Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6944-1

Ubuntu Security Notice 6944-1 - Dov Murik discovered that curl incorrectly handled parsing ASN.1 Generalized Time fields. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents.

Packet Storm
#vulnerability#ubuntu#dos#ssl
==========================================================================Ubuntu Security Notice USN-6944-1August 05, 2024curl vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:curl could be made to crash or expose information if it received speciallycrafted network traffic.Software Description:- curl: HTTP, HTTPS, and FTP client and client librariesDetails:Dov Murik discovered that curl incorrectly handled parsing ASN.1Generalized Time fields. A remote attacker could use this issue to causecurl to crash, resulting in a denial of service, or possibly obtainsensitive memory contents.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   curl                            8.5.0-2ubuntu10.2   libcurl3t64-gnutls              8.5.0-2ubuntu10.2   libcurl4t64                     8.5.0-2ubuntu10.2Ubuntu 22.04 LTS   curl                            7.81.0-1ubuntu1.17   libcurl3-gnutls                 7.81.0-1ubuntu1.17   libcurl3-nss                    7.81.0-1ubuntu1.17   libcurl4                        7.81.0-1ubuntu1.17Ubuntu 20.04 LTS   curl                            7.68.0-1ubuntu2.23   libcurl3-gnutls                 7.68.0-1ubuntu2.23   libcurl3-nss                    7.68.0-1ubuntu2.23   libcurl4                        7.68.0-1ubuntu2.23In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6944-1   CVE-2024-7264Package Information:   https://launchpad.net/ubuntu/+source/curl/8.5.0-2ubuntu10.2   https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.17   https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.23

Related news

Red Hat Security Advisory 2024-7726-03

Red Hat Security Advisory 2024-7726-03 - Red Hat OpenShift Service Mesh Containers for 2.6.2. Issues addressed include code execution and denial of service vulnerabilities.

Ubuntu Security Notice USN-6944-2

Ubuntu Security Notice 6944-2 - USN-6944-1 fixed CVE-2024-7264 for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Dov Murik discovered that curl incorrectly handled parsing ASN.1 Generalized Time fields. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution