[USN-1894-1] curl vulnerability

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jul 2 13:51:48 UTC 2013

Ubuntu Security Notice USN-1894-1
July 02, 2013

curl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS


libcurl could be made to crash or run programs as your login if it received
specially crafted input.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries


Timo Sirainen discovered that libcurl incorrectly handled memory when
parsing URL encoded strings. An attacker could possibly use this issue to
cause libcurl to crash, leading to a denial of service, or execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
  libcurl3                        7.29.0-1ubuntu3.1
  libcurl3-gnutls                 7.29.0-1ubuntu3.1
  libcurl3-nss                    7.29.0-1ubuntu3.1

Ubuntu 12.10:
  libcurl3                        7.27.0-1ubuntu1.3
  libcurl3-gnutls                 7.27.0-1ubuntu1.3
  libcurl3-nss                    7.27.0-1ubuntu1.3

Ubuntu 12.04 LTS:
  libcurl3                        7.22.0-3ubuntu4.2
  libcurl3-gnutls                 7.22.0-3ubuntu4.2
  libcurl3-nss                    7.22.0-3ubuntu4.2

Ubuntu 10.04 LTS:
  libcurl3                        7.19.7-1ubuntu1.3
  libcurl3-gnutls                 7.19.7-1ubuntu1.3

In general, a standard system update will make all the necessary changes.


Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20130702/bc09ff73/attachment.sig>

More information about the ubuntu-security-announce mailing list