==========================================================================
Ubuntu Security Notice USN-3554-1
January 31, 2018

curl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in curl.

Software Description:
– curl: HTTP, HTTPS, and FTP client and client libraries

Details:

It was discovered that curl incorrectly handled certain data. An
attacker could possibly use this to cause a denial of service or even
to get access to sensitive data. This issue only affected Ubuntu 16.04
LTS and Ubuntu 17.10.

It was discovered that curl could accidentally leak authentication
data. An attacker could possibly use this to get access to sensitive
information. (CVE-2018-1000007)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  curl                            7.55.1-1ubuntu2.3
  libcurl3                        7.55.1-1ubuntu2.3
  libcurl3-gnutls                 7.55.1-1ubuntu2.3
  libcurl3-nss                    7.55.1-1ubuntu2.3

Ubuntu 16.04 LTS:
  curl                            7.47.0-1ubuntu2.6
  libcurl3                        7.47.0-1ubuntu2.6
  libcurl3-gnutls                 7.47.0-1ubuntu2.6
  libcurl3-nss                    7.47.0-1ubuntu2.6

Ubuntu 14.04 LTS:
  curl                            7.35.0-1ubuntu2.14
  libcurl3                        7.35.0-1ubuntu2.14
  libcurl3-gnutls                 7.35.0-1ubuntu2.14
  libcurl3-nss                    7.35.0-1ubuntu2.14

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3554-1
  CVE-2018-1000005, CVE-2018-1000007

Package Information:
  https://launchpad.net/ubuntu/+source/curl/7.55.1-1ubuntu2.3
  https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.6
  https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.14
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJaclOYAAoJEEW851uECx9pIVgP/ji9NkLow8nZG0npFlqdLwYy
SIjVizRmb3seLSGTvq/y4s936y6hL9jUhAiOdQt9l0bgtWbd2KYX30nNZJLnHaGA
LjerJXTqDhbav7IM4DLmmUAlJEqNfYds2oPT6fVlHyQ9VNwuW6d+DOKsqJj6Zyem
W2tPycY+4IKvxZfum4VsoaWSd8HFJp7AsW+p3Lf3bdKp+/+T1fhMnSTrzdu+8zLx
Uy6ydcYMb96HoQkf/fI7Mu9myb2hUlRseMc7XxABQkb9u2928OfbE8TZ6lrUYrv1
T3JGGT8w5t9OywF8qrnIelasGZxwCgwsn39GzBSd5qNSscUPWCXZmy1yR/7jve8w
qAVKm5n1AmH8VI7YAXD8PEgU04+9m5YTX3ntjAPKLCydD9KHMllcknaT8lpGWgdV
KRcTzOUUk4Px2eRbd7GwddnFkQge/QpW30XmhMNDLngT/tU6Z5JVacqjSG03FRwS
MxpDYSV+eiUd5NS4J9rYpq6imVlw3qG4f7ia9KYcZLpHIwwSNLKPdWHpsB5iwznd
CqycNne1vy3lPzQp/tGQKEf15c14aWDZIqZCoQWLmeWJBWvsG5Bcg6tXT124XhUP
OHkW/mIclxG3OsF7gTy9CObM3cVjYXSnOwdALSwfRCNRqVDe4a4+amnnM37IrlsI
aHrEZILVzTLdY4aX2BCu
=GWuP
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-3554-2
February 01, 2018

curl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

curl could be made to expose sensitive information.

Software Description:
– curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-3554-1 fixed vulnerabilities in curl.  This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 It was discovered that curl could accidentally leak authentication
 data. An attacker could possibly use this to get access to sensitive
 information. (CVE-2018-1000007)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  curl                            7.22.0-3ubuntu4.20
  libcurl3                        7.22.0-3ubuntu4.20
  libcurl3-gnutls                 7.22.0-3ubuntu4.20
  libcurl3-nss                    7.22.0-3ubuntu4.20

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3554-2
  https://www.ubuntu.com/usn/usn-3554-1
  CVE-2018-1000007
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJaclsyAAoJEEW851uECx9pYV8P/3fpIClz9zTD7VBILECG1/w/
VJ0kPpqIi+gwyTRyp8pfxLbsauFq9NPOUAJFlbBGp9U9eullp/l3keMiD5gn4nk7
nSKXNH+XFfcOXW6CdB8bciQTj6hgvS1niH4Hca/QvW7p/IyB4ecEhpCvbKWuV12S
83Ng7Pc0p4a/7BjlUGtOWCUjN5p/SpLkayA+Gt/uwSNaoizOGt4aLUwkHrNDHEht
+LuNjT/Hm92BCfAMOl5e3AKd0SAWRQvnahVjMIsbjVTPTaTEJchHDnqb/Fc9Y9Q6
fABWcVNyOeapl4o0cw1oLdcCZmBgCaWAUabnBGNfRMGLv3TjB9U5JkE9zEB3K9uJ
tgFPOVQzmS8H0V0mL/c8SReXHOGdO+IwZEAtFNHuqYz92Q94t1gAl8llmXwUX8fh
GjE40vTwszgjE3TMbf7aU9DpHTJyGjtSDDCDkfLYg9r0nnOMsjm8hmWeFPZ2dB4m
IoFPc9hfwr7rH633YJRLce3GC5wHPCVKLw9lPHIxZ356C69d9fF6LXehfVOmklN9
2v1E9w4I1L2oZoWNM9S550/yc4AZGFLpwIFGmcVsnXr5Y3cke3mphqPuiRvb4mv1
7YV9Nntal5AlPZAd95nd4DNXTaIktkoKpqdGbXPRdIL27D1YDEPidduYkqpjq6IS
gHgPBSVplrCFqKUv7kxy
=5lu2
—–END PGP SIGNATURE—–
—