Ubuntu 5702-2: curl vulnerability | LinuxSecurity.com
==========================================================================
Ubuntu Security Notice USN-5702-2
October 26, 2022

curl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

curl could crash if it received a specially crafted POST
operations after PUT operations.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-5702-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

 Robby Simpson discovered that curl incorrectly handled certain POST
 operations after PUT operations. This issue could cause applications using
 curl to send the wrong data, perform incorrect memory operations, or crash.
 (CVE-2022-32221)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  curl                            7.47.0-1ubuntu2.19+esm6
  libcurl3                        7.47.0-1ubuntu2.19+esm6
  libcurl3-gnutls                 7.47.0-1ubuntu2.19+esm6
  libcurl3-nss                    7.47.0-1ubuntu2.19+esm6

Ubuntu 14.04 ESM:
  curl                            7.35.0-1ubuntu2.20+esm13
  libcurl3                        7.35.0-1ubuntu2.20+esm13
  libcurl3-gnutls                 7.35.0-1ubuntu2.20+esm13
  libcurl3-nss                    7.35.0-1ubuntu2.20+esm13

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5702-2
  https://ubuntu.com/security/notices/USN-5702-1
  CVE-2022-32221

Ubuntu 5702-2: curl vulnerability

October 26, 2022

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: curl could crash if it received a specially crafted POST operations after PUT operations. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. (CVE-2022-32221)

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: curl 7.47.0-1ubuntu2.19+esm6 libcurl3 7.47.0-1ubuntu2.19+esm6 libcurl3-gnutls 7.47.0-1ubuntu2.19+esm6 libcurl3-nss 7.47.0-1ubuntu2.19+esm6 Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm13 libcurl3 7.35.0-1ubuntu2.20+esm13 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm13 libcurl3-nss 7.35.0-1ubuntu2.20+esm13 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5702-2

https://ubuntu.com/security/notices/USN-5702-1

CVE-2022-32221

Severity
Ubuntu Security Notice USN-5702-2

Package Information

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.