Ubuntu Security Notice USN-6944-2
2024-8-21 20:49:6 Author: packetstormsecurity.com(查看原文) 阅读量:3 收藏

==========================================================================
Ubuntu Security Notice USN-6944-2
August 20, 2024

curl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

curl could be made to crash or expose information if it received specially
crafted network traffic.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-6944-1 fixed CVE-2024-7264 for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 24.04 LTS. This update provides the corresponding fix for
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.

Original advisory details:

Dov Murik discovered that curl incorrectly handled parsing ASN.1
Generalized Time fields. A remote attacker could use this issue to cause
curl to crash, resulting in a denial of service, or possibly obtain
sensitive memory contents.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
curl 7.58.0-2ubuntu3.24+esm5
Available with Ubuntu Pro
libcurl3-gnutls 7.58.0-2ubuntu3.24+esm5
Available with Ubuntu Pro
libcurl3-nss 7.58.0-2ubuntu3.24+esm5
Available with Ubuntu Pro
libcurl4 7.58.0-2ubuntu3.24+esm5
Available with Ubuntu Pro

Ubuntu 16.04 LTS
curl 7.47.0-1ubuntu2.19+esm13
Available with Ubuntu Pro
libcurl3 7.47.0-1ubuntu2.19+esm13
Available with Ubuntu Pro
libcurl3-gnutls 7.47.0-1ubuntu2.19+esm13
Available with Ubuntu Pro
libcurl3-nss 7.47.0-1ubuntu2.19+esm13
Available with Ubuntu Pro

Ubuntu 14.04 LTS
curl 7.35.0-1ubuntu2.20+esm18
Available with Ubuntu Pro
libcurl3 7.35.0-1ubuntu2.20+esm18
Available with Ubuntu Pro
libcurl3-gnutls 7.35.0-1ubuntu2.20+esm18
Available with Ubuntu Pro
libcurl3-nss 7.35.0-1ubuntu2.20+esm18
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6944-2
https://ubuntu.com/security/notices/USN-6944-1
CVE-2024-7264


文章来源: https://packetstormsecurity.com/files/180301/USN-6944-2.txt
如有侵权请联系:admin#unsafe.sh