Ubuntu Security Notice USN-6718-3

==========================================================================Ubuntu Security Notice USN-6718-3April 29, 2024curl vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Several security issues were fixed in curl.Software Description:- curl: HTTP, HTTPS, and FTP client and client librariesDetails:USN-6718-1 fixed vulnerabilities in curl. This update provides thecorresponding updates for Ubuntu 24.04 LTS.Original advisory details:  Dan Fandrich discovered that curl would incorrectly use the default set of  protocols when a parameter option disabled all protocols without adding  any, contrary to expectations. This issue only affected Ubuntu 23.10.  (CVE-2024-2004)   It was discovered that curl incorrectly handled memory when limiting the  amount of headers when HTTP/2 server push is allowed. A remote attacker  could possibly use this issue to cause curl to consume resources, leading  to a denial of service. (CVE-2024-2398)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   curl                            8.5.0-2ubuntu10.1   libcurl3t64-gnutls              8.5.0-2ubuntu10.1   libcurl4t64                     8.5.0-2ubuntu10.1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6718-3   https://ubuntu.com/security/notices/USN-6718-1   CVE-2024-2004, CVE-2024-2398Package Information:   https://launchpad.net/ubuntu/+source/curl/8.5.0-2ubuntu10.1