USN-5702-2

See a problem?

Source

https://ubuntu.com/security/notices/USN-5702-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5702-2.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5702-2

Related

CVE-2022-32221
UBUNTU-CVE-2022-32221

Published

2022-10-26T19:33:46.157008Z

Modified

2022-10-26T19:33:46.157008Z

Summary

curl vulnerability

Details

USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. (CVE-2022-32221)

References

Affected packages

Ubuntu:Pro:14.04:LTS / curl

Package

Name: curl
Purl: pkg:deb/ubuntu/curl@7.35.0-1ubuntu2.20+esm13?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.35.0-1ubuntu2.20+esm13

Affected versions

7.*

7.32.0-1ubuntu1

7.33.0-1ubuntu1

7.34.0-1ubuntu1

7.35.0-1ubuntu1

7.35.0-1ubuntu2

7.35.0-1ubuntu2.1

7.35.0-1ubuntu2.2

7.35.0-1ubuntu2.3

7.35.0-1ubuntu2.5

7.35.0-1ubuntu2.6

7.35.0-1ubuntu2.7

7.35.0-1ubuntu2.8

7.35.0-1ubuntu2.9

7.35.0-1ubuntu2.10

7.35.0-1ubuntu2.11

7.35.0-1ubuntu2.12

7.35.0-1ubuntu2.13

7.35.0-1ubuntu2.14

7.35.0-1ubuntu2.15

7.35.0-1ubuntu2.16

7.35.0-1ubuntu2.17

7.35.0-1ubuntu2.19

7.35.0-1ubuntu2.20

7.35.0-1ubuntu2.20+esm3

7.35.0-1ubuntu2.20+esm4

7.35.0-1ubuntu2.20+esm5

7.35.0-1ubuntu2.20+esm6

7.35.0-1ubuntu2.20+esm7

7.35.0-1ubuntu2.20+esm8

7.35.0-1ubuntu2.20+esm9

7.35.0-1ubuntu2.20+esm10

7.35.0-1ubuntu2.20+esm11

7.35.0-1ubuntu2.20+esm12

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "curl-udeb": "7.35.0-1ubuntu2.20+esm13",
            "libcurl3": "7.35.0-1ubuntu2.20+esm13",
            "libcurl4-gnutls-dev": "7.35.0-1ubuntu2.20+esm13",
            "libcurl3-dbgsym": "7.35.0-1ubuntu2.20+esm13",
            "libcurl3-nss": "7.35.0-1ubuntu2.20+esm13",
            "libcurl4-doc": "7.35.0-1ubuntu2.20+esm13",
            "libcurl3-udeb-dbgsym": "7.35.0-1ubuntu2.20+esm13",
            "libcurl3-gnutls-dbgsym": "7.35.0-1ubuntu2.20+esm13",
            "libcurl4-openssl-dev": "7.35.0-1ubuntu2.20+esm13",
            "libcurl4-openssl-dev-dbgsym": "7.35.0-1ubuntu2.20+esm13",
            "curl-dbgsym": "7.35.0-1ubuntu2.20+esm13",
            "curl": "7.35.0-1ubuntu2.20+esm13",
            "libcurl3-udeb": "7.35.0-1ubuntu2.20+esm13",
            "curl-udeb-dbgsym": "7.35.0-1ubuntu2.20+esm13",
            "libcurl4-nss-dev-dbgsym": "7.35.0-1ubuntu2.20+esm13",
            "libcurl3-gnutls": "7.35.0-1ubuntu2.20+esm13",
            "libcurl4-gnutls-dev-dbgsym": "7.35.0-1ubuntu2.20+esm13",
            "libcurl3-nss-dbgsym": "7.35.0-1ubuntu2.20+esm13",
            "libcurl3-dbg": "7.35.0-1ubuntu2.20+esm13",
            "libcurl4-nss-dev": "7.35.0-1ubuntu2.20+esm13"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / curl

Package

Name: curl
Purl: pkg:deb/ubuntu/curl@7.47.0-1ubuntu2.19+esm6?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.47.0-1ubuntu2.19+esm6

Affected versions

7.*

7.43.0-1ubuntu2

7.45.0-1ubuntu1

7.46.0-1ubuntu1

7.47.0-1ubuntu1

7.47.0-1ubuntu2

7.47.0-1ubuntu2.1

7.47.0-1ubuntu2.2

7.47.0-1ubuntu2.3

7.47.0-1ubuntu2.4

7.47.0-1ubuntu2.5

7.47.0-1ubuntu2.6

7.47.0-1ubuntu2.7

7.47.0-1ubuntu2.8

7.47.0-1ubuntu2.9

7.47.0-1ubuntu2.11

7.47.0-1ubuntu2.12

7.47.0-1ubuntu2.13

7.47.0-1ubuntu2.14

7.47.0-1ubuntu2.15

7.47.0-1ubuntu2.16

7.47.0-1ubuntu2.18

7.47.0-1ubuntu2.19

7.47.0-1ubuntu2.19+esm1

7.47.0-1ubuntu2.19+esm2

7.47.0-1ubuntu2.19+esm3

7.47.0-1ubuntu2.19+esm4

7.47.0-1ubuntu2.19+esm5

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "libcurl3": "7.47.0-1ubuntu2.19+esm6",
            "libcurl4-gnutls-dev": "7.47.0-1ubuntu2.19+esm6",
            "libcurl3-dbgsym": "7.47.0-1ubuntu2.19+esm6",
            "libcurl3-nss": "7.47.0-1ubuntu2.19+esm6",
            "libcurl4-doc": "7.47.0-1ubuntu2.19+esm6",
            "libcurl3-gnutls-dbgsym": "7.47.0-1ubuntu2.19+esm6",
            "libcurl4-openssl-dev": "7.47.0-1ubuntu2.19+esm6",
            "libcurl4-openssl-dev-dbgsym": "7.47.0-1ubuntu2.19+esm6",
            "curl-dbgsym": "7.47.0-1ubuntu2.19+esm6",
            "curl": "7.47.0-1ubuntu2.19+esm6",
            "libcurl4-nss-dev-dbgsym": "7.47.0-1ubuntu2.19+esm6",
            "libcurl3-gnutls": "7.47.0-1ubuntu2.19+esm6",
            "libcurl4-gnutls-dev-dbgsym": "7.47.0-1ubuntu2.19+esm6",
            "libcurl3-nss-dbgsym": "7.47.0-1ubuntu2.19+esm6",
            "libcurl3-dbg": "7.47.0-1ubuntu2.19+esm6",
            "libcurl4-nss-dev": "7.47.0-1ubuntu2.19+esm6"
        }
    ]
}