Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 24.04 LTS USN-6718-3 Moderate: Curl Denial of Service Advisory

ubuntu
Calendar Grey April 29, 2024
Dist Ubuntu Esm H88
Stay informed about recent curl vulnerabilities impacting Ubuntu 24.04 LTS, crucial for upholding your system's security integrity.
Several security issues were fixed in curl.

Summary

Several security issues were fixed in curl.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-6718-1 fixed vulnerabilities in curl. This update provides the

corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Dan Fandrich discovered that curl would incorrectly use the default set of

protocols when a parameter option disabled all protocols without adding

any, contrary to expectations. This issue only affected Ubuntu 23.10.

(CVE-2024-2004)

It was discovered that curl incorrectly handled memory when limiting the

amount of headers when HTTP/2 server push is allowed. A remote attacker

could possibly use this issue to cause curl to consume resources, leading

to a denial of service. (CVE-2024-2398)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   curl                            8.5.0-2ubuntu10.1
   libcurl3t64-gnutls              8.5.0-2ubuntu10.1
   libcurl4t64                     8.5.0-2ubuntu10.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6718-3

https://ubuntu.com/security/notices/USN-6718-1

CVE-2024-2004, CVE-2024-2398

Ubuntu Security Notice USN-6718-3

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here