Ubuntu Update For Curl USN-2346-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Tim Ruehsen discovered that curl incorrectly handled partial literal IP addresses. This could lead to the disclosure of cookies to the wrong site, and malicious sites being able to set cookies for others. (CVE-2014-3613) Tim Ruehsen discovered that curl incorrectly allowed cookies to be set for Top Level Domains (TLDs). This could allow a malicious site to set a cookie that gets sent to other sites. (CVE-2014-3620)

Affected

curl on Ubuntu 14.04 LTS , Ubuntu 12.04 LTS , Ubuntu 10.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-September/002659.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3613, CVE-2014-3620
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Ubuntu Update for apache2 vulnerabilities USN-499-1
Ubuntu Update for cups USN-2341-1
Ubuntu Update for aptdaemon vulnerability USN-1068-1
Ubuntu Update for cinder USN-2405-1
Ubuntu Update for apr-util vulnerability USN-1022-1

Ubuntu Update for curl USN-2346-1

Take action and discover your vulnerabilities