USN-4402-1

Source
https://ubuntu.com/security/notices/USN-4402-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4402-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4402-1
Related
Published
2020-06-24T11:51:31.205451Z
Modified
2020-06-24T11:51:31.205451Z
Summary
curl vulnerabilities
Details

Marek Szlagor, Gregory Jefferis and Jeroen Ooms discovered that curl incorrectly handled certain credentials. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-8169)

It was discovered that curl incorrectly handled certain parameters. An attacker could possibly use this issue to overwrite a local file. (CVE-2020-8177)

References

Affected packages

Ubuntu:Pro:14.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.35.0-1ubuntu2.20+esm4

Affected versions

7.*

7.32.0-1ubuntu1
7.33.0-1ubuntu1
7.34.0-1ubuntu1
7.35.0-1ubuntu1
7.35.0-1ubuntu2
7.35.0-1ubuntu2.1
7.35.0-1ubuntu2.2
7.35.0-1ubuntu2.3
7.35.0-1ubuntu2.5
7.35.0-1ubuntu2.6
7.35.0-1ubuntu2.7
7.35.0-1ubuntu2.8
7.35.0-1ubuntu2.9
7.35.0-1ubuntu2.10
7.35.0-1ubuntu2.11
7.35.0-1ubuntu2.12
7.35.0-1ubuntu2.13
7.35.0-1ubuntu2.14
7.35.0-1ubuntu2.15
7.35.0-1ubuntu2.16
7.35.0-1ubuntu2.17
7.35.0-1ubuntu2.19
7.35.0-1ubuntu2.20
7.35.0-1ubuntu2.20+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "curl-udeb"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "curl-udeb-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl3"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl3-dbg"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl3-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl3-udeb"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl3-udeb-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl4-gnutls-dev-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl4-nss-dev-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl4-openssl-dev"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm4",
            "binary_name": "libcurl4-openssl-dev-dbgsym"
        }
    ]
}

Ubuntu:16.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.47.0-1ubuntu2.15

Affected versions

7.*

7.43.0-1ubuntu2
7.45.0-1ubuntu1
7.46.0-1ubuntu1
7.47.0-1ubuntu1
7.47.0-1ubuntu2
7.47.0-1ubuntu2.1
7.47.0-1ubuntu2.2
7.47.0-1ubuntu2.3
7.47.0-1ubuntu2.4
7.47.0-1ubuntu2.5
7.47.0-1ubuntu2.6
7.47.0-1ubuntu2.7
7.47.0-1ubuntu2.8
7.47.0-1ubuntu2.9
7.47.0-1ubuntu2.11
7.47.0-1ubuntu2.12
7.47.0-1ubuntu2.13
7.47.0-1ubuntu2.14

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "libcurl3"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "libcurl3-dbg"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "libcurl3-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "libcurl4-gnutls-dev-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "libcurl4-nss-dev-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "libcurl4-openssl-dev"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.15",
            "binary_name": "libcurl4-openssl-dev-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.58.0-2ubuntu3.9

Affected versions

7.*

7.55.1-1ubuntu2
7.55.1-1ubuntu2.1
7.57.0-1ubuntu1
7.58.0-2ubuntu1
7.58.0-2ubuntu2
7.58.0-2ubuntu3
7.58.0-2ubuntu3.1
7.58.0-2ubuntu3.2
7.58.0-2ubuntu3.3
7.58.0-2ubuntu3.5
7.58.0-2ubuntu3.6
7.58.0-2ubuntu3.7
7.58.0-2ubuntu3.8

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "7.58.0-2ubuntu3.9",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.9",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.9",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.9",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.9",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.9",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.9",
            "binary_name": "libcurl4"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.9",
            "binary_name": "libcurl4-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.9",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.9",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.9",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.9",
            "binary_name": "libcurl4-openssl-dev"
        }
    ]
}

Ubuntu:20.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.68.0-1ubuntu2.1

Affected versions

7.*

7.65.3-1ubuntu3
7.65.3-1ubuntu4
7.66.0-1ubuntu1
7.67.0-2ubuntu1
7.68.0-1ubuntu1
7.68.0-1ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "7.68.0-1ubuntu2.1",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.1",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.1",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.1",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.1",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.1",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.1",
            "binary_name": "libcurl4"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.1",
            "binary_name": "libcurl4-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.1",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.1",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.1",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.1",
            "binary_name": "libcurl4-openssl-dev"
        }
    ]
}