Ubuntu Security Notice USN-7104-1
==========================================================================
Ubuntu Security Notice USN-7104-1
November 18, 2024
curl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 24.10
– Ubuntu 24.04 LTS
– Ubuntu 22.04 LTS
Summary:
curl could be made to expose sensitive information over the network.
Software Description:
– curl: HTTP, HTTPS, and FTP client and client libraries
Details:
It was discovered that curl could overwrite the HSTS expiry of the parent
domain with the subdomain’s HSTS entry. This could lead to curl switching
back to insecure HTTP earlier than otherwise intended, resulting in
information exposure.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
curl 8.9.1-2ubuntu2.1
libcurl3t64-gnutls 8.9.1-2ubuntu2.1
libcurl4t64 8.9.1-2ubuntu2.1
Ubuntu 24.04 LTS
curl 8.5.0-2ubuntu10.5
libcurl3t64-gnutls 8.5.0-2ubuntu10.5
libcurl4t64 8.5.0-2ubuntu10.5
Ubuntu 22.04 LTS
curl 7.81.0-1ubuntu1.19
libcurl3-gnutls 7.81.0-1ubuntu1.19
libcurl3-nss 7.81.0-1ubuntu1.19
libcurl4 7.81.0-1ubuntu1.19
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7104-1
CVE-2024-9681
Package Information:
https://launchpad.net/ubuntu/+source/curl/8.9.1-2ubuntu2.1
https://launchpad.net/ubuntu/+source/curl/8.5.0-2ubuntu10.5
https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.19