=========================================================== Ubuntu Security Notice USN-228-1 December 12, 2005 curl vulnerability CVE-2005-4077 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libcurl2 libcurl3 The problem can be corrected by upgrading the affected package to version 7.12.0.is.7.11.2-1ubuntu0.3 (for Ubuntu 4.10), 7.12.3-2ubuntu3.5 (libcurl3 for Ubuntu 5.04), 1:7.11.2-12ubuntu3.3 (libcurl2 for Ubuntu 5.04), or 7.14.0-2ubuntu1.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Stefan Esser discovered several buffer overflows in the handling of URLs. By attempting to load an URL with a specially crafted invalid hostname, a local attacker could exploit this to execute arbitrary code with the privileges of the application that uses the cURL library. It is not possible to trick cURL into loading a malicious URL with an HTTP redirect, so this vulnerability was usually not exploitable remotely. However, it could be exploited locally to e. g. circumvent PHP security restrictions. Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.3.diff.gz Size/MD5: 160919 5cf0f9c8ba68210e8e4c2758e60b2580 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.3.dsc Size/MD5: 707 ba339f748a4aa0df95fad727d17351a6 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2.orig.tar.gz Size/MD5: 1435629 25e6617ea7dec34d072426942b77801f amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.3_amd64.deb Size/MD5: 108786 b2c4b1a909e7df51f1b473bad16eb5da http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dbg_7.12.0.is.7.11.2-1ubuntu0.3_amd64.deb Size/MD5: 1043928 85dd2975faa3caf60fe4af59227e73ea http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dev_7.12.0.is.7.11.2-1ubuntu0.3_amd64.deb Size/MD5: 568360 7da61685491a4bf50cb4b93a2ec908c7 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-gssapi_7.12.0.is.7.11.2-1ubuntu0.3_amd64.deb Size/MD5: 112112 c643fd29e22a8b36bab08dcb26ff419c http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2_7.12.0.is.7.11.2-1ubuntu0.3_amd64.deb Size/MD5: 224822 5e3afe9b190593442354151c4175ac07 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.3_i386.deb Size/MD5: 107950 6bdaa7ac9bc28865bf2f8ea98c033638 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dbg_7.12.0.is.7.11.2-1ubuntu0.3_i386.deb Size/MD5: 1029246 5bf95fcb5356c46a48647e90c106893a http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dev_7.12.0.is.7.11.2-1ubuntu0.3_i386.deb Size/MD5: 556842 9a83e697723e0498b189b661856a5f44 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-gssapi_7.12.0.is.7.11.2-1ubuntu0.3_i386.deb Size/MD5: 110126 ffd39f845dcd54c1725dd5b530f69880 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2_7.12.0.is.7.11.2-1ubuntu0.3_i386.deb Size/MD5: 223078 641bab72067de0f032fefcfe374a21b9 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.0.is.7.11.2-1ubuntu0.3_powerpc.deb Size/MD5: 110280 f01bb0abf8a7ee14df4f5ce45c7edcb3 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dbg_7.12.0.is.7.11.2-1ubuntu0.3_powerpc.deb Size/MD5: 1053056 d14dafe8fa84b5c189a1b9434fab4166 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2-dev_7.12.0.is.7.11.2-1ubuntu0.3_powerpc.deb Size/MD5: 573702 d4e343709827dc77b6e3caf8c3383145 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-gssapi_7.12.0.is.7.11.2-1ubuntu0.3_powerpc.deb Size/MD5: 116522 add20579ac6b24154674095b8e8152ff http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl2_7.12.0.is.7.11.2-1ubuntu0.3_powerpc.deb Size/MD5: 229658 ca56d9ba1a7445ac4638a79efe985cd6 Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.3-2ubuntu3.5.diff.gz Size/MD5: 1262740 00b378df6454659925ffb8317de89a33 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.3-2ubuntu3.5.dsc Size/MD5: 832 19e220d065283b4c118a9a7576dcab13 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.3.orig.tar.gz Size/MD5: 2135477 653d1227c58ca870f95c488db62033f8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.3-2ubuntu3.5_amd64.deb Size/MD5: 166430 56b527b3f654c498476606c8b2e5218f http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-dev_7.11.2-12ubuntu3.3_amd64.deb Size/MD5: 341484 c64f9a35c94872b033ce89d8ae0bf193 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2_7.11.2-12ubuntu3.3_amd64.deb Size/MD5: 225790 c6db9fc785c37e8fc27620b9841ae53f http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.12.3-2ubuntu3.5_amd64.deb Size/MD5: 991810 d051acceddd6f2d4c1356bec0dcfbe9f http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.12.3-2ubuntu3.5_amd64.deb Size/MD5: 1217552 ed1cbb38b5dbe4f776b4277f0de74429 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl3-gssapi_7.12.3-2ubuntu3.5_amd64.deb Size/MD5: 138014 aa54bc9fd89a1068f75ac1a354796987 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.12.3-2ubuntu3.5_amd64.deb Size/MD5: 254376 fe569e17b09c23bda1156ae49a219df6 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.3-2ubuntu3.5_i386.deb Size/MD5: 165564 b8cd25dfae1816207eddd1f9c9f6576a http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-dev_7.11.2-12ubuntu3.3_i386.deb Size/MD5: 328156 5ad8dbebd4b74ca2eb807290625fe3c2 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2_7.11.2-12ubuntu3.3_i386.deb Size/MD5: 223992 2989c4c6292069c59d9654f2b99a77d9 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.12.3-2ubuntu3.5_i386.deb Size/MD5: 989726 5406a590e0998ec705cbeba27f0c292d http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.12.3-2ubuntu3.5_i386.deb Size/MD5: 1202882 50757b0afdbefb3b8e956060dece4c75 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl3-gssapi_7.12.3-2ubuntu3.5_i386.deb Size/MD5: 135074 d7b7e473412ba0779f68d2265ab9dabf http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.12.3-2ubuntu3.5_i386.deb Size/MD5: 251820 0fde60ae464fe109113aa445fd5ac908 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.12.3-2ubuntu3.5_powerpc.deb Size/MD5: 168958 0e2221d5202c09bb62c2ed02b3dbbc28 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2-dev_7.11.2-12ubuntu3.3_powerpc.deb Size/MD5: 346148 fc1431630ee831312c32f8e16368910c http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl2_7.11.2-12ubuntu3.3_powerpc.deb Size/MD5: 230648 dd2a75c994541467517a60e1a336b77a http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.12.3-2ubuntu3.5_powerpc.deb Size/MD5: 1601402 26d6817b37c7374e05751aff7bdd998b http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.12.3-2ubuntu3.5_powerpc.deb Size/MD5: 1223556 e84e5fc07f89ac709e8878dc8077025d http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl3-gssapi_7.12.3-2ubuntu3.5_powerpc.deb Size/MD5: 142846 86dc96c63047dcd4da246dbb6b50e1bb http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.12.3-2ubuntu3.5_powerpc.deb Size/MD5: 259030 f1c8afbe12f1f153ac89416c3de77d05 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0-2ubuntu1.2.diff.gz Size/MD5: 172472 01d9e73d5c3c1ed6c9bc7d35d0cfc53b http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0-2ubuntu1.2.dsc Size/MD5: 807 2455b42b81a0ba3718cf7d7d30016e67 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0.orig.tar.gz Size/MD5: 2236640 3466045eab2170a393807a9eace17c55 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0-2ubuntu1.2_amd64.deb Size/MD5: 153942 14b8333284c546d61d16e4b426d8727f http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.14.0-2ubuntu1.2_amd64.deb Size/MD5: 454934 68254a5a28844c861c0e696298321dec http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.14.0-2ubuntu1.2_amd64.deb Size/MD5: 1253760 e448cdada96847f18336eb86021ff3be http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl3-gssapi_7.14.0-2ubuntu1.2_amd64.deb Size/MD5: 126014 a85895b81a98a287d5a53302c1427186 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.14.0-2ubuntu1.2_amd64.deb Size/MD5: 247620 6e2fc2f2fd8178e7ba89c72b5266ab79 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0-2ubuntu1.2_i386.deb Size/MD5: 152870 98413ae7977e6055c872aabe39e79394 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.14.0-2ubuntu1.2_i386.deb Size/MD5: 427436 c6dc2f4eac30256103ee59f24be7e737 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.14.0-2ubuntu1.2_i386.deb Size/MD5: 1236180 a47e57854f1a6e06bfd5b387ce075699 http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl3-gssapi_7.14.0-2ubuntu1.2_i386.deb Size/MD5: 119466 84d6b29e40235dd9c668f7b0febec53b http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.14.0-2ubuntu1.2_i386.deb Size/MD5: 241034 ace721841e231ce9422b7fd347b14959 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.14.0-2ubuntu1.2_powerpc.deb Size/MD5: 156704 46572eb7c8e2763937ccee3aa1446066 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.14.0-2ubuntu1.2_powerpc.deb Size/MD5: 461144 ca4fff8c045e84eeead4ac9abb80ced1 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.14.0-2ubuntu1.2_powerpc.deb Size/MD5: 1258704 c64b3487fa92752cca2170f7a6d6419b http://security.ubuntu.com/ubuntu/pool/universe/c/curl/libcurl3-gssapi_7.14.0-2ubuntu1.2_powerpc.deb Size/MD5: 128190 48f15a5fedafd59f48bf499c26704022 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.14.0-2ubuntu1.2_powerpc.deb Size/MD5: 249180 409e0e0d305e26c7e17b9f490e3168a6
Attachment:
signature.asc
Description: Digital signature