LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: curl regression Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-726-1 fixed a vulnerability in curl. Due to an incomplete fix, a regression was introduced in Ubuntu 8.10 that caused certain types of URLs to fail. This update fixes the problem. We apologize for the inconvenience.
===========================================================
Ubuntu Security Notice USN-726-2             March 04, 2009
curl regression
https://launchpad.net/bugs/337501
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  libcurl3                        7.18.2-1ubuntu4.3
  libcurl3-gnutls                 7.18.2-1ubuntu4.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-726-1 fixed a vulnerability in curl. Due to an incomplete fix, a regression
was introduced in Ubuntu 8.10 that caused certain types of URLs to fail. This
update fixes the problem. We apologize for the inconvenience.

Original advisory details:

 It was discovered that curl did not enforce any restrictions when following
 URL redirects. If a user or automated system were tricked into opening a URL to
 an untrusted server, an attacker could use redirects to gain access to abitrary
 files. This update changes curl behavior to prevent following "file" URLs after
 a redirect.


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3.diff.gz
      Size/MD5:    22444 f03a34d199a3dfe6862d4f93b6704e10
    http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3.dsc
      Size/MD5:     1491 906af0232a5e1c0a02e921eb508eff57
    http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2.orig.tar.gz
      Size/MD5:  2273077 4fe99398a64a34613c9db7bd61bf6e3c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_amd64.deb
      Size/MD5:   210392 605f35f7ab21dc4ed16205f73f5ce335
    http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_amd64.deb
      Size/MD5:  1124818 52b6531b8d0ba56e47844b90faaa7d88
    http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_amd64.deb
      Size/MD5:   216220 700b648d0e4b4346da9dd4ba9421962f
    http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_amd64.deb
      Size/MD5:   223312 58580fc77cdd1a93439ee92875aee1fc
    http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_amd64.deb
      Size/MD5:   926208 16822154e80a941fd4305169d7979379
    http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_amd64.deb
      Size/MD5:   933192 ae5cc0e338e4f2d9f43ceac6c92303f0

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_i386.deb
      Size/MD5:   209182 e34d8187746e820d6328fdc4540e7e73
    http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_i386.deb
      Size/MD5:  1092044 3d9e9bf04f0dd77c09ff967ce0822011
    http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_i386.deb
      Size/MD5:   212674 bdad3624169c184cdee7153dfdc61a16
    http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_i386.deb
      Size/MD5:   219586 e9b3008f8cb5047b326b4d3f1f6e0323
    http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_i386.deb
      Size/MD5:   899702 6dd63d112bdc8055636b2c8edfdd24a2
    http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_i386.deb
      Size/MD5:   905420 ff0b8f23fd90555ffe215698ac644cdf

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_lpia.deb
      Size/MD5:   208850 1c452ad9122b12518bf1b5c8b3996c3b
    http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_lpia.deb
      Size/MD5:  1099132 7735bb7e7c240be1a5f9ee749a67eb6e
    http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_lpia.deb
      Size/MD5:   210934 5f3eea9bf9eece8f91200332c6f41b6a
    http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_lpia.deb
      Size/MD5:   217456 eebef9ad6914c70cb38b0fa08875233c
    http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_lpia.deb
      Size/MD5:   898570 21805c5b24e9477670aad07d167d56ab
    http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_lpia.deb
      Size/MD5:   903918 90628d272b4301c968ef5cf446c778fe

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_powerpc.deb
      Size/MD5:   212598 4003e25fccb2f67b75f451e60d7e9362
    http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_powerpc.deb
      Size/MD5:  1130394 f755328b6c0df8b6963ea39255594cfb
    http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_powerpc.deb
      Size/MD5:   223766 b72e7008472791b08bba97fc57857f1b
    http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_powerpc.deb
      Size/MD5:   229632 d891ef64864441ba7f2496c29b57d49a
    http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_powerpc.deb
      Size/MD5:   925530 35c2284ab719cb773592ea4bc8679af6
    http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_powerpc.deb
      Size/MD5:   931828 f29cf3a604d660801e1b011fa409af90

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubuntu4.3_sparc.deb
      Size/MD5:   209654 b25b0908a500fb1c6ba5e9af876249ac
    http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.18.2-1ubuntu4.3_sparc.deb
      Size/MD5:  1072608 7c3c67a9fcd09e1807a22d6ba110790e
    http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_7.18.2-1ubuntu4.3_sparc.deb
      Size/MD5:   209368 cb36362b891401548905671dee5057db
    http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-1ubuntu4.3_sparc.deb
      Size/MD5:   214076 49e05a9531109bcc7cbbce75adb29681
    http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-dev_7.18.2-1ubuntu4.3_sparc.deb
      Size/MD5:   904932 56300cb1c407a1b90d23b72a22df0b56
    http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl-dev_7.18.2-1ubuntu4.3_sparc.deb
      Size/MD5:   909964 92dc9ddcf638da3dcac80c7f90373b10



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
The Difference Between Wi-Fi Security Protocols: WPA2-AES vs WPA2-TKIP
Segmenting for security: Five steps to protect your network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.