sintonen discovered that curl incorrectly handled certain cookies.

An attacker could possibly use this issue to cause a denial of service.

This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)

Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.

An attacker could possibly use this issue to cause a denial of service.

(CVE-2022-32206)

Harry Sintonen incorrectly handled certain file permissions.

An attacker could possibly use this issue to expose sensitive information.

This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)

Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages.

An attacker could possibly use this to perform a machine-in-the-diddle attack.

(CVE-2022-32208)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  curl                            7.81.0-1ubuntu1.3
  libcurl3-gnutls                 7.81.0-1ubuntu1.3
  libcurl3-nss                    7.81.0-1ubuntu1.3
  libcurl4                        7.81.0-1ubuntu1.3

Ubuntu 21.10:
  curl                            7.74.0-1.3ubuntu2.3
  libcurl3-gnutls                 7.74.0-1.3ubuntu2.3
  libcurl3-nss                    7.74.0-1.3ubuntu2.3
  libcurl4                        7.74.0-1.3ubuntu2.3

Ubuntu 20.04 LTS:
  curl                            7.68.0-1ubuntu2.12
  libcurl3-gnutls                 7.68.0-1ubuntu2.12
  libcurl3-nss                    7.68.0-1ubuntu2.12
  libcurl4                        7.68.0-1ubuntu2.12

Ubuntu 18.04 LTS:
  curl                            7.58.0-2ubuntu3.19
  libcurl3-gnutls                 7.58.0-2ubuntu3.19
  libcurl3-nss                    7.58.0-2ubuntu3.19
  libcurl4                        7.58.0-2ubuntu3.19

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5495-1

CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208

Severity
critical
Lowest
Low
Medium
High
Critical

June 27, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.