Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 23.10 USN-6718-1: Multiple Issues Identified in Curl Library

ubuntu
Calendar Grey March 27, 2024
Dist Ubuntu Esm H88
Debian Security Advisory DSA-5232-1 highlights vulnerabilities in nginx and provides essential upgrade guidelines for administrators.
Several security issues were fixed in curl.

Summary

Several security issues were fixed in curl.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Dan Fandrich discovered that curl would incorrectly use the default set of

protocols when a parameter option disabled all protocols without adding

any, contrary to expectations. This issue only affected Ubuntu 23.10.

(CVE-2024-2004)

It was discovered that curl incorrectly handled memory when limiting the

amount of headers when HTTP/2 server push is allowed. A remote attacker

could possibly use this issue to cause curl to consume resources, leading

to a denial of service. (CVE-2024-2398)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   curl                            8.2.1-1ubuntu3.3
   libcurl3-gnutls                 8.2.1-1ubuntu3.3
   libcurl3-nss                    8.2.1-1ubuntu3.3
   libcurl4                        8.2.1-1ubuntu3.3

Ubuntu 22.04 LTS:
   curl                            7.81.0-1ubuntu1.16
   libcurl3-gnutls                 7.81.0-1ubuntu1.16
   libcurl3-nss                    7.81.0-1ubuntu1.16
   libcurl4                        7.81.0-1ubuntu1.16

Ubuntu 20.04 LTS:
   curl                            7.68.0-1ubuntu2.22
   libcurl3-gnutls                 7.68.0-1ubuntu2.22
   libcurl3-nss                    7.68.0-1ubuntu2.22
   libcurl4                        7.68.0-1ubuntu2.22

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6718-1

CVE-2024-2004, CVE-2024-2398

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6718-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here