USN-5702-2: curl vulnerability
26 October 2022
curl could crash if it received a specially crafted POST operations after PUT operations.
Releases
Packages
- curl - HTTP, HTTPS, and FTP client and client libraries
Details
USN-5702-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Robby Simpson discovered that curl incorrectly handled certain POST
operations after PUT operations. This issue could cause applications using
curl to send the wrong data, perform incorrect memory operations, or crash.
(CVE-2022-32221)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
libcurl3-gnutls
-
7.47.0-1ubuntu2.19+esm6
Available with Ubuntu Pro
-
libcurl3-nss
-
7.47.0-1ubuntu2.19+esm6
Available with Ubuntu Pro
-
libcurl3
-
7.47.0-1ubuntu2.19+esm6
Available with Ubuntu Pro
-
curl
-
7.47.0-1ubuntu2.19+esm6
Available with Ubuntu Pro
Ubuntu 14.04
-
libcurl3-gnutls
-
7.35.0-1ubuntu2.20+esm13
Available with Ubuntu Pro
-
libcurl3-nss
-
7.35.0-1ubuntu2.20+esm13
Available with Ubuntu Pro
-
libcurl3
-
7.35.0-1ubuntu2.20+esm13
Available with Ubuntu Pro
-
curl
-
7.35.0-1ubuntu2.20+esm13
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5702-1: libcurl3-nss, libcurl4-doc, libcurl4, curl, libcurl4-openssl-dev, libcurl4-nss-dev, libcurl4-gnutls-dev, libcurl3-gnutls
- USN-5823-1: mysql-testsuite-5.7, mysql-server-core-5.7, mysql-server-5.7, libmysqld-dev, libmysqlclient20, mysql-source-8.0, mysql-5.7, mysql-server-core-8.0, mysql-8.0, libmysqlclient21, mysql-server-8.0, mysql-client-core-5.7, mysql-client-core-8.0, libmysqlclient-dev, mysql-testsuite, mysql-client-8.0, mysql-client, mysql-server, mysql-testsuite-8.0, mysql-client-5.7, mysql-router, mysql-source-5.7