==========================================================================
Ubuntu Security Notice USN-3765-1
September 17, 2018
curl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
curl could be made to run arbitrary code if it received a specially
crafted input.
Software Description:
– curl: HTTP, HTTPS, and FTP client and client libraries
Details:
It was discovered that curl incorrectly handled certain inputs.
An attacker could possibly use this to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
curl 7.58.0-2ubuntu3.3
libcurl3-gnutls 7.58.0-2ubuntu3.3
libcurl3-nss 7.58.0-2ubuntu3.3
libcurl4 7.58.0-2ubuntu3.3
Ubuntu 16.04 LTS:
curl 7.47.0-1ubuntu2.9
libcurl3 7.47.0-1ubuntu2.9
libcurl3-gnutls 7.47.0-1ubuntu2.9
libcurl3-nss 7.47.0-1ubuntu2.9
Ubuntu 14.04 LTS:
curl 7.35.0-1ubuntu2.17
libcurl3 7.35.0-1ubuntu2.17
libcurl3-gnutls 7.35.0-1ubuntu2.17
libcurl3-nss 7.35.0-1ubuntu2.17
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3765-1
CVE-2018-14618
Package Information:
https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.3
https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.9
https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.17—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJbn2K2AAoJEEW851uECx9pm8YP/jU7Bp4K5t1nSX6a4cke3gSt
i/G4VcueDSDAI2RRCyMry9e1qHUU96EfkcAiA0DqCW/AVZCd7KUTnXYhiCvyT+sH
k+ZyxXyLBdcW9bbahQOTuuAqRwxsuGJDnSASq/lYP4838rnF/KIp/U3u4IDkVDP4
NqFY1asDSsigdCPF4bfmxpirv5hmTV6dm21J5IbzsM451LP71XswaftHOmbnzuRS
q+Xvv9WL5L3fAxQRMU6hAszbI3IwdXdvsrCxpH6PutzKIw1PGntrLsUBK1I15a94
3nix8RmQ8WN5Xpqo+Z1vTYw8EtNvFFuZ0VwXQt16HQXp7CljMQENbvjvfq4b6TQ3
7qJ75qwyraBHwJA6u/E5qHeTUe1BXG3dEGWNEt0HE1ktZJ3KIY6wU1cwBmd/W5V9
cAQd6EjEyU5hZ1ICBaatcdWIZu6UKe+3u799NKtp4b+l1bwIVvYkkNNWw7zcVAAN
0m/j21O1xX/ErNUL+6XlKS0sRtviFWwBtfDeDZaCSbghvDt+BTUsfxYfa24yCmL5
nKJYb2VS0TJ2YGaprJ8EEGbLyBC1uPpeKi7KshVl2io7bhIaisOV7hHZv1NJ5SjY
h6ajOmA8MCuWYh1qoy/ZhkRzsLJIbVaiZVxkqr/cPy5xxmH4F1QH99Cn/iTxcqLU
8sUJAxhyUH7RJ93bEFZ2
=V8gL
—–END PGP SIGNATURE—–
—