You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa curl

Sigurnosni nedostatak programskog paketa curl

by - 0

==========================================================================
Ubuntu Security Notice USN-3765-1
September 17, 2018

curl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

curl could be made to run arbitrary code if it received a specially
crafted input.

Software Description:
– curl: HTTP, HTTPS, and FTP client and client libraries

Details:

It was discovered that curl incorrectly handled certain inputs.
An attacker could possibly use this to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  curl                            7.58.0-2ubuntu3.3
  libcurl3-gnutls                 7.58.0-2ubuntu3.3
  libcurl3-nss                    7.58.0-2ubuntu3.3
  libcurl4                        7.58.0-2ubuntu3.3

Ubuntu 16.04 LTS:
  curl                            7.47.0-1ubuntu2.9
  libcurl3                        7.47.0-1ubuntu2.9
  libcurl3-gnutls                 7.47.0-1ubuntu2.9
  libcurl3-nss                    7.47.0-1ubuntu2.9

Ubuntu 14.04 LTS:
  curl                            7.35.0-1ubuntu2.17
  libcurl3                        7.35.0-1ubuntu2.17
  libcurl3-gnutls                 7.35.0-1ubuntu2.17
  libcurl3-nss                    7.35.0-1ubuntu2.17

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3765-1
  CVE-2018-14618

Package Information:
  https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.3
  https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.9
  https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.17—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbn2K2AAoJEEW851uECx9pm8YP/jU7Bp4K5t1nSX6a4cke3gSt
i/G4VcueDSDAI2RRCyMry9e1qHUU96EfkcAiA0DqCW/AVZCd7KUTnXYhiCvyT+sH
k+ZyxXyLBdcW9bbahQOTuuAqRwxsuGJDnSASq/lYP4838rnF/KIp/U3u4IDkVDP4
NqFY1asDSsigdCPF4bfmxpirv5hmTV6dm21J5IbzsM451LP71XswaftHOmbnzuRS
q+Xvv9WL5L3fAxQRMU6hAszbI3IwdXdvsrCxpH6PutzKIw1PGntrLsUBK1I15a94
3nix8RmQ8WN5Xpqo+Z1vTYw8EtNvFFuZ0VwXQt16HQXp7CljMQENbvjvfq4b6TQ3
7qJ75qwyraBHwJA6u/E5qHeTUe1BXG3dEGWNEt0HE1ktZJ3KIY6wU1cwBmd/W5V9
cAQd6EjEyU5hZ1ICBaatcdWIZu6UKe+3u799NKtp4b+l1bwIVvYkkNNWw7zcVAAN
0m/j21O1xX/ErNUL+6XlKS0sRtviFWwBtfDeDZaCSbghvDt+BTUsfxYfa24yCmL5
nKJYb2VS0TJ2YGaprJ8EEGbLyBC1uPpeKi7KshVl2io7bhIaisOV7hHZv1NJ5SjY
h6ajOmA8MCuWYh1qoy/ZhkRzsLJIbVaiZVxkqr/cPy5xxmH4F1QH99Cn/iTxcqLU
8sUJAxhyUH7RJ93bEFZ2
=V8gL
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa ghostscript

Otkriven je sigurnosni nedostatak u programskom paketu ghostscript za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close