Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 528
Alerts This Week
Warning Icon 1 528

Ubuntu 14.04 ESM, 16.04 ESM: USN-5499-1 Critical: curl Denial Of Service

ubuntu
Calendar Grey June 30, 2022
Dist Ubuntu Esm H88
Numerous vulnerabilities addressed in curl impacting Ubuntu 14.04 and 16.04 Extended Security Maintenance; corrective measures offered for the compromised releases.
Several security issues were fixed in curl.

Summary

Several security issues were fixed in curl.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Florian Kohnhuser discovered that curl incorrectly handled returning a

TLS server’s certificate chain details. A remote attacker could possibly

use this issue to cause curl to stop responding, resulting in a denial of

service. (CVE-2022-27781)

Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB

messages. An attacker could possibly use this to perform a

machine-in-the-middle attack. (CVE-2022-32208)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
curl 7.47.0-1ubuntu2.19+esm4
libcurl3 7.47.0-1ubuntu2.19+esm4
libcurl3-gnutls 7.47.0-1ubuntu2.19+esm4
libcurl3-nss 7.47.0-1ubuntu2.19+esm4

Ubuntu 14.04 ESM:
curl 7.35.0-1ubuntu2.20+esm11
libcurl3 7.35.0-1ubuntu2.20+esm11
libcurl3-gnutls 7.35.0-1ubuntu2.20+esm11
libcurl3-nss 7.35.0-1ubuntu2.20+esm11

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5499-1

CVE-2022-27781, CVE-2022-32208

Severity
critical
Lowest
Low
Medium
High
Critical

July 01, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.