A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libcurl2 libcurl2-gssapi
The problem can be corrected by upgrading the affected package to version 7.12.0.is.7.11.2-1ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
infamous41md discovered a buffer overflow in cURL's NT LAN Manager (NTLM) authentication handling. By sending a specially crafted long NTLM reply packet, a remote attacker could overflow the reply buffer. This could lead to execution of arbitrary attacker specified code with the privileges of the application using the cURL library.