Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

Ubuntu 16.04 ESM USN-5702-2 Critical Curl POST Crash Advisory

ubuntu
Calendar Grey October 26, 2022
Dist Ubuntu Esm H88
Ubuntu Security Advisory USN-5702-2 has disclosed a vulnerability in curl affecting Ubuntu 14.04 and 16.04 ESM. Urgent measures are required.
curl could crash if it received a specially crafted POST operations after PUT operations.

Summary

curl could crash if it received a specially crafted POST

operations after PUT operations.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-5702-1 fixed a vulnerability in curl. This update provides

the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Robby Simpson discovered that curl incorrectly handled certain POST

operations after PUT operations. This issue could cause applications using

curl to send the wrong data, perform incorrect memory operations, or crash.

(CVE-2022-32221)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  curl                            7.47.0-1ubuntu2.19+esm6
  libcurl3                        7.47.0-1ubuntu2.19+esm6
  libcurl3-gnutls                 7.47.0-1ubuntu2.19+esm6
  libcurl3-nss                    7.47.0-1ubuntu2.19+esm6

Ubuntu 14.04 ESM:
  curl                            7.35.0-1ubuntu2.20+esm13
  libcurl3                        7.35.0-1ubuntu2.20+esm13
  libcurl3-gnutls                 7.35.0-1ubuntu2.20+esm13
  libcurl3-nss                    7.35.0-1ubuntu2.20+esm13

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5702-2

https://ubuntu.com/security/notices/USN-5702-1

CVE-2022-32221

Severity
critical
Lowest
Low
Medium
High
Critical

October 26, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.