Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 506
Alerts This Week
Warning Icon 1 506

Ubuntu 22.10 USN-5702-1 Critical: Curl Service Disruption

ubuntu
Calendar Grey October 26, 2022
Dist Ubuntu Esm H88
Debian Security Bulletin DSA-4875-1 addresses vulnerabilities in curl across various releases; immediate update is recommended.
Several security issues were fixed in curl.

Summary

Several security issues were fixed in curl.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Robby Simpson discovered that curl incorrectly handled certain POST

operations after PUT operations. This issue could cause applications using

curl to send the wrong data, perform incorrect memory operations, or crash.

(CVE-2022-32221)

Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc

files. If an attacker were able to provide a specially crafted .netrc file,

this issue could cause curl to crash, resulting in a denial of service.

This issue only affected Ubuntu 22.10. (CVE-2022-35260)

It was discovered that curl incorrectly handled certain HTTP proxy return

codes. A remote attacker could use this issue to cause curl to crash,

resulting in a denial of service, or possibly execute arbitrary code. This

issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915)

Hiroki Kurosawa discovered that...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
   curl                            7.85.0-1ubuntu0.1
   libcurl3-gnutls                 7.85.0-1ubuntu0.1
   libcurl3-nss                    7.85.0-1ubuntu0.1
   libcurl4                        7.85.0-1ubuntu0.1

Ubuntu 22.04 LTS:
   curl                            7.81.0-1ubuntu1.6
   libcurl3-gnutls                 7.81.0-1ubuntu1.6
   libcurl3-nss                    7.81.0-1ubuntu1.6
   libcurl4                        7.81.0-1ubuntu1.6

Ubuntu 20.04 LTS:
   curl                            7.68.0-1ubuntu2.14
   libcurl3-gnutls                 7.68.0-1ubuntu2.14
   libcurl3-nss                    7.68.0-1ubuntu2.14
   libcurl4                        7.68.0-1ubuntu2.14

Ubuntu 18.04 LTS:
   curl                            7.58.0-2ubuntu3.21
   libcurl3-gnutls                 7.58.0-2ubuntu3.21
   libcurl3-nss                    7.58.0-2ubuntu3.21
   libcurl4                        7.58.0-2ubuntu3.21

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5702-1

CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916

Severity
critical
Lowest
Low
Medium
High
Critical

October 26, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.