Headline
Ubuntu Security Notice USN-6944-2
Ubuntu Security Notice 6944-2 - USN-6944-1 fixed CVE-2024-7264 for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Dov Murik discovered that curl incorrectly handled parsing ASN.1 Generalized Time fields. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents.
==========================================================================Ubuntu Security Notice USN-6944-2August 20, 2024curl vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTS- Ubuntu 14.04 LTSSummary:curl could be made to crash or expose information if it received speciallycrafted network traffic.Software Description:- curl: HTTP, HTTPS, and FTP client and client librariesDetails:USN-6944-1 fixed CVE-2024-7264 for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, andUbuntu 24.04 LTS. This update provides the corresponding fix forUbuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.Original advisory details:Dov Murik discovered that curl incorrectly handled parsing ASN.1Generalized Time fields. A remote attacker could use this issue to causecurl to crash, resulting in a denial of service, or possibly obtainsensitive memory contents.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTScurl 7.58.0-2ubuntu3.24+esm5Available with Ubuntu Prolibcurl3-gnutls 7.58.0-2ubuntu3.24+esm5Available with Ubuntu Prolibcurl3-nss 7.58.0-2ubuntu3.24+esm5Available with Ubuntu Prolibcurl4 7.58.0-2ubuntu3.24+esm5Available with Ubuntu ProUbuntu 16.04 LTScurl 7.47.0-1ubuntu2.19+esm13Available with Ubuntu Prolibcurl3 7.47.0-1ubuntu2.19+esm13Available with Ubuntu Prolibcurl3-gnutls 7.47.0-1ubuntu2.19+esm13Available with Ubuntu Prolibcurl3-nss 7.47.0-1ubuntu2.19+esm13Available with Ubuntu ProUbuntu 14.04 LTScurl 7.35.0-1ubuntu2.20+esm18Available with Ubuntu Prolibcurl3 7.35.0-1ubuntu2.20+esm18Available with Ubuntu Prolibcurl3-gnutls 7.35.0-1ubuntu2.20+esm18Available with Ubuntu Prolibcurl3-nss 7.35.0-1ubuntu2.20+esm18Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-6944-2https://ubuntu.com/security/notices/USN-6944-1CVE-2024-7264
Related news
Red Hat Security Advisory 2024-7726-03 - Red Hat OpenShift Service Mesh Containers for 2.6.2. Issues addressed include code execution and denial of service vulnerabilities.
Ubuntu Security Notice 6944-1 - Dov Murik discovered that curl incorrectly handled parsing ASN.1 Generalized Time fields. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents.