USN-3123-1: curl vulnerabilities

3 November 2016

curl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in curl.

Software Description

  • curl - HTTP, HTTPS, and FTP client and client libraries

Details

It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. (CVE-2016-7141)

Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7167)

It was discovered that curl incorrectly handled storing cookies. A remote attacker could possibly use this issue to inject cookies for arbitrary domains in the cookie jar. (CVE-2016-8615)

It was discovered that curl incorrect handled case when comparing user names and passwords. A remote attacker with knowledge of a case-insensitive version of the correct password could possibly use this issue to cause a connection to be reused. (CVE-2016-8616)

It was discovered that curl incorrect handled memory when encoding to base64. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8617)

It was discovered that curl incorrect handled memory when preparing formatted output. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8618)

It was discovered that curl incorrect handled memory when performing Kerberos authentication. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8619)

Luật Nguyễn discovered that curl incorrectly handled parsing globs. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8620)

Luật Nguyễn discovered that curl incorrectly handled converting dates. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2016-8621)

It was discovered that curl incorrectly handled URL percent-encoding decoding. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8622)

It was discovered that curl incorrectly handled shared cookies. A remote server could possibly obtain incorrect cookies or other sensitive information. (CVE-2016-8623)

Fernando Muñoz discovered that curl incorrect parsed certain URLs. A remote attacker could possibly use this issue to trick curl into connecting to a different host. (CVE-2016-8624)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.10
libcurl3 - 7.50.1-1ubuntu1.1
libcurl3-gnutls - 7.50.1-1ubuntu1.1
libcurl3-nss - 7.50.1-1ubuntu1.1
Ubuntu 16.04 LTS
libcurl3 - 7.47.0-1ubuntu2.2
libcurl3-gnutls - 7.47.0-1ubuntu2.2
libcurl3-nss - 7.47.0-1ubuntu2.2
Ubuntu 14.04 LTS
libcurl3 - 7.35.0-1ubuntu2.10
libcurl3-gnutls - 7.35.0-1ubuntu2.10
libcurl3-nss - 7.35.0-1ubuntu2.10
Ubuntu 12.04 LTS
libcurl3 - 7.22.0-3ubuntu4.17
libcurl3-gnutls - 7.22.0-3ubuntu4.17
libcurl3-nss - 7.22.0-3ubuntu4.17

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References