Ubuntu: 1894-1: curl vulnerability
Posted by Benjamin D. Thomas   
Ubuntu libcurl could be made to crash or run programs as your login if it receivedspecially crafted input.
Ubuntu Security Notice USN-1894-1
July 02, 2013

curl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS


libcurl could be made to crash or run programs as your login if it received
specially crafted input.

Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries


Timo Sirainen discovered that libcurl incorrectly handled memory when
parsing URL encoded strings. An attacker could possibly use this issue to
cause libcurl to crash, leading to a denial of service, or execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
  libcurl3                        7.29.0-1ubuntu3.1
  libcurl3-gnutls                 7.29.0-1ubuntu3.1
  libcurl3-nss                    7.29.0-1ubuntu3.1

Ubuntu 12.10:
  libcurl3                        7.27.0-1ubuntu1.3
  libcurl3-gnutls                 7.27.0-1ubuntu1.3
  libcurl3-nss                    7.27.0-1ubuntu1.3

Ubuntu 12.04 LTS:
  libcurl3                        7.22.0-3ubuntu4.2
  libcurl3-gnutls                 7.22.0-3ubuntu4.2
  libcurl3-nss                    7.22.0-3ubuntu4.2

Ubuntu 10.04 LTS:
  libcurl3                        7.19.7-1ubuntu1.3
  libcurl3-gnutls                 7.19.7-1ubuntu1.3

In general, a standard system update will make all the necessary changes.


Package Information: