==========================================================Ubuntu Security Notice USN-818-1            August 17, 2009
curl vulnerability
CVE-2009-2417
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libcurl3                        7.15.1-1ubuntu3.2

Ubuntu 8.04 LTS:
  libcurl3                        7.18.0-1ubuntu2.2

Ubuntu 8.10:
  libcurl3                        7.18.2-1ubuntu4.4

Ubuntu 9.04:
  libcurl3                        7.18.2-8ubuntu4.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Scott Cantor discovered that Curl did not correctly handle SSL
certificates with zero bytes in the Common Name.  A remote attacker could
exploit this to perform a man in the middle attack to view sensitive
information or alter encrypted communications.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   187748 9cef8dbf7f2a9c355228deaac20a27f4
          Size/MD5:      984 261a5ac2f35387ee48ad18b835e97846
          Size/MD5:  1769992 63be206109486d4653c73823aa2b34fa

  Architecture independent packages:

          Size/MD5:    31328 41281c79f694feb8cbfacaf25eb153df

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   169654 ac85bb1cdf9870775fb5a7ff5d7b6fd3
          Size/MD5:   540812 7b7d80e47939c393274eec86ef23c2d2
          Size/MD5:   717434 50a7cde996ec8ecdce6fe0fcd4fc2f8f
          Size/MD5:   168050 9b1055e91a43f65295427873728989da
          Size/MD5:   724460 56fef69afd26f216f6aab48bf7ddedba
          Size/MD5:   173072 77cc75864d9f8b5ca56674ec9c118840

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   168512 25952687caff055210b4c1dc89750fdf
          Size/MD5:   506880 504bb3e7ac8ccf9eae7e590e6cb3bc7d
          Size/MD5:   700686 fd719a0cfb4d3d057402b96787eda0cb
          Size/MD5:   160584 48147a5cbf235cc6a09b15e4657dcc4c
          Size/MD5:   705452 51774ff7d139197d0eb66143e319336e
          Size/MD5:   165622 cea8ffdf1f4c528db82573558518da12

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   172166 d6475fcd7d24148a3b4997054559e418
          Size/MD5:   542378 af0693e188ce1e35fb0f1728319cb6c1
          Size/MD5:   723746 cb396f7f5d2f4a42bfb41776be342495
          Size/MD5:   170408 ddc5fb87dcfdb750efe399cdf6bf04c6
          Size/MD5:   729260 f58382dd191b975b009f8997ecbfc76d
          Size/MD5:   174944 1eba1bde0ee0e16bc8c46144c91e4b96

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   169338 6cf16fc63b54810c84fc93ae60b1e868
          Size/MD5:   511022 4263ad45b514990e6623553b9565046f
          Size/MD5:   710382 e92e6e4f160279e541fe646664566bf0
          Size/MD5:   163174 63d82440e5d099a69c613f9d7e6ba6b6
          Size/MD5:   715020 f2ad36c574503f551caebe262edd14cd
          Size/MD5:   167402 cf9563a9c0ba2c15943850c405ba1dc5

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:    24705 cc75c04368f4b92fe19b6a536665bd94
          Size/MD5:     1139 3f8def20609c6c3181f9946fc44cbd61
          Size/MD5:  2285430 76ff5a7fa2e00b25ded5302885d4c3e2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   197934 64adeebd2f9916278026b60318531f90
          Size/MD5:  1054438 1e3fe60d727037b1b52695579e617e7e
          Size/MD5:   202706 a5b8915a7bf63ad2dc27a350233373af
          Size/MD5:   209550 0cba5185277b5edfaa7adc82ee2100d5
          Size/MD5:   896402 4937d466d0a2c402ff7695ff6b4b4aaa
          Size/MD5:   904632 40c33a8ec9fe2e9fe55caac966cc7206

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   197152 bab44c5bd94eb83aca40a91591fd2157
          Size/MD5:  1039546 243e8bcfe24cbc2e14d6af54e73cae72
          Size/MD5:   198554 bc298972b098f59ecb136bc2da71363d
          Size/MD5:   205862 d8bb1c8199580cf4251ba4d205f59db1
          Size/MD5:   870434 886aa17a4fda1d0c453d8a2d2a91599b
          Size/MD5:   877486 4efc57376fa57cab33927e8446a8ec1a

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   197084 dec68df4221f5b90736006f03b635a4a
          Size/MD5:  1046730 92a43c3e3b2f1cd18844edd87c00e42b
          Size/MD5:   197546 153f4d1b075d976fc2e878a06de4bd79
          Size/MD5:   204158 ac1377c23401d9b4cb6dfd9972d2a8df
          Size/MD5:   870108 6d0cbb7f8401c72d5a067cbb1e8efad5
          Size/MD5:   876194 22754226f1718601e51ea6966408de8b

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   202002 ae3752f102a9b422c487f3aa5359af79
          Size/MD5:  1064164 8270a23009f5daaa521c7b8688e9a5d9
          Size/MD5:   211072 fcb6429452bd92b8678c3f56b215e5c1
          Size/MD5:   216070 8f3eea89ac4e2d0207b18dab7e6097e1
          Size/MD5:   895618 c629980a9380f29c598d63f8a718d3ba
          Size/MD5:   902688 483feb0286be0ab8a93c45cf090b16b4

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   197672 a38908e349fbbe88e0c261e283844ef0
          Size/MD5:  1027228 d61205d0a2ead76a0c9e2b20d87d7c1b
          Size/MD5:   196738 d9f95393b3dc81b859b27061d3ed644e
          Size/MD5:   202282 9ca290a3e829c62dc1a31a23027c82ed
          Size/MD5:   877298 352a39bc678a534222810e653068cbde
          Size/MD5:   883312 db4b4b829bf5783ee49039d06901b9bb

Updated packages for Ubuntu 8.10:

  Source archives:

          Size/MD5:    23819 8228bbbade06b0b11f174a9e2db98696
          Size/MD5:     1529 c2f4fe46d5d32f97ad4af25342206ee8
          Size/MD5:  2273077 4fe99398a64a34613c9db7bd61bf6e3c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   210474 833ee2390168841968256cee8667eeb3
          Size/MD5:  1124896 8709eb4d0a53adbbfdf1cb6afc7a0e58
          Size/MD5:   216292 972ef534a24d100dc0887b42eff45b80
          Size/MD5:   223384 aa119f46fa6ef937d7079e5692759dfd
          Size/MD5:   926278 18a9b0524c66491664c42856bccc7359
          Size/MD5:   933268 6daa671643309a9e8061fbce8dccfd62

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   209312 40366ed125ba3d187fa652d205c3c52e
          Size/MD5:  1092134 220ab1d2d9983b3bbac2e20b8fe207ca
          Size/MD5:   212750 00104535aa51bd9a5e610400af5b206c
          Size/MD5:   219670 3a7fc54302ab5e5593af39d02354af21
          Size/MD5:   899802 e983710dcd3e6a9c814baaf9a3fa99ff
          Size/MD5:   905572 2491ed6e167c14dabfa1d1f3b1549825

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   208934 f145eb8976c954f3c11684be53512dc6
          Size/MD5:  1099212 b0559af4a6c3cefc2f0f5c3c8a4e4060
          Size/MD5:   211012 f02df0d16eea9e8cd5a9a0c72eae5b81
          Size/MD5:   217534 91a223e5acd48b7c46725c9be7f50501
          Size/MD5:   898650 e322f28e4db34383ce8e1d6f8f2e6810
          Size/MD5:   903992 a54c3a65b1c6a09c533c72fc86f9da54

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   212682 f18d42995b660929ce31ccadb9b6839c
          Size/MD5:  1130472 4b84b445ac39ed9d31954a4839308bda
          Size/MD5:   223836 9b9fe098f71eba7ae6dc0a42dc6151bc
          Size/MD5:   229712 1f1830d5dfc835e245a92a30a0a99468
          Size/MD5:   925594 48cba1250e351268c899d5476bb4ef8b
          Size/MD5:   931912 47d13ef510652bd1a335546c942e6216

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   209730 2d7239fd03c50accf492749c02733dbe
          Size/MD5:  1072678 1c8235d54a585f0a1ec1396f0d4fac02
          Size/MD5:   209440 6d395bd82a9d440fe74ea76978d824f3
          Size/MD5:   214204 7ff87a442e9235a36990f40aa7df5326
          Size/MD5:   904970 413b9380297c9af86d796f5fc2d5f7bd
          Size/MD5:   910096 9fee11e2e7c029ee505e90f7faa04dbb

Updated packages for Ubuntu 9.04:

  Source archives:

          Size/MD5:    28815 fe81606225ab2f12d70a2f552c900b96
          Size/MD5:     1529 cd552ff9477e58e6f2333ec472aebbf7
          Size/MD5:  2273077 4fe99398a64a34613c9db7bd61bf6e3c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   211130 37f29ede2f16e710c4c4f69f44d0e879
          Size/MD5:  1126814 e4ec3b0b2fc78f3214bcb4935ee0974d
          Size/MD5:   217212 9c4d02c4141a4500dd8297a4855b4b8e
          Size/MD5:   224232 c44e62334835fa6929be5c879f5b8750
          Size/MD5:   926670 1ed5d66478759c335cb17c33f75b79c2
          Size/MD5:   933654 942e4bf1cf90cbc17bd9ee480ddc6cf0

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   210084 b15332ed2c52d724e80985be8a10eb64
          Size/MD5:  1093688 1ddac6429813af179747018d67a78212
          Size/MD5:   213560 e552612670cfa07548d5d10f5c2c1488
          Size/MD5:   220464 4e20f1f16573be5d2e53bee61ca7ac36
          Size/MD5:   900226 0dc702f8247d82cbbde53a2b5d903b48
          Size/MD5:   906030 3a73b76c3ab1c7edda9e06ed9038dae2

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   209736 b05ec84d4fda6eb96702cb4a5e0ea606
          Size/MD5:  1101244 650da5b1da9de64bf7ed821b0d700643
          Size/MD5:   211812 55a07cf87984135f9e5c67636114d1e3
          Size/MD5:   218266 97958204a8dd9d90ac58ace3041d8dda
          Size/MD5:   899096 67398c2654510c62d46eeebdc941ce07
          Size/MD5:   904442 0887ca1480d2dde905934cc91c28fd16

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   213408 17c588001eeef72668f1eeb0233d7383
          Size/MD5:  1132688 a4eb86f9a446d7a755d0ea3cd1df78c7
          Size/MD5:   225052 860f7a88411701ccb8657fedf7894508
          Size/MD5:   230884 09b48e657e65becda3d3b7bd5ecd4a3a
          Size/MD5:   926012 66bdaa02606271d354551ee85448b405
          Size/MD5:   932404 e6ef2c6a90da0ba814cd0a796365f833

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   210506 7447829aaf69ed702f6de99e728d332d
          Size/MD5:  1074906 adc8e71b78d7a5a12673e6166d66aaa0
          Size/MD5:   210200 32b0cc9f107dd78dfb743b646f96a419
          Size/MD5:   214934 c3518260f387852ec5101e587f902c7f
          Size/MD5:   905416 14d44d4b9b606d84dc435e230d5e1031
          Size/MD5:   910566 38c1d931f6e1107ba7e6e6d964d252f3

Ubuntu 818-1: curl vulnerability

August 17, 2009
Scott Cantor discovered that Curl did not correctly handle SSLcertificates with zero bytes in the Common Name

Summary

Update Instructions

References

Severity
curl vulnerability

Package Information

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved