You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa curl

Sigurnosni nedostatak programskog paketa curl

  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2097-1
February 03, 2014

curl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

libcurl could be made to expose sensitive information.

Software Description:
– curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly
reused connections when NTLM authentication was being used. This could lead
to the use of unintended credentials, possibly exposing sensitive
information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libcurl3 7.32.0-1ubuntu1.3
libcurl3-gnutls 7.32.0-1ubuntu1.3
libcurl3-nss 7.32.0-1ubuntu1.3

Ubuntu 12.10:
libcurl3 7.27.0-1ubuntu1.8
libcurl3-gnutls 7.27.0-1ubuntu1.8
libcurl3-nss 7.27.0-1ubuntu1.8

Ubuntu 12.04 LTS:
libcurl3 7.22.0-3ubuntu4.7
libcurl3-gnutls 7.22.0-3ubuntu4.7
libcurl3-nss 7.22.0-3ubuntu4.7

Ubuntu 10.04 LTS:
libcurl3 7.19.7-1ubuntu1.6
libcurl3-gnutls 7.19.7-1ubuntu1.6

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2097-1
CVE-2014-0015

Package Information:
https://launchpad.net/ubuntu/+source/curl/7.32.0-1ubuntu1.3
https://launchpad.net/ubuntu/+source/curl/7.27.0-1ubuntu1.8
https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.7
https://launchpad.net/ubuntu/+source/curl/7.19.7-1ubuntu1.6

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJS8BbVAAoJEGVp2FWnRL6Td2YQAKrhQEeOMouzhgZhjk/PEBCU
ieOR5u0hLd2ToHT1YN6OtTndH8oPaiA8MDBSfGJpYWPSWCpQYRngep4lrR6z/ztm
CeDlZybS/SNTps7HAXuOS7H++EHvcT+V/fHSyuP/Y8nS8DbcAA7SpltPE+O2i5to
AC9UI7l70RZVp+IsRMi3N5W4hDuLD4A0dX8pbnzlUJZm+p+UDOlEpOONGirUu/Et
1j4v0ylur/bWK0sjeCOJdPldVNfU7cO5CEfDc5UoPqqSC8vdN5s4ay+jvcvuXMuH
EnUKw7G7LvolAQD+lcYkNVfIJ1pT4rQp/ErQP+2MDg89CwE79mowA0Uh8RXluOcV
dazZ7cygk2Bm5lJOsU5aCTlI4WPo1QG6sGUoccKIBglSWPz3WhopqdfwxEx0/yt7
mTvLovqQ0g7ttPPkuuzEUQbj6610tL8yglskgbQWIcxj/Vv+N8rwj0tm/i7HwGc7
4BZQpmVFsL9XgJs5dOPd4oS/yXyAwHVuU2bGo7zzUfGr1oLPzAqQoky3o/gyvVfj
Rgu/eYbkNIx5RBSLyELAH7TlVLx5YVPII+YIEwXIYx/0q2abxTMJwnFcYe1J6Pux
MHLEBCvMVHP1ccMg9mYyMblH6YHLlT2MDh4BQtGVNhhccX7d8NmmRkf0OGmB5Zk2
5f4Q28Blc4VE8InvobMG
=J942
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2014-02-0010-ADV
CveCVE-2014-0015
ID izvornikaUSN-2097-1
Proizvodcurl
Izvorhttp://www.ubuntu.com
Top
More in Preporuke
Ranjivost programskog paketa librsvg2

Otkrivena je ranjivost u načinu kojim je librsvg2 obrađivao SVG datoteke. Udaljeni je napadač provođenjem XML External Entity napada potencijalno...

Close