Home / mailings [USN-2097-1] curl vulnerability
Posted on 03 February 2014
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2097-1
February 03, 2014
curl vulnerability
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
libcurl could be made to expose sensitive information.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly
reused connections when NTLM authentication was being used. This could le=
ad
to the use of unintended credentials, possibly exposing sensitive
information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libcurl3 7.32.0-1ubuntu1.3
libcurl3-gnutls 7.32.0-1ubuntu1.3
libcurl3-nss 7.32.0-1ubuntu1.3
Ubuntu 12.10:
libcurl3 7.27.0-1ubuntu1.8
libcurl3-gnutls 7.27.0-1ubuntu1.8
libcurl3-nss 7.27.0-1ubuntu1.8
Ubuntu 12.04 LTS:
libcurl3 7.22.0-3ubuntu4.7
libcurl3-gnutls 7.22.0-3ubuntu4.7
libcurl3-nss 7.22.0-3ubuntu4.7
Ubuntu 10.04 LTS:
libcurl3 7.19.7-1ubuntu1.6
libcurl3-gnutls 7.19.7-1ubuntu1.6
In general, a standard system update will make all the necessary changes.=
References:
http://www.ubuntu.com/usn/usn-2097-1
CVE-2014-0015
Package Information:
https://launchpad.net/ubuntu/+source/curl/7.32.0-1ubuntu1.3
https://launchpad.net/ubuntu/+source/curl/7.27.0-1ubuntu1.8
https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.7
https://launchpad.net/ubuntu/+source/curl/7.19.7-1ubuntu1.6
