Home Feedly IFTTT USN-2097-1: curl vulnerability

USN-2097-1: curl vulnerability

By
Monday, February 03, 2014
Read
Add Comment

Ubuntu Security Notice USN-2097-1


3rd February, 2014


curl vulnerability


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 13.10

  • Ubuntu 12.10

  • Ubuntu 12.04 LTS

  • Ubuntu 10.04 LTS


Summary


libcurl could be made to expose sensitive information.


Software description



  • curl - HTTP, HTTPS, and FTP client and client libraries


Details


Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly

reused connections when NTLM authentication was being used. This could lead

to the use of unintended credentials, possibly exposing sensitive

information.


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 13.10:

libcurl3-nss 7.32.0-1ubuntu1.3

libcurl3-gnutls 7.32.0-1ubuntu1.3

libcurl3 7.32.0-1ubuntu1.3

Ubuntu 12.10:

libcurl3-nss 7.27.0-1ubuntu1.8

libcurl3-gnutls 7.27.0-1ubuntu1.8

libcurl3 7.27.0-1ubuntu1.8

Ubuntu 12.04 LTS:

libcurl3-nss 7.22.0-3ubuntu4.7

libcurl3-gnutls 7.22.0-3ubuntu4.7

libcurl3 7.22.0-3ubuntu4.7

Ubuntu 10.04 LTS:

libcurl3-gnutls 7.19.7-1ubuntu1.6

libcurl3 7.19.7-1ubuntu1.6


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


In general, a standard system update will make all the necessary changes.


References


CVE-2014-0015






via Ubuntu Security Notices http://bit.ly/1aXuhbM
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us