USN-4402-1
See a problem?- Source
- https://ubuntu.com/security/notices/USN-4402-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4402-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-4402-1
- Related
- Published
- 2020-06-24T11:51:31.205451Z
- Modified
- 2020-06-24T11:51:31.205451Z
- Summary
- curl vulnerabilities
- Details
-
Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl incorrectly handled certain credentials. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-8169)
It was discovered that curl incorrectly handled certain parameters. An attacker could possibly use this issue to overwrite a local file. (CVE-2020-8177)
- References
Affected packages
Ubuntu:Pro:14.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.35.0-1ubuntu2.20+esm4?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.35.0-1ubuntu2.20+esm4
Affected versions
7.*
7.32.0-1ubuntu1
7.33.0-1ubuntu1
7.34.0-1ubuntu1
7.35.0-1ubuntu1
7.35.0-1ubuntu2
7.35.0-1ubuntu2.1
7.35.0-1ubuntu2.2
7.35.0-1ubuntu2.3
7.35.0-1ubuntu2.5
7.35.0-1ubuntu2.6
7.35.0-1ubuntu2.7
7.35.0-1ubuntu2.8
7.35.0-1ubuntu2.9
7.35.0-1ubuntu2.10
7.35.0-1ubuntu2.11
7.35.0-1ubuntu2.12
7.35.0-1ubuntu2.13
7.35.0-1ubuntu2.14
7.35.0-1ubuntu2.15
7.35.0-1ubuntu2.16
7.35.0-1ubuntu2.17
7.35.0-1ubuntu2.19
7.35.0-1ubuntu2.20
7.35.0-1ubuntu2.20+esm3
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"curl-udeb": "7.35.0-1ubuntu2.20+esm4",
"libcurl3": "7.35.0-1ubuntu2.20+esm4",
"libcurl4-gnutls-dev": "7.35.0-1ubuntu2.20+esm4",
"libcurl3-dbgsym": "7.35.0-1ubuntu2.20+esm4",
"libcurl3-nss": "7.35.0-1ubuntu2.20+esm4",
"libcurl4-doc": "7.35.0-1ubuntu2.20+esm4",
"libcurl3-udeb-dbgsym": "7.35.0-1ubuntu2.20+esm4",
"libcurl3-gnutls-dbgsym": "7.35.0-1ubuntu2.20+esm4",
"libcurl4-openssl-dev": "7.35.0-1ubuntu2.20+esm4",
"libcurl4-openssl-dev-dbgsym": "7.35.0-1ubuntu2.20+esm4",
"curl-dbgsym": "7.35.0-1ubuntu2.20+esm4",
"curl": "7.35.0-1ubuntu2.20+esm4",
"libcurl3-udeb": "7.35.0-1ubuntu2.20+esm4",
"curl-udeb-dbgsym": "7.35.0-1ubuntu2.20+esm4",
"libcurl4-nss-dev-dbgsym": "7.35.0-1ubuntu2.20+esm4",
"libcurl3-gnutls": "7.35.0-1ubuntu2.20+esm4",
"libcurl4-gnutls-dev-dbgsym": "7.35.0-1ubuntu2.20+esm4",
"libcurl3-nss-dbgsym": "7.35.0-1ubuntu2.20+esm4",
"libcurl3-dbg": "7.35.0-1ubuntu2.20+esm4",
"libcurl4-nss-dev": "7.35.0-1ubuntu2.20+esm4"
}
]
}
Ubuntu:16.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.47.0-1ubuntu2.15?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.47.0-1ubuntu2.15
Affected versions
7.*
7.43.0-1ubuntu2
7.45.0-1ubuntu1
7.46.0-1ubuntu1
7.47.0-1ubuntu1
7.47.0-1ubuntu2
7.47.0-1ubuntu2.1
7.47.0-1ubuntu2.2
7.47.0-1ubuntu2.3
7.47.0-1ubuntu2.4
7.47.0-1ubuntu2.5
7.47.0-1ubuntu2.6
7.47.0-1ubuntu2.7
7.47.0-1ubuntu2.8
7.47.0-1ubuntu2.9
7.47.0-1ubuntu2.11
7.47.0-1ubuntu2.12
7.47.0-1ubuntu2.13
7.47.0-1ubuntu2.14
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"libcurl3": "7.47.0-1ubuntu2.15",
"libcurl4-gnutls-dev": "7.47.0-1ubuntu2.15",
"libcurl3-dbgsym": "7.47.0-1ubuntu2.15",
"libcurl3-nss": "7.47.0-1ubuntu2.15",
"libcurl4-doc": "7.47.0-1ubuntu2.15",
"libcurl3-gnutls-dbgsym": "7.47.0-1ubuntu2.15",
"libcurl4-openssl-dev": "7.47.0-1ubuntu2.15",
"libcurl4-openssl-dev-dbgsym": "7.47.0-1ubuntu2.15",
"curl-dbgsym": "7.47.0-1ubuntu2.15",
"curl": "7.47.0-1ubuntu2.15",
"libcurl4-nss-dev-dbgsym": "7.47.0-1ubuntu2.15",
"libcurl3-gnutls": "7.47.0-1ubuntu2.15",
"libcurl4-gnutls-dev-dbgsym": "7.47.0-1ubuntu2.15",
"libcurl3-nss-dbgsym": "7.47.0-1ubuntu2.15",
"libcurl3-dbg": "7.47.0-1ubuntu2.15",
"libcurl4-nss-dev": "7.47.0-1ubuntu2.15"
}
]
}
Ubuntu:18.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.58.0-2ubuntu3.9?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.58.0-2ubuntu3.9
Affected versions
7.*
7.55.1-1ubuntu2
7.55.1-1ubuntu2.1
7.57.0-1ubuntu1
7.58.0-2ubuntu1
7.58.0-2ubuntu2
7.58.0-2ubuntu3
7.58.0-2ubuntu3.1
7.58.0-2ubuntu3.2
7.58.0-2ubuntu3.3
7.58.0-2ubuntu3.5
7.58.0-2ubuntu3.6
7.58.0-2ubuntu3.7
7.58.0-2ubuntu3.8
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"curl-dbgsym": "7.58.0-2ubuntu3.9",
"curl": "7.58.0-2ubuntu3.9",
"libcurl4": "7.58.0-2ubuntu3.9",
"libcurl4-gnutls-dev": "7.58.0-2ubuntu3.9",
"libcurl4-dbgsym": "7.58.0-2ubuntu3.9",
"libcurl3-nss": "7.58.0-2ubuntu3.9",
"libcurl4-doc": "7.58.0-2ubuntu3.9",
"libcurl3-nss-dbgsym": "7.58.0-2ubuntu3.9",
"libcurl3-gnutls": "7.58.0-2ubuntu3.9",
"libcurl3-gnutls-dbgsym": "7.58.0-2ubuntu3.9",
"libcurl4-openssl-dev": "7.58.0-2ubuntu3.9",
"libcurl4-nss-dev": "7.58.0-2ubuntu3.9"
}
]
}
Ubuntu:20.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.68.0-1ubuntu2.1?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.68.0-1ubuntu2.1
Affected versions
7.*
7.65.3-1ubuntu3
7.65.3-1ubuntu4
7.66.0-1ubuntu1
7.67.0-2ubuntu1
7.68.0-1ubuntu1
7.68.0-1ubuntu2
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"curl-dbgsym": "7.68.0-1ubuntu2.1",
"curl": "7.68.0-1ubuntu2.1",
"libcurl4": "7.68.0-1ubuntu2.1",
"libcurl4-gnutls-dev": "7.68.0-1ubuntu2.1",
"libcurl4-dbgsym": "7.68.0-1ubuntu2.1",
"libcurl3-nss": "7.68.0-1ubuntu2.1",
"libcurl4-doc": "7.68.0-1ubuntu2.1",
"libcurl3-nss-dbgsym": "7.68.0-1ubuntu2.1",
"libcurl3-gnutls": "7.68.0-1ubuntu2.1",
"libcurl3-gnutls-dbgsym": "7.68.0-1ubuntu2.1",
"libcurl4-openssl-dev": "7.68.0-1ubuntu2.1",
"libcurl4-nss-dev": "7.68.0-1ubuntu2.1"
}
]
}