USN-5397-1

Source

https://ubuntu.com/security/notices/USN-5397-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-5397-1.json

Related

Published

2022-04-28T18:23:23.302369Z

Modified

2022-04-28T18:23:23.302369Z

Details

Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access sensitive information. (CVE-2022-22576)

Harry Sintonen discovered that curl incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-27774, CVE-2022-27775, CVE-2022-27776)

References

Affected packages

Ubuntu:22.04:LTS / curl

Package

Name: curl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

7.81.0-1ubuntu1.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "curl": "7.81.0-1ubuntu1.1",
            "libcurl4": "7.81.0-1ubuntu1.1",
            "libcurl4-gnutls-dev": "7.81.0-1ubuntu1.1",
            "libcurl3-gnutls": "7.81.0-1ubuntu1.1",
            "libcurl4-doc": "7.81.0-1ubuntu1.1",
            "libcurl3-nss": "7.81.0-1ubuntu1.1",
            "libcurl4-nss-dev": "7.81.0-1ubuntu1.1",
            "libcurl4-openssl-dev": "7.81.0-1ubuntu1.1"
        }
    ]
}

Ubuntu:20.04:LTS / curl

Package

Name: curl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

7.68.0-1ubuntu2.10

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "curl": "7.68.0-1ubuntu2.10",
            "libcurl4": "7.68.0-1ubuntu2.10",
            "libcurl4-gnutls-dev": "7.68.0-1ubuntu2.10",
            "libcurl3-gnutls": "7.68.0-1ubuntu2.10",
            "libcurl4-doc": "7.68.0-1ubuntu2.10",
            "libcurl3-nss": "7.68.0-1ubuntu2.10",
            "libcurl4-nss-dev": "7.68.0-1ubuntu2.10",
            "libcurl4-openssl-dev": "7.68.0-1ubuntu2.10"
        }
    ]
}

Ubuntu:18.04:LTS / curl

Package

Name: curl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

7.58.0-2ubuntu3.17

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "curl": "7.58.0-2ubuntu3.17",
            "libcurl4": "7.58.0-2ubuntu3.17",
            "libcurl4-gnutls-dev": "7.58.0-2ubuntu3.17",
            "libcurl3-gnutls": "7.58.0-2ubuntu3.17",
            "libcurl4-doc": "7.58.0-2ubuntu3.17",
            "libcurl3-nss": "7.58.0-2ubuntu3.17",
            "libcurl4-nss-dev": "7.58.0-2ubuntu3.17",
            "libcurl4-openssl-dev": "7.58.0-2ubuntu3.17"
        }
    ]
}