Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Ubuntu 22.04 LTS: USN-5495-1 Critical: Curl Denial Of Service

Calendar Jun 27, 2022 User Avatar LinuxSecurity Advisories
2 - 3 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service critical information exposure ubuntu curl
Several security issues were fixed in curl. 
=========================================================================Ubuntu Security Notice USN-5495-1
June 27, 2022

curl vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in curl.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)

Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)

Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)

Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages.
An attacker could possibly use this to perform a machine-in-the-diddle attack.
(CVE-2022-32208)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  curl                            7.81.0-1ubuntu1.3
  libcurl3-gnutls                 7.81.0-1ubuntu1.3
  libcurl3-nss                    7.81.0-1ubuntu1.3
  libcurl4                        7.81.0-1ubuntu1.3

Ubuntu 21.10:
  curl                            7.74.0-1.3ubuntu2.3
  libcurl3-gnutls                 7.74.0-1.3ubuntu2.3
  libcurl3-nss                    7.74.0-1.3ubuntu2.3
  libcurl4                        7.74.0-1.3ubuntu2.3

Ubuntu 20.04 LTS:
  curl                            7.68.0-1ubuntu2.12
  libcurl3-gnutls                 7.68.0-1ubuntu2.12
  libcurl3-nss                    7.68.0-1ubuntu2.12
  libcurl4                        7.68.0-1ubuntu2.12

Ubuntu 18.04 LTS:
  curl                            7.58.0-2ubuntu3.19
  libcurl3-gnutls                 7.58.0-2ubuntu3.19
  libcurl3-nss                    7.58.0-2ubuntu3.19
  libcurl4                        7.58.0-2ubuntu3.19

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5495-1
  CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208

Package Information:
  https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3
  https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3
  https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12
  https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19

Ubuntu 22.04 LTS: USN-5495-1 Critical: Curl Denial Of Service

ubuntu
Calendar Grey June 27, 2022
Dist Ubuntu Esm H88
Essential enhancements for curl targeting various security vulnerabilities in all active Ubuntu LTS editions.
Several security issues were fixed in curl.

Summary

Topics%20covered

Topics Covered

security advisory denial of service critical information exposure ubuntu curl

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss 7.81.0-1ubuntu1.3 libcurl4 7.81.0-1ubuntu1.3 Ubuntu 21.10: curl 7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss 7.74.0-1.3ubuntu2.3 libcurl4 7.74.0-1.3ubuntu2.3 Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss 7.68.0-1ubuntu2.12 libcurl4 7.68.0-1ubuntu2.12 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss 7.58.0-2ubuntu3.19 libcurl4 7.58.0-2ubuntu3.19 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5495-1

CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208

Severity
critical
Lowest
Low
Medium
High
Critical

June 27, 2022

Topics%20covered

Topics Covered

security advisory denial of service critical information exposure ubuntu curl

Package Information

https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3 https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3 https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12 https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here