USN-1346-1: curl vulnerability
Ubuntu Security Notice USN-1346-1
24th January, 2012
curl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
Summary
curl could be tricked into injecting arbitrary data if it handled a malicious URL.
Software description
- curl - HTTP, HTTPS, and FTP client and client libraries
Details
Dan Fandrich discovered that curl incorrectly handled URLs containing
embedded or percent-encoded control characters. If a user or automated
system were tricked into processing a specially crafted URL, arbitrary
data could be injected.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 11.10:
- libcurl3-nss 7.21.6-3ubuntu3.2
- libcurl3-gnutls 7.21.6-3ubuntu3.2
- libcurl3 7.21.6-3ubuntu3.2
- Ubuntu 11.04:
- libcurl3-nss 7.21.3-1ubuntu1.5
- libcurl3-gnutls 7.21.3-1ubuntu1.5
- libcurl3 7.21.3-1ubuntu1.5
- Ubuntu 10.10:
- libcurl3-gnutls 7.21.0-1ubuntu1.3
- libcurl3 7.21.0-1ubuntu1.3
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.