Ubuntu Update For Curl USN-2167-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Steve Holme discovered that libcurl incorrectly reused wrong connections when using protocols other than HTTP and FTP. This could lead to the use of unintended credentials, possibly exposing sensitive information. (CVE-2014-0138) Richard Moore discovered that libcurl incorrectly validated wildcard SSL certificates that contain literal IP addresses. An attacker could possibly exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2014-0139)

Affected

curl on Ubuntu 13.10 , Ubuntu 12.10 , Ubuntu 12.04 LTS , Ubuntu 10.04 LTS

Severity

Classification

CVE CVE-2014-0138, CVE-2014-0139
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Ubuntu Update for dbus USN-1576-2
Ubuntu Update for cmake vulnerabilities USN-890-6
Ubuntu Update for clamav USN-1179-1
Ubuntu Update for curl USN-2048-2
Ubuntu Update for apache2 USN-2299-1

Ubuntu Update for curl USN-2167-1

Take action and discover your vulnerabilities