Home / mailings

PDF

[USN-3262-1] curl vulnerability

Posted on 21 April 2017
Ubuntu Security

--===============7856902267640121050==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="Izn7cH1Com+I3R9J"
Content-Disposition: inline


--Izn7cH1Com+I3R9J
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-3262-1
April 20, 2017

curl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.04

Summary:

Applications using curl could allow unintended access over the network.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

It was discovered that curl incorrectly handled client certificates when
resuming a TLS session. A remote attacker could use this to hijack a
previously authenticated connection.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
curl 7.52.1-4ubuntu1.1
libcurl3 7.52.1-4ubuntu1.1
libcurl3-gnutls 7.52.1-4ubuntu1.1
libcurl3-nss 7.52.1-4ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3262-1
CVE-2017-7468

Package Information:
https://launchpad.net/ubuntu/+source/curl/7.52.1-4ubuntu1.1

 

TOP