Recent Features
| ||||||||||||||||||||||
Ubuntu alert USN-726-1 (curl)
=========================================================== Ubuntu Security Notice USN-726-1 March 03, 2009 curl vulnerability CVE-2009-0037 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libcurl3 7.15.1-1ubuntu3.1 libcurl3-gnutls 7.15.1-1ubuntu3.1 Ubuntu 7.10: libcurl3 7.16.4-2ubuntu1.1 libcurl3-gnutls 7.16.4-2ubuntu1.1 Ubuntu 8.04 LTS: libcurl3 7.18.0-1ubuntu2.1 libcurl3-gnutls 7.18.0-1ubuntu2.1 Ubuntu 8.10: libcurl3 7.18.2-1ubuntu4.1 libcurl3-gnutls 7.18.2-1ubuntu4.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that curl did not enforce any restrictions when following URL redirects. If a user or automated system were tricked into opening a URL to an untrusted server, an attacker could use redirects to gain access to abitrary files. This update changes curl behavior to prevent following "file" URLs after a redirect. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 187821 98a6bc2adb5c5673bdf39e10459be0e8 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 946 54356fc9d1f2f629db92aec10f15ad52 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 1769992 63be206109486d4653c73823aa2b34fa Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 31260 e1a1c7938bbc15a8f1183fe1d6d0af0a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 169568 1315f552c57d7db1315f81b41589792c http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 540736 bb54db6af7f71e8098b99f57c55a8c03 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 717326 74244221991d13b3e27d7600b25cc667 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 167960 0d960ee5cb9c386af7730dd6985e519e http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 724246 a35139c3af268cb40a64b2d4562c239e http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 172910 33529da99980d7c599c1ddbf49a7a298 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 168448 3ff82ec8fbffb489c198ef86ad45155b http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 506770 10c355570dcb3812efa661f3359792fa http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 700624 d9ed3ac37839ed446dd2d19f4c0ccac1 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 160502 7325d0cd0802f12340de1e5ff8fc94ad http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 705276 442b603f3bef1bb6b76cb475108d0869 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 165456 52191a45a9ccfb55dfa95a5d6059c4c4 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 172084 3b8d50cd83bce1fbf4db132ac6b5fcf2 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 542256 f038486866f70fd91641a338684c9fd7 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 723702 ab81371909385b48de743ff8c6bdef1e http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 170316 b131cc76e2315a6969e5d842ee00ac7d http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 729156 ecb7523175cc86845a65a45e584c52f4 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 174808 75929f5b8f8665d595d71b1477428fe8 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 169262 d1227121940771c773000adf86cb2b25 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 510838 cedeacff8c06c39c973cb49e14098a72 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 710240 a69b147b9aa4e84755128b20cf8d6cc0 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 163088 2dc3c7c08147eb59e3b10df00a84380d http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 714840 ef9596a90e8f5d3872dbb533c2e3a785 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 167244 0eb1ef9b9f24c1ce216bfac5ac61a770 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 23038 ec29fe4a6ce15381ee4d18977a01cf54 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 1070 ee6f69c49d16d34809984d41ba9a95d9 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 2127522 b8f272cfe98fd5570447469e2faea844 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 175802 1031a8edbe06cac94c392dedc7453fe5 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 1030904 97008fb6866a84bfc1bfc6aadc387c37 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 180212 8879fd596ec6d374ecc3db7c590a4dee http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 186854 216542e4ee0aa37b12dfceb9f782431f http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 828040 3bef020322ca21c8673b55bcde5a7555 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 835418 03a845d4637949826e4b606675643351 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 174936 a69d59cba07ca9611470fa45c441d41f http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 998270 4adafc7307dec5a9194e53d27046862a http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 176140 63ce96a012b6b57e14ada06f633293f8 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 182128 cc373dd8b1383abc9647b2755dcc82c2 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 802764 b4f2f06c793123ffc85ecd754d27a799 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 808706 4cdc8ddd315dbd125b6dd6fd9254f584 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/curl/curl_7.16.4-2ubu... Size/MD5: 174826 826bd0dc3bab6c9df46b737c99a4cc12 http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.1... Size/MD5: 1016026 54999bbac5f7b80c03a450d0fa782e2c http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_... Size/MD5: 174294 4b881eab13f96f101f233b8d8066a1eb http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.16.4-... Size/MD5: 180832 7e9738237d5a15b0117463d9c9067925 http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-... Size/MD5: 800482 8f79859acd3d9c5656c8776bd595aa17 http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl... Size/MD5: 806612 d310180304c4688ad36b734a929514aa powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 179486 e0fb5643133b30cc3e258820cf17d67d http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 1045612 845b188923e649bc8a165b8356e7f406 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 187794 cd8cd13657a67c0367bae7c821075cbb http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 193612 d4178d220ba2d1e12005387e9226a27b http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 826054 ce04418fbb88124acc4705e9372ecd30 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 831906 3a8efee4daf4b2ca73165bd2ec1e2883 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 175644 6b184238aa16330227fa2ef555b6e558 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 990958 66b0b3669cba60f631ed6a0a24617188 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 174762 e8750cc8896cfcffce4815777ac3caee http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 179512 c0e79f63b732fbbc405652f107878b84 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 808072 684fb0a815911676557b5debd393a1fe http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 814506 1aa48c17a5be7a7373b045abfc18da3d Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 23694 d86f917e0253ba822db6d2424798463c http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 1101 1a3e33be24181c7ffc8f7b60816e249d http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 2285430 76ff5a7fa2e00b25ded5302885d4c3e2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 197866 101c380ab9d9ab90cd8eb29feb9b1afc http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 1054384 bc98cdd6d1571106757d2411ad6ffd3c http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 202642 f663841bc8e03556b2d41ef1d7260930 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 209456 e8acd7503ad26b01aae5375b90178a48 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 896296 fd68ba64689210d59e867787ba4abb20 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 904552 7644776a5d3a3b1922a3507a37ec05dc i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 197074 00eb30ecbc6793f1d10bed5c8bbf5bf5 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 1039734 541d32169bfe1529dd2d4745a1226eb1 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 198480 b4ca187d0408dc35836646c5f966bf90 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 205782 c61cf64efc7baa7cb37a03bed19cfa6a http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 870314 7e275b66161a6cf9c32fbdc4750805eb http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 877390 b8889ec5febb2da66b0dae49295e6844 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.0-1ubu... Size/MD5: 196994 f85f088f37ed84c756fd75a5ba9c1829 http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.1... Size/MD5: 1046972 f93a0314315ca010c1e000d6094b529e http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_... Size/MD5: 197474 bedb0ae75d50745d9070d598a7f3bbed http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.0-... Size/MD5: 204090 7db96e2a1af5229b5c05fe332c30f756 http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-... Size/MD5: 869990 16be192ab09c1ca78a48d50b599b6868 http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl... Size/MD5: 876092 896c0bbc2eee392cbac4a18b5996931b powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.0-1ubu... Size/MD5: 201932 c3f6e455e85ddc6e69daf3431ea58e74 http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.1... Size/MD5: 1063946 a5d52c748048bf586cedb02daf29fb7a http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_... Size/MD5: 210994 5602b8c0c9979c0eba7eff319d5bc77e http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.0-... Size/MD5: 216006 8d65ea79097e0e635f75382d7aaecf6b http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-... Size/MD5: 895512 ef52c8d4b5a097751646d1174bca4c35 http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl... Size/MD5: 902650 dd88be6fee4e0382db0af0cc490877b0 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.0-1ubu... Size/MD5: 197586 db78b2c9b6402e0f9ed9cb9bf7cd4872 http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.1... Size/MD5: 1027024 0ead1406330f62ff04c0177d185a53a9 http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_... Size/MD5: 196652 3e829cf092deb68935946eccb4471663 http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.0-... Size/MD5: 202218 ba4d43feba5bc66630d46766f1ae5dd3 http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-... Size/MD5: 877208 20b30bf93d62e6c2c165ee6be374435f http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl... Size/MD5: 883238 66b2bc1ab0da39b981e35aaf694e6b67 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 22211 6e74e8584ae7aebb6c14d3a114796454 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 1491 9b355d2d245a85cbca121726652e7f8d http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 2273077 4fe99398a64a34613c9db7bd61bf6e3c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 210246 d67a5eb49a6f5e427bd1654007f455a7 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 1124684 57f1830f3a2e4ffdec0180717f3191a0 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 216106 e36ff6ee975146c248c293ce0f8cfc6b http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 223206 56e2f570c4c989bca172cfc09a370d39 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 926082 5cc5411540ce23be3354b1f4d5fc041f http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 933036 adcb522fbbb4f3ab68b4fa8af804d5b7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7... Size/MD5: 209080 80b442fba7924160f234f6d2fc5be8ea http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 1091876 d294a4ad45febe82279359741d6958c4 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 212550 7c5a86d097564f4563cd4992c65544a9 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 219490 83026954c17912ed54036e2f81118310 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 899576 bb001dda2e0e9def2d08f99497adfbcd http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcur... Size/MD5: 905326 74ff52579922240c1a034c0f223b1a1a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubu... Size/MD5: 208732 cdc604e918825dd8ca06fb07b69d90ba http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.1... Size/MD5: 1099032 5e1a71fa663f6f21944bf7078c57aebe http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_... Size/MD5: 210790 2486bf054d91bf5e5cd32fae20d2002a http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-... Size/MD5: 217316 32814e9da3f6ea13b6b2a77e872f92fc http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-... Size/MD5: 898464 3028bc84dcbc05a2a65d50f49f0ed2f0 http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl... Size/MD5: 903772 00495fb44aba7d390ddb7643de104fca powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubu... Size/MD5: 212494 c0ad35c9fbaa7afeb9247b948bf3720e http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.1... Size/MD5: 1130288 8a65d0227f3697b505e4634cff6831fd http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_... Size/MD5: 223618 b5d5085350540d988abc19c5dcb04ea6 http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-... Size/MD5: 229464 8053abc5beb65a37ea489eeec41ab2c2 http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-... Size/MD5: 925362 8277d9fb3b898cf90e4fa46ffcf71147 http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl... Size/MD5: 931700 13f3edf118024e221d7f45abd05c0e7e sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/curl/curl_7.18.2-1ubu... Size/MD5: 209542 6478e46bb2850c50f7b4def0d86b730b http://ports.ubuntu.com/pool/main/c/curl/libcurl3-dbg_7.1... Size/MD5: 1072458 5eaf45a5c000a1f8b0d09bbab983b8ae http://ports.ubuntu.com/pool/main/c/curl/libcurl3-gnutls_... Size/MD5: 209228 83c8fcd128286fd77d9983fff53d9563 http://ports.ubuntu.com/pool/main/c/curl/libcurl3_7.18.2-... Size/MD5: 213982 bf031afa898326f814e2dea63fdc0523 http://ports.ubuntu.com/pool/main/c/curl/libcurl4-gnutls-... Size/MD5: 904780 f3ac8d6aab6a12a4b8462152e38463a9 http://ports.ubuntu.com/pool/main/c/curl/libcurl4-openssl... Size/MD5: 909856 c991e46b6bb3a47c79e7615f398de261 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security... (Log in to post comments)
|
||||||||||||||||||||||