Ubuntu Security Notice USN-3262-1

April 20, 2017



curl vulnerability

A security issue affects these releases of Ubuntu and its derivatives:



- Ubuntu 17.04



Summary:



Applications using curl could allow unintended access over the network.



Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries



Details:



It was discovered that curl incorrectly handled client certificates when

resuming a TLS session. A remote attacker could use this to hijack a

previously authenticated connection.



Update instructions:



The problem can be corrected by updating your system to the following

package versions:



Ubuntu 17.04:

curl 7.52.1-4ubuntu1.1

libcurl3 7.52.1-4ubuntu1.1

libcurl3-gnutls 7.52.1-4ubuntu1.1

libcurl3-nss 7.52.1-4ubuntu1.1



In general, a standard system update will make all the necessary changes.



References:

http://www.ubuntu.com/usn/usn-3262-1

CVE-2017-7468



Package Information:

https://launchpad.net/ubuntu/+source/curl/7.52.1-4ubuntu1.1





