Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 615
Alerts This Week
Warning Icon 1 615

Ubuntu 22.04 LTS USN-6237-2: Curl Regression Correction Details

ubuntu
Calendar Grey July 19, 2023
Dist Ubuntu Esm H88
Ubuntu Security Advisory USN-6237-2 details a curl issue impacting Ubuntu 22.04, addressing critical vulnerabilities.
USN-6237-1 introduced a regression in curl.

Summary

USN-6237-1 introduced a regression in curl.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate

wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the

problem.

We apologize for the inconvenience.

Original advisory details:

Hiroki Kurosawa discovered that curl incorrectly handled validating certain

certificate wildcards. A remote attacker could possibly use this issue to

spoof certain website certificates using IDN hosts. (CVE-2023-28321)

Hiroki Kurosawa discovered that curl incorrectly handled callbacks when

certain options are set by applications. This could cause applications

using curl to misbehave, resulting in information disclosure, or a denial

of service. (CVE-2023-28322)

It was discovered that curl incorrectly handled saving cookies to files. A

local attacker could possibly use this issue to create o...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
   curl                            7.81.0-1ubuntu1.13
   libcurl3-gnutls                 7.81.0-1ubuntu1.13
   libcurl3-nss                    7.81.0-1ubuntu1.13
   libcurl4                        7.81.0-1ubuntu1.13

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6237-2

https://ubuntu.com/security/notices/USN-6237-1

https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2028170

Severity
important
Lowest
Low
Medium
High
Critical

July 19, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.