Ubuntu Security Notice USN-5021-1
July 22, 2021
curl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Harry Sintonen and Tomas Hoger discovered that curl incorrectly
handled
TELNET connections when the -t option was used on the command
line.
Uninitialized data possibly containing sensitive information could
be sent
to the remote server, contrary to expectations.
(CVE-2021-22898,
CVE-2021-22925)
Harry Sintonen discovered that curl incorrectly reused
connections in the
connection pool. This could result in curl reusing the wrong
connections.
(CVE-2021-22924)
Update instructions:
The problem can be corrected by updating your system to the
following
package versions:
Ubuntu 21.04:
curl 7.74.0-1ubuntu2.1
libcurl3-gnutls 7.74.0-1ubuntu2.1
libcurl3-nss 7.74.0-1ubuntu2.1
libcurl4 7.74.0-1ubuntu2.1
Ubuntu 20.04 LTS:
curl 7.68.0-1ubuntu2.6
libcurl3-gnutls 7.68.0-1ubuntu2.6
libcurl3-nss 7.68.0-1ubuntu2.6
libcurl4 7.68.0-1ubuntu2.6
Ubuntu 18.04 LTS:
curl 7.58.0-2ubuntu3.14
libcurl3-gnutls 7.58.0-2ubuntu3.14
libcurl3-nss 7.58.0-2ubuntu3.14
libcurl4 7.58.0-2ubuntu3.14
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5021-1
CVE-2021-22898, CVE-2021-22924, CVE-2021-22925
Package Information:
https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.1
https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.6
https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.14
Read more https://packetstormsecurity.com/files/163637/USN-5021-1.txt