1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • curl vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, August 19, 2020 12:10:06
    curl vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    curl could be made to expose sensitive information over the
    network.

    Software Description

    * curl - HTTP, HTTPS, and FTP client and client libraries

    Details

    Marc Aldorasi discovered that curl incorrectly handled the libcurl
    CURLOPT_CONNECT_ONLY option. This could result in data being sent
    to the wrong destination, possibly exposing sensitive information.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    curl - 7.68.0-1ubuntu2.2
    libcurl3-gnutls - 7.68.0-1ubuntu2.2
    libcurl3-nss - 7.68.0-1ubuntu2.2
    libcurl4 - 7.68.0-1ubuntu2.2

    Ubuntu 18.04 LTS
    curl - 7.58.0-2ubuntu3.10
    libcurl3-gnutls - 7.58.0-2ubuntu3.10
    libcurl3-nss - 7.58.0-2ubuntu3.10
    libcurl4 - 7.58.0-2ubuntu3.10

    Ubuntu 16.04 LTS
    curl - 7.47.0-1ubuntu2.16
    libcurl3 - 7.47.0-1ubuntu2.16
    libcurl3-gnutls - 7.47.0-1ubuntu2.16
    libcurl3-nss - 7.47.0-1ubuntu2.16

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-8231

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Thursday, August 20, 2020 12:10:01
    curl vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM

    Summary

    curl could be made to expose sensitive information over the
    network.

    Software Description

    * curl - HTTP, HTTPS, and FTP client and client libraries

    Details

    USN-4466-1 fixed a vulnerability in curl. This update provides the
    corresponding update for Ubuntu 14.04 ESM.

    Original advisory details:

    Marc Aldorasi discovered that curl incorrectly handled the libcurl
    CURLOPT_CONNECT_ONLY option. This could result in data being sent
    to the wrong destination, possibly exposing sensitive information.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    curl - 7.35.0-1ubuntu2.20+esm5
    libcurl3-gnutls - 7.35.0-1ubuntu2.20+esm5
    libcurl3-nss - 7.35.0-1ubuntu2.20+esm5

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * USN-4466-1
    * CVE-2020-8231

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)