Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 22.04: USN-6429-3 Critical Curl Fixes for Code Execution

ubuntu
Calendar Grey October 17, 2023
Dist Ubuntu Esm H88
Important patches for curl security flaws impacting Ubuntu 22.04 and 23.04. Discover additional details regarding these vulnerabilities.
Several security issues were fixed in curl.

Summary

Several security issues were fixed in curl.

Software Description:

Details:

USN-6429-1 fixed vulnerabilities in curl. This update provides the

corresponding updates for Ubuntu 23.10.

Original advisory details:

Jay Satiro discovered that curl incorrectly handled hostnames when using a

SOCKS5 proxy. In environments where curl is configured to use a SOCKS5

proxy, a remote attacker could possibly use this issue to execute arbitrary

code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.

(CVE-2023-38545)

It was discovered that curl incorrectly handled cookies when an application

duplicated certain handles. A local attacker could possibly create a cookie

file and inject arbitrary cookies into subsequent connections.

(CVE-2023-38546)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6429-3

https://ubuntu.com/security/notices/USN-6429-1

CVE-2023-38545, CVE-2023-38546

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6429-3

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here