drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in curl (Aktualisierung)
Name: |
Ausführen beliebiger Kommandos in curl (Aktualisierung) |
|
ID: |
USN-4129-2 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 ESM, Ubuntu 14.04 ESM |
|
Datum: |
Do, 12. September 2019, 23:31 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482 |
|
Applikationen: |
curl |
|
Update von: |
Zwei Probleme in curl |
|
Originalnachricht |
--===============7237862367758335609== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Y7xTucakfITjPcLV" Content-Disposition: inline
--Y7xTucakfITjPcLV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-4129-2 September 12, 2019
curl vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM - Ubuntu 12.04 ESM
Summary:
curl could be made to crash or possibly execute arbitrary code if it incorrectly handled memory during TFTP transfers.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
USN-4129-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.
Original advisory details:
Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm3 libcurl3 7.35.0-1ubuntu2.20+esm3 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm3 libcurl3-nss 7.35.0-1ubuntu2.20+esm3
Ubuntu 12.04 ESM: curl 7.22.0-3ubuntu4.27 libcurl3 7.22.0-3ubuntu4.27 libcurl3-gnutls 7.22.0-3ubuntu4.27 libcurl3-nss 7.22.0-3ubuntu4.27
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4129-2 https://usn.ubuntu.com/4129-1 CVE-2019-5482
--Y7xTucakfITjPcLV Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJdeqrjAAoJEEW851uECx9p/cYP/R9IrYCrY9bmSaGwIewxE9z4 h/RIzazk+jpV7BbKvKNQGEMpJY80ttCtJiANH/I2lEUFtitQhWtc8ciRoC3EE0oP EEf0cWsUWvv3QlhDO1D//uvwJDm0tQZRTJW7CVJZmQjz+u+ZhKx3tPp8G6ENt7+S X9+R7kRAsvyW5N6CBwU6HVnTw4sz/hJlmk2tICiOtkPQ2WJZXLrA28+WVVy1m6Fr f8TSble/qrfN4mxRqSR0kZQvTCt8TQR/D5Vxd4O9tjN4t1kwFgPXPL/Kol9zgb8C 6rPS2WGYIxLuVbGRBxysZDJJ6KXmrWp3tXKOmrk1ksgIINfRtr31KVPEfDEG/bEg /b4yU+P0PwPeZYYBkGb+oBIgttf2VmSA03ADL+6XSPuojllvs5v04Zooq/l0t6hY f04j3WHn7/1BroZCX5I71EmrUxAN7C5ZNu4uKc2tADhQY2YQapmOvEtonS9YmorC OGlW/sjduBy4WmnNY4euzs8lLZQHGLYY/S0q857OzAOsOoEmVlJevpPZLDvmzeXq 2lfsSsUa9Kx6VgJggsH8Tl0+DjTUCe6oqePMwKoviAsk9URcr1s12/Y+cM7Md4pw 6AbtQL8OVkPts92CTw+CkwNqFsa03NLo2eL7hj78rGWFRlObemnGSwRKATPedL85 vhmgFMV4RuwVTd8Dhcxs =fyFX -----END PGP SIGNATURE-----
--Y7xTucakfITjPcLV--
--===============7237862367758335609== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
|
|
|
|