USN-4466-1

Source
https://ubuntu.com/security/notices/USN-4466-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4466-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4466-1
Related
Published
2020-08-19T11:33:56.609286Z
Modified
2020-08-19T11:33:56.609286Z
Summary
curl vulnerability
Details

Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPTCONNECTONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information.

References

Affected packages

Ubuntu:16.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.47.0-1ubuntu2.16

Affected versions

7.*

7.43.0-1ubuntu2
7.45.0-1ubuntu1
7.46.0-1ubuntu1
7.47.0-1ubuntu1
7.47.0-1ubuntu2
7.47.0-1ubuntu2.1
7.47.0-1ubuntu2.2
7.47.0-1ubuntu2.3
7.47.0-1ubuntu2.4
7.47.0-1ubuntu2.5
7.47.0-1ubuntu2.6
7.47.0-1ubuntu2.7
7.47.0-1ubuntu2.8
7.47.0-1ubuntu2.9
7.47.0-1ubuntu2.11
7.47.0-1ubuntu2.12
7.47.0-1ubuntu2.13
7.47.0-1ubuntu2.14
7.47.0-1ubuntu2.15

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "libcurl3"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "libcurl3-dbg"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "libcurl3-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "libcurl4-gnutls-dev-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "libcurl4-nss-dev-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "libcurl4-openssl-dev"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.16",
            "binary_name": "libcurl4-openssl-dev-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.58.0-2ubuntu3.10

Affected versions

7.*

7.55.1-1ubuntu2
7.55.1-1ubuntu2.1
7.57.0-1ubuntu1
7.58.0-2ubuntu1
7.58.0-2ubuntu2
7.58.0-2ubuntu3
7.58.0-2ubuntu3.1
7.58.0-2ubuntu3.2
7.58.0-2ubuntu3.3
7.58.0-2ubuntu3.5
7.58.0-2ubuntu3.6
7.58.0-2ubuntu3.7
7.58.0-2ubuntu3.8
7.58.0-2ubuntu3.9

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "7.58.0-2ubuntu3.10",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.10",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.10",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.10",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.10",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.10",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.10",
            "binary_name": "libcurl4"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.10",
            "binary_name": "libcurl4-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.10",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.10",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.10",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.10",
            "binary_name": "libcurl4-openssl-dev"
        }
    ]
}

Ubuntu:20.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.68.0-1ubuntu2.2

Affected versions

7.*

7.65.3-1ubuntu3
7.65.3-1ubuntu4
7.66.0-1ubuntu1
7.67.0-2ubuntu1
7.68.0-1ubuntu1
7.68.0-1ubuntu2
7.68.0-1ubuntu2.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "7.68.0-1ubuntu2.2",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.2",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.2",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.2",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.2",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.2",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.2",
            "binary_name": "libcurl4"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.2",
            "binary_name": "libcurl4-dbgsym"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.2",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.2",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.2",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.68.0-1ubuntu2.2",
            "binary_name": "libcurl4-openssl-dev"
        }
    ]
}