Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Hiroki Kurosawa discovered that curl incorrectly handled validating certain
certificate wildcards. A remote attacker could possibly use this issue to
spoof certain website certificates using IDN hosts. (CVE-2023-28321)
Hiroki Kurosawa discovered that curl incorrectly handled callbacks when
certain options are set by applications. This could cause applications
using curl to misbehave, resulting in information disclosure, or a denial
of service. (CVE-2023-28322)
It was discovered that curl incorrectly handled saving cookies to files. A
local attacker could possibly use this issue to create or overwrite files.
This issue only affected Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-32001)
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: curl 7.88.1-8ubuntu2.1 libcurl3-gnutls 7.88.1-8ubuntu2.1 libcurl3-nss 7.88.1-8ubuntu2.1 libcurl4 7.88.1-8ubuntu2.1 Ubuntu 22.10: curl 7.85.0-1ubuntu0.6 libcurl3-gnutls 7.85.0-1ubuntu0.6 libcurl3-nss 7.85.0-1ubuntu0.6 libcurl4 7.85.0-1ubuntu0.6 Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.11 libcurl3-gnutls 7.81.0-1ubuntu1.11 libcurl3-nss 7.81.0-1ubuntu1.11 libcurl4 7.81.0-1ubuntu1.11 Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.19 libcurl3-gnutls 7.68.0-1ubuntu2.19 libcurl3-nss 7.68.0-1ubuntu2.19 libcurl4 7.68.0-1ubuntu2.19 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6237-1
CVE-2023-28321, CVE-2023-28322, CVE-2023-32001
Get the latest Linux and open source security news straight to your inbox.