Ubuntu Security Notice USN-7104-1

==========================================================================
Ubuntu Security Notice USN-7104-1
November 18, 2024

curl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 24.10
– Ubuntu 24.04 LTS
– Ubuntu 22.04 LTS

Summary:

curl could be made to expose sensitive information over the network.

Software Description:
– curl: HTTP, HTTPS, and FTP client and client libraries

Details:

It was discovered that curl could overwrite the HSTS expiry of the parent
domain with the subdomain’s HSTS entry. This could lead to curl switching
back to insecure HTTP earlier than otherwise intended, resulting in
information exposure.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
curl 8.9.1-2ubuntu2.1
libcurl3t64-gnutls 8.9.1-2ubuntu2.1
libcurl4t64 8.9.1-2ubuntu2.1

Ubuntu 24.04 LTS
curl 8.5.0-2ubuntu10.5
libcurl3t64-gnutls 8.5.0-2ubuntu10.5
libcurl4t64 8.5.0-2ubuntu10.5

Ubuntu 22.04 LTS
curl 7.81.0-1ubuntu1.19
libcurl3-gnutls 7.81.0-1ubuntu1.19
libcurl3-nss 7.81.0-1ubuntu1.19
libcurl4 7.81.0-1ubuntu1.19

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7104-1
CVE-2024-9681

Package Information:
https://launchpad.net/ubuntu/+source/curl/8.9.1-2ubuntu2.1
https://launchpad.net/ubuntu/+source/curl/8.5.0-2ubuntu10.5
https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.19

نوشته های مشابه