Explore top 10 tips to secure your open-source projects now. Read More
×
curl could crash if it received a specially crafted POST
operations after PUT operations.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
USN-5702-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Robby Simpson discovered that curl incorrectly handled certain POST
operations after PUT operations. This issue could cause applications using
curl to send the wrong data, perform incorrect memory operations, or crash.
(CVE-2022-32221)
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: curl 7.47.0-1ubuntu2.19+esm6 libcurl3 7.47.0-1ubuntu2.19+esm6 libcurl3-gnutls 7.47.0-1ubuntu2.19+esm6 libcurl3-nss 7.47.0-1ubuntu2.19+esm6 Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm13 libcurl3 7.35.0-1ubuntu2.20+esm13 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm13 libcurl3-nss 7.35.0-1ubuntu2.20+esm13 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-5702-2
https://ubuntu.com/security/notices/USN-5702-1
CVE-2022-32221
Get the latest Linux and open source security news straight to your inbox.