-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmVwibUACgkQZWnYVadE
vpMAwA/+LYcHPncVgWksLN4nb/HZkGmPg/498CvKN/OaGUCumKiQhLTvbjVGOhOB
m2LAxpAwZ5OEATFfkfINLbezXdA2ooXkhpxOj6PVwBCnBYWMc7QvXqAo0/R1x+Fy
lbuuGaXfWAO/f7bxmKotZFm9qepKfnEdxG2FirEDEscmSbuW5fZ/Hb3zKt6KZtlZ
LEbEbghD7EzDJQzhOTfvjf5b7nErecPWv+m4hu/iqQ5gBxZ8qog0KXINZTaZ4z7+
yKJS079OF91qP4o4wcdNkUF0flxSprU/9dxNU9uEp84qnK5IlazLKsRhBEg5EUm9
IIh/yxnvls4h7T9021ci0aE/L9A871efaSw7y+mK2rA+s4FPcr6VFQNeQvCO8BZF
pQ/Y2eKvj6+NJoJO8HlgZzrF+t4jUofsFnVbpWHiSyi/eo9J+OmzCiV/jKdlAyi4
/CO0YcBP8uma/cCPM8mgwM5Pr0UVafPF1V9aCQ0lRFW6JI2NOPNjn2f/i/ceBsLc
xU2sKf6xQpOlNwXLbT19dDgO7g7otU6hsDV5TkohuHKTSSDAnZ3EV6FETMXrge/+
5DPHzeZPOHwtfcYajVIrjBeXSyO0kayFWttmfSgotefrG/VPNY6LMg436aV5oYzd
UHWTnuZsnS3xqk211dy2047QWJBeYkcO1sqcTk4Mmi5NTJqHTyI=
=A4RI
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6535-1
December 06, 2023
curl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Harry Sintonen discovered that curl incorrectly handled mixed case cookie
domains. A remote attacker could possibly use this issue to set cookies
that get sent to different and unrelated sites and domains.
(CVE-2023-46218)
Maksymilian Arciemowicz discovered that curl incorrectly handled long file
names when saving HSTS data. This could result in curl losing HSTS data,
and subsequent requests to a site would be done without it, contrary to
expectations. This issue only affected Ubuntu 23.04 and Ubuntu 23.10.
(CVE-2023-46219)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
curl 8.2.1-1ubuntu3.2
libcurl3-gnutls 8.2.1-1ubuntu3.2
libcurl3-nss 8.2.1-1ubuntu3.2
libcurl4 8.2.1-1ubuntu3.2
Ubuntu 23.04:
curl 7.88.1-8ubuntu2.4
libcurl3-gnutls 7.88.1-8ubuntu2.4
libcurl3-nss 7.88.1-8ubuntu2.4
libcurl4 7.88.1-8ubuntu2.4
Ubuntu 22.04 LTS:
curl 7.81.0-1ubuntu1.15
libcurl3-gnutls 7.81.0-1ubuntu1.15
libcurl3-nss 7.81.0-1ubuntu1.15
libcurl4 7.81.0-1ubuntu1.15
Ubuntu 20.04 LTS:
curl 7.68.0-1ubuntu2.21
libcurl3-gnutls 7.68.0-1ubuntu2.21
libcurl3-nss 7.68.0-1ubuntu2.21
libcurl4 7.68.0-1ubuntu2.21
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6535-1
CVE-2023-46218, CVE-2023-46219
Package Information:
https://launchpad.net/ubuntu/+source/curl/8.2.1-1ubuntu3.2
https://launchpad.net/ubuntu/+source/curl/7.88.1-8ubuntu2.4
https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.15
https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.21
No comments:
Post a Comment