Ubuntu: USN-6641-1 Moderate: Curl Cookie Bypass Attacks
ubuntu
February 19, 2024
curl could be made to set cookies that would bypass PSL checks.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: curl could be made to set cookies that would bypass PSL checks. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): curl 7.58.0-2ubuntu3.24+esm3 libcurl3-gnutls 7.58.0-2ubuntu3.24+esm3 libcurl3-nss 7.58.0-2ubuntu3.24+esm3 libcurl4 7.58.0-2ubuntu3.24+esm3 Ubuntu 16.04 LTS (Available with Ubuntu Pro): curl 7.47.0-1ubuntu2.19+esm11 libcurl3 7.47.0-1ubuntu2.19+esm11 libcurl3-gnutls 7.47.0-1ubuntu2.19+esm11 libcurl3-nss 7.47.0-1ubuntu2.19+esm11 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6641-1
CVE-2023-46218
PREVIOUS
NEXT
Ubuntu Security Notice USN-6641-1
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!