=========================================================== Ubuntu Security Notice USN-205-1 October 14, 2005 curl, wget vulnerabilities CAN-2005-3185 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libcurl2 libcurl3 wget The problem can be corrected by upgrading the affected package to the following versions: Ubuntu 4.10: libcurl2 7.12.0.is.7.11.2-1ubuntu0.2 Ubuntu 5.04: libcurl2 1:7.11.2-12ubuntu3.2 libcurl3 7.12.3-2ubuntu3.2 Ubuntu 5.10: libcurl3 7.14.0-2ubuntu1.1 wget 1.10-2ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. However, if you have the Apache web server installed, you need to restart it with sudo /etc/init.d/apache2 restart to make sure that Apache uses the updated Curl library. Details follow: A buffer overflow has been found in the NTLM authentication handler of the Curl library and wget. By tricking an user or automatic system that uses the Curl library, the curl application, or wget into visiting a specially-crafted web site, a remote attacker could exploit this to execute arbitrary code with the privileges of the calling user. The Ubuntu 4.10 and 5.04 versions of wget are not affected by this. Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.2.diff.gz Size/MD5: 160693 33fd9275c2cb8eb2d1c64907418f17c1 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.2.dsc Size/MD5: 707 eb53d05be8edddff7682d01524d6fffd http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2.orig.tar.gz Size/MD5: 1435629 25e6617ea7dec34d072426942b77801f amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.2_amd64.deb Size/MD5: 108704 23aad1ad58b9a51f82c50abb83497317 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dbg_7.12.0.is.7.11.2-1ubuntu0.2_amd64.deb Size/MD5: 1043840 b2acaba139ef78225314f3ef2175bc69 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dev_7.12.0.is.7.11.2-1ubuntu0.2_amd64.deb Size/MD5: 568238 5095e501e5fc65f75ddf055d751d5f69 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-gssapi_7.12.0.is.7.11.2-1ubuntu0.2_amd64.deb Size/MD5: 112040 bfc514504ff0898ef87749e138a36f1f http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2_7.12.0.is.7.11.2-1ubuntu0.2_amd64.deb Size/MD5: 224744 f58e0e9c9c16233579c6a7155a1d585e i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.2_i386.deb Size/MD5: 107882 9764d045f57bd73949f8e04e6e9bee4e http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dbg_7.12.0.is.7.11.2-1ubuntu0.2_i386.deb Size/MD5: 1029158 b9b7e352e2caa013b779ee2b2d567cc9 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dev_7.12.0.is.7.11.2-1ubuntu0.2_i386.deb Size/MD5: 556734 ad2e921671e7b8d101110f85f21e9657 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-gssapi_7.12.0.is.7.11.2-1ubuntu0.2_i386.deb Size/MD5: 110044 8ea041119444cff6e1bae8feaa473d4a http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2_7.12.0.is.7.11.2-1ubuntu0.2_i386.deb Size/MD5: 222982 adbb21cdc1a69f4ffd055e06064c747c powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.2_powerpc.deb Size/MD5: 110204 6e3c5a2dd81fabe800a140211948d896 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dbg_7.12.0.is.7.11.2-1ubuntu0.2_powerpc.deb Size/MD5: 1052982 269cea1705aafc866068d103b577a915 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dev_7.12.0.is.7.11.2-1ubuntu0.2_powerpc.deb Size/MD5: 573634 3d2426cdc56331107781c30e15c61458 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-gssapi_7.12.0.is.7.11.2-1ubuntu0.2_powerpc.deb Size/MD5: 116446 b2489d686aa3117ee3c148ded72ae91d http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2_7.12.0.is.7.11.2-1ubuntu0.2_powerpc.deb Size/MD5: 229588 f9d604f7f30225b76ae46700c8c8b7df Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.3-2ubuntu3.1.diff.gz Size/MD5: 1261546 be3df128a235f59670e92685004ccdb1 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.3-2ubuntu3.1.dsc Size/MD5: 832 bc7457a3aa27c5d889c09847f0b62974 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.3-2ubuntu3.2.diff.gz Size/MD5: 1261590 5188b612f9a5c7d5e280fccb12d8ac02 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.3-2ubuntu3.2.dsc Size/MD5: 832 264904c761e21e7c4d2f72fd8cdc8ccd http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.3.orig.tar.gz Size/MD5: 2135477 653d1227c58ca870f95c488db62033f8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.3-2ubuntu3.2_amd64.deb Size/MD5: 166298 d060a434dfb10c3a169c253e4ba56461 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-dev_7.11.2-12ubuntu3.2_amd64.deb Size/MD5: 341376 c409235fdfe2c2245510b38a77bf794d http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2_7.11.2-12ubuntu3.2_amd64.deb Size/MD5: 225678 f14b801c68990e1f23296decbf34f33d http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.12.3-2ubuntu3.2_amd64.deb Size/MD5: 991662 1538f3addaa9e6375d29c3bfd780fc20 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.12.3-2ubuntu3.2_amd64.deb Size/MD5: 1217422 a5e692fba45c2df0a9654d266ca79bc4 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl3-gssapi_7.12.3-2ubuntu3.2_amd64.deb Size/MD5: 137874 05a9449b5044393392ec323f3e1e6d70 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.12.3-2ubuntu3.2_amd64.deb Size/MD5: 254250 50daddd8be0ac62f185fa61e54b0f7b7 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.3-2ubuntu3.2_i386.deb Size/MD5: 165432 9cc856bcb3a2ffd36aedef324705a484 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-dev_7.11.2-12ubuntu3.2_i386.deb Size/MD5: 328024 d93bc4d2d92499e2283b794c928eef1e http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2_7.11.2-12ubuntu3.2_i386.deb Size/MD5: 223856 17eae5634df05924a22aef0c142f7891 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.12.3-2ubuntu3.2_i386.deb Size/MD5: 989598 e9407dffd07dd2b51376c3d41df45e5f http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.12.3-2ubuntu3.2_i386.deb Size/MD5: 1202722 62c665c0888bb506e8d74f76d8968414 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl3-gssapi_7.12.3-2ubuntu3.2_i386.deb Size/MD5: 134946 347cd59c616b389217d571e877a88e71 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.12.3-2ubuntu3.2_i386.deb Size/MD5: 251718 1726eda9f084d12bf0b9d07df889f30a powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.3-2ubuntu3.2_powerpc.deb Size/MD5: 168816 ba7348387bdfe8b9c2db4d5cba3ec2c2 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-dev_7.11.2-12ubuntu3.2_powerpc.deb Size/MD5: 346022 3e962937da92dc998546ebf58a3c30a1 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2_7.11.2-12ubuntu3.2_powerpc.deb Size/MD5: 230506 3a34d094f0b0fd8d3014e36044ab7322 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.12.3-2ubuntu3.2_powerpc.deb Size/MD5: 1601262 8091c58cf6f26bd5974e4a1159d0330e http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.12.3-2ubuntu3.2_powerpc.deb Size/MD5: 1223446 f1ee786efe6884f52f7ae15b8080faa3 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl3-gssapi_7.12.3-2ubuntu3.2_powerpc.deb Size/MD5: 142712 f75b25faffb8b55e79d87edb5090bc7a http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.12.3-2ubuntu3.2_powerpc.deb Size/MD5: 258902 d0f5ba7c2d5f5fa1ef71da7d0aad5f9d Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0-2ubuntu1.1.diff.gz Size/MD5: 171935 bd696832115631be3437931979a7bc81 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0-2ubuntu1.1.dsc Size/MD5: 807 cd41419746b702761af634927f80f96d http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0.orig.tar.gz Size/MD5: 2236640 3466045eab2170a393807a9eace17c55 http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10-2ubuntu0.1.diff.gz Size/MD5: 15110 a5041bc3e727c24a069450829bf864a6 http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10-2ubuntu0.1.dsc Size/MD5: 608 894aceffb35b5901212a885d2adf2e4e http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10.orig.tar.gz Size/MD5: 1593119 caddc199d2cb31969e32b19fd365b0c5 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0-2ubuntu1.1_amd64.deb Size/MD5: 153862 7e3cc87e3cdcef650371f8ebf90cddef http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.14.0-2ubuntu1.1_amd64.deb Size/MD5: 454946 76c891a1c9bb12f60b6b6bd577a4d219 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.14.0-2ubuntu1.1_amd64.deb Size/MD5: 1253682 b13d381410dd3a8896115757d57c3787 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl3-gssapi_7.14.0-2ubuntu1.1_amd64.deb Size/MD5: 125936 0439521d95ae8f0d1b1cf6b90d10b19e http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.14.0-2ubuntu1.1_amd64.deb Size/MD5: 247532 9e98e2fb56471c2a380170bc5de12006 http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10-2ubuntu0.1_amd64.deb Size/MD5: 243188 3d86698111ea91f50dfabed4352ed810 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0-2ubuntu1.1_i386.deb Size/MD5: 152796 3ec868fe8b7c4fbfcc5da416247b04b9 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.14.0-2ubuntu1.1_i386.deb Size/MD5: 427344 ecc07e97ee49b903199c81a136f25888 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.14.0-2ubuntu1.1_i386.deb Size/MD5: 1236096 56a32936a04f90e7ec8d51d032d10dd3 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl3-gssapi_7.14.0-2ubuntu1.1_i386.deb Size/MD5: 119364 be32f2271bc227fb7e58f8aa0de19714 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.14.0-2ubuntu1.1_i386.deb Size/MD5: 240952 84322061f55b1a3495e60edf943079be http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10-2ubuntu0.1_i386.deb Size/MD5: 232324 681fd7679b97b1a9175b3bd271ee60fd powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0-2ubuntu1.1_powerpc.deb Size/MD5: 156644 cd21f3af210cdca64b287d8977526156 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.14.0-2ubuntu1.1_powerpc.deb Size/MD5: 461116 a73628cc8922bf2ef1b3804ff874e28e http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.14.0-2ubuntu1.1_powerpc.deb Size/MD5: 1258606 d0c0746747b2c7b0dff11da2f880255b http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl3-gssapi_7.14.0-2ubuntu1.1_powerpc.deb Size/MD5: 128110 4555a6f390c2acd97717a94ea509d732 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.14.0-2ubuntu1.1_powerpc.deb Size/MD5: 249118 32cbed3880ee40da4e6098cf2bfdc0a8 http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.10-2ubuntu0.1_powerpc.deb Size/MD5: 238082 829accc5ec3c9c204780bc9267230b41
Attachment:
signature.asc
Description: Digital signature