USN-6944-2

See a problem?

Source

https://ubuntu.com/security/notices/USN-6944-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6944-2.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6944-2

Related

Published

2024-08-20T18:15:39.870484Z

Modified

2024-08-20T18:15:39.870484Z

Summary

curl vulnerability

Details

USN-6944-1 fixed CVE-2024-7264 for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.

Original advisory details:

Dov Murik discovered that curl incorrectly handled parsing ASN.1 Generalized Time fields. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents.

References

Affected packages

Ubuntu:Pro:14.04:LTS / curl

Package

Name: curl
Purl: pkg:deb/ubuntu/curl@7.35.0-1ubuntu2.20+esm18?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.35.0-1ubuntu2.20+esm18

Affected versions

7.*

7.32.0-1ubuntu1

7.33.0-1ubuntu1

7.34.0-1ubuntu1

7.35.0-1ubuntu1

7.35.0-1ubuntu2

7.35.0-1ubuntu2.1

7.35.0-1ubuntu2.2

7.35.0-1ubuntu2.3

7.35.0-1ubuntu2.5

7.35.0-1ubuntu2.6

7.35.0-1ubuntu2.7

7.35.0-1ubuntu2.8

7.35.0-1ubuntu2.9

7.35.0-1ubuntu2.10

7.35.0-1ubuntu2.11

7.35.0-1ubuntu2.12

7.35.0-1ubuntu2.13

7.35.0-1ubuntu2.14

7.35.0-1ubuntu2.15

7.35.0-1ubuntu2.16

7.35.0-1ubuntu2.17

7.35.0-1ubuntu2.19

7.35.0-1ubuntu2.20

7.35.0-1ubuntu2.20+esm3

7.35.0-1ubuntu2.20+esm4

7.35.0-1ubuntu2.20+esm5

7.35.0-1ubuntu2.20+esm6

7.35.0-1ubuntu2.20+esm7

7.35.0-1ubuntu2.20+esm8

7.35.0-1ubuntu2.20+esm9

7.35.0-1ubuntu2.20+esm10

7.35.0-1ubuntu2.20+esm11

7.35.0-1ubuntu2.20+esm12

7.35.0-1ubuntu2.20+esm13

7.35.0-1ubuntu2.20+esm14

7.35.0-1ubuntu2.20+esm15

7.35.0-1ubuntu2.20+esm16

7.35.0-1ubuntu2.20+esm17

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "curl-udeb": "7.35.0-1ubuntu2.20+esm18",
            "libcurl3": "7.35.0-1ubuntu2.20+esm18",
            "libcurl4-gnutls-dev": "7.35.0-1ubuntu2.20+esm18",
            "libcurl3-dbgsym": "7.35.0-1ubuntu2.20+esm18",
            "libcurl3-nss": "7.35.0-1ubuntu2.20+esm18",
            "libcurl4-doc": "7.35.0-1ubuntu2.20+esm18",
            "libcurl3-udeb-dbgsym": "7.35.0-1ubuntu2.20+esm18",
            "libcurl3-gnutls-dbgsym": "7.35.0-1ubuntu2.20+esm18",
            "libcurl4-openssl-dev": "7.35.0-1ubuntu2.20+esm18",
            "libcurl4-openssl-dev-dbgsym": "7.35.0-1ubuntu2.20+esm18",
            "curl-dbgsym": "7.35.0-1ubuntu2.20+esm18",
            "curl": "7.35.0-1ubuntu2.20+esm18",
            "libcurl3-udeb": "7.35.0-1ubuntu2.20+esm18",
            "curl-udeb-dbgsym": "7.35.0-1ubuntu2.20+esm18",
            "libcurl4-nss-dev-dbgsym": "7.35.0-1ubuntu2.20+esm18",
            "libcurl3-gnutls": "7.35.0-1ubuntu2.20+esm18",
            "libcurl4-gnutls-dev-dbgsym": "7.35.0-1ubuntu2.20+esm18",
            "libcurl3-nss-dbgsym": "7.35.0-1ubuntu2.20+esm18",
            "libcurl3-dbg": "7.35.0-1ubuntu2.20+esm18",
            "libcurl4-nss-dev": "7.35.0-1ubuntu2.20+esm18"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / curl

Package

Name: curl
Purl: pkg:deb/ubuntu/curl@7.47.0-1ubuntu2.19+esm13?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.47.0-1ubuntu2.19+esm13

Affected versions

7.*

7.43.0-1ubuntu2

7.45.0-1ubuntu1

7.46.0-1ubuntu1

7.47.0-1ubuntu1

7.47.0-1ubuntu2

7.47.0-1ubuntu2.1

7.47.0-1ubuntu2.2

7.47.0-1ubuntu2.3

7.47.0-1ubuntu2.4

7.47.0-1ubuntu2.5

7.47.0-1ubuntu2.6

7.47.0-1ubuntu2.7

7.47.0-1ubuntu2.8

7.47.0-1ubuntu2.9

7.47.0-1ubuntu2.11

7.47.0-1ubuntu2.12

7.47.0-1ubuntu2.13

7.47.0-1ubuntu2.14

7.47.0-1ubuntu2.15

7.47.0-1ubuntu2.16

7.47.0-1ubuntu2.18

7.47.0-1ubuntu2.19

7.47.0-1ubuntu2.19+esm1

7.47.0-1ubuntu2.19+esm2

7.47.0-1ubuntu2.19+esm3

7.47.0-1ubuntu2.19+esm4

7.47.0-1ubuntu2.19+esm5

7.47.0-1ubuntu2.19+esm6

7.47.0-1ubuntu2.19+esm7

7.47.0-1ubuntu2.19+esm8

7.47.0-1ubuntu2.19+esm9

7.47.0-1ubuntu2.19+esm10

7.47.0-1ubuntu2.19+esm11

7.47.0-1ubuntu2.19+esm12

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "libcurl3": "7.47.0-1ubuntu2.19+esm13",
            "libcurl4-gnutls-dev": "7.47.0-1ubuntu2.19+esm13",
            "libcurl3-dbgsym": "7.47.0-1ubuntu2.19+esm13",
            "libcurl3-nss": "7.47.0-1ubuntu2.19+esm13",
            "libcurl4-doc": "7.47.0-1ubuntu2.19+esm13",
            "libcurl3-gnutls-dbgsym": "7.47.0-1ubuntu2.19+esm13",
            "libcurl4-openssl-dev": "7.47.0-1ubuntu2.19+esm13",
            "libcurl4-openssl-dev-dbgsym": "7.47.0-1ubuntu2.19+esm13",
            "curl-dbgsym": "7.47.0-1ubuntu2.19+esm13",
            "curl": "7.47.0-1ubuntu2.19+esm13",
            "libcurl4-nss-dev-dbgsym": "7.47.0-1ubuntu2.19+esm13",
            "libcurl3-gnutls": "7.47.0-1ubuntu2.19+esm13",
            "libcurl4-gnutls-dev-dbgsym": "7.47.0-1ubuntu2.19+esm13",
            "libcurl3-nss-dbgsym": "7.47.0-1ubuntu2.19+esm13",
            "libcurl3-dbg": "7.47.0-1ubuntu2.19+esm13",
            "libcurl4-nss-dev": "7.47.0-1ubuntu2.19+esm13"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / curl

Package

Name: curl
Purl: pkg:deb/ubuntu/curl@7.58.0-2ubuntu3.24+esm5?arch=src?distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.58.0-2ubuntu3.24+esm5

Affected versions

7.*

7.55.1-1ubuntu2

7.55.1-1ubuntu2.1

7.57.0-1ubuntu1

7.58.0-2ubuntu1

7.58.0-2ubuntu2

7.58.0-2ubuntu3

7.58.0-2ubuntu3.1

7.58.0-2ubuntu3.2

7.58.0-2ubuntu3.3

7.58.0-2ubuntu3.5

7.58.0-2ubuntu3.6

7.58.0-2ubuntu3.7

7.58.0-2ubuntu3.8

7.58.0-2ubuntu3.9

7.58.0-2ubuntu3.10

7.58.0-2ubuntu3.12

7.58.0-2ubuntu3.13

7.58.0-2ubuntu3.14

7.58.0-2ubuntu3.15

7.58.0-2ubuntu3.16

7.58.0-2ubuntu3.17

7.58.0-2ubuntu3.18

7.58.0-2ubuntu3.19

7.58.0-2ubuntu3.20

7.58.0-2ubuntu3.21

7.58.0-2ubuntu3.22

7.58.0-2ubuntu3.23

7.58.0-2ubuntu3.24

7.58.0-2ubuntu3.24+esm1

7.58.0-2ubuntu3.24+esm2

7.58.0-2ubuntu3.24+esm3

7.58.0-2ubuntu3.24+esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "curl-dbgsym": "7.58.0-2ubuntu3.24+esm5",
            "curl": "7.58.0-2ubuntu3.24+esm5",
            "libcurl4": "7.58.0-2ubuntu3.24+esm5",
            "libcurl4-gnutls-dev": "7.58.0-2ubuntu3.24+esm5",
            "libcurl4-dbgsym": "7.58.0-2ubuntu3.24+esm5",
            "libcurl3-nss": "7.58.0-2ubuntu3.24+esm5",
            "libcurl4-doc": "7.58.0-2ubuntu3.24+esm5",
            "libcurl3-nss-dbgsym": "7.58.0-2ubuntu3.24+esm5",
            "libcurl3-gnutls": "7.58.0-2ubuntu3.24+esm5",
            "libcurl3-gnutls-dbgsym": "7.58.0-2ubuntu3.24+esm5",
            "libcurl4-openssl-dev": "7.58.0-2ubuntu3.24+esm5",
            "libcurl4-nss-dev": "7.58.0-2ubuntu3.24+esm5"
        }
    ]
}