USN-5702-2: curl vulnerability
=========================================================================
Ubuntu Security Notice USN-5702-2
October 26, 2022
curl vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
curl could crash if it received a specially crafted POST
operations after PUT operations.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
USN-5702-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Robby Simpson discovered that curl incorrectly handled certain POST
operations after PUT operations. This issue could cause applications using
curl to send the wrong data, perform incorrect memory operations, or crash.
(CVE-2022-32221)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
curl 7.47.0-1ubuntu2.19+esm6
libcurl3 7.47.0-1ubuntu2.19+esm6
libcurl3-gnutls 7.47.0-1ubuntu2.19+esm6
libcurl3-nss 7.47.0-1ubuntu2.19+esm6
Ubuntu 14.04 ESM:
curl 7.35.0-1ubuntu2.20+esm13
libcurl3 7.35.0-1ubuntu2.20+esm13
libcurl3-gnutls 7.35.0-1ubuntu2.20+esm13
libcurl3-nss 7.35.0-1ubuntu2.20+esm13
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5702-2
https://ubuntu.com/security/notices/USN-5702-1
CVE-2022-32221
A curl security update has been released for Ubuntu Linux 14.04 ESM and 16.04 ESM.