USN-6944-2

Source
https://ubuntu.com/security/notices/USN-6944-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6944-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-6944-2
Related
Published
2024-08-20T18:15:39.870484Z
Modified
2024-08-20T18:15:39.870484Z
Summary
curl vulnerability
Details

USN-6944-1 fixed CVE-2024-7264 for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.

Original advisory details:

Dov Murik discovered that curl incorrectly handled parsing ASN.1 Generalized Time fields. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents.

References

Affected packages

Ubuntu:Pro:14.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.35.0-1ubuntu2.20+esm18

Affected versions

7.*

7.32.0-1ubuntu1
7.33.0-1ubuntu1
7.34.0-1ubuntu1
7.35.0-1ubuntu1
7.35.0-1ubuntu2
7.35.0-1ubuntu2.1
7.35.0-1ubuntu2.2
7.35.0-1ubuntu2.3
7.35.0-1ubuntu2.5
7.35.0-1ubuntu2.6
7.35.0-1ubuntu2.7
7.35.0-1ubuntu2.8
7.35.0-1ubuntu2.9
7.35.0-1ubuntu2.10
7.35.0-1ubuntu2.11
7.35.0-1ubuntu2.12
7.35.0-1ubuntu2.13
7.35.0-1ubuntu2.14
7.35.0-1ubuntu2.15
7.35.0-1ubuntu2.16
7.35.0-1ubuntu2.17
7.35.0-1ubuntu2.19
7.35.0-1ubuntu2.20
7.35.0-1ubuntu2.20+esm3
7.35.0-1ubuntu2.20+esm4
7.35.0-1ubuntu2.20+esm5
7.35.0-1ubuntu2.20+esm6
7.35.0-1ubuntu2.20+esm7
7.35.0-1ubuntu2.20+esm8
7.35.0-1ubuntu2.20+esm9
7.35.0-1ubuntu2.20+esm10
7.35.0-1ubuntu2.20+esm11
7.35.0-1ubuntu2.20+esm12
7.35.0-1ubuntu2.20+esm13
7.35.0-1ubuntu2.20+esm14
7.35.0-1ubuntu2.20+esm15
7.35.0-1ubuntu2.20+esm16
7.35.0-1ubuntu2.20+esm17

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "curl-udeb"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "curl-udeb-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl3"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl3-dbg"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl3-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl3-udeb"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl3-udeb-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl4-gnutls-dev-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl4-nss-dev-dbgsym"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl4-openssl-dev"
        },
        {
            "binary_version": "7.35.0-1ubuntu2.20+esm18",
            "binary_name": "libcurl4-openssl-dev-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.47.0-1ubuntu2.19+esm13

Affected versions

7.*

7.43.0-1ubuntu2
7.45.0-1ubuntu1
7.46.0-1ubuntu1
7.47.0-1ubuntu1
7.47.0-1ubuntu2
7.47.0-1ubuntu2.1
7.47.0-1ubuntu2.2
7.47.0-1ubuntu2.3
7.47.0-1ubuntu2.4
7.47.0-1ubuntu2.5
7.47.0-1ubuntu2.6
7.47.0-1ubuntu2.7
7.47.0-1ubuntu2.8
7.47.0-1ubuntu2.9
7.47.0-1ubuntu2.11
7.47.0-1ubuntu2.12
7.47.0-1ubuntu2.13
7.47.0-1ubuntu2.14
7.47.0-1ubuntu2.15
7.47.0-1ubuntu2.16
7.47.0-1ubuntu2.18
7.47.0-1ubuntu2.19
7.47.0-1ubuntu2.19+esm1
7.47.0-1ubuntu2.19+esm2
7.47.0-1ubuntu2.19+esm3
7.47.0-1ubuntu2.19+esm4
7.47.0-1ubuntu2.19+esm5
7.47.0-1ubuntu2.19+esm6
7.47.0-1ubuntu2.19+esm7
7.47.0-1ubuntu2.19+esm8
7.47.0-1ubuntu2.19+esm9
7.47.0-1ubuntu2.19+esm10
7.47.0-1ubuntu2.19+esm11
7.47.0-1ubuntu2.19+esm12

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "libcurl3"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "libcurl3-dbg"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "libcurl3-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "libcurl4-gnutls-dev-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "libcurl4-nss-dev-dbgsym"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "libcurl4-openssl-dev"
        },
        {
            "binary_version": "7.47.0-1ubuntu2.19+esm13",
            "binary_name": "libcurl4-openssl-dev-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / curl

Package

Name
curl
Purl
pkg:deb/ubuntu/curl?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.58.0-2ubuntu3.24+esm5

Affected versions

7.*

7.55.1-1ubuntu2
7.55.1-1ubuntu2.1
7.57.0-1ubuntu1
7.58.0-2ubuntu1
7.58.0-2ubuntu2
7.58.0-2ubuntu3
7.58.0-2ubuntu3.1
7.58.0-2ubuntu3.2
7.58.0-2ubuntu3.3
7.58.0-2ubuntu3.5
7.58.0-2ubuntu3.6
7.58.0-2ubuntu3.7
7.58.0-2ubuntu3.8
7.58.0-2ubuntu3.9
7.58.0-2ubuntu3.10
7.58.0-2ubuntu3.12
7.58.0-2ubuntu3.13
7.58.0-2ubuntu3.14
7.58.0-2ubuntu3.15
7.58.0-2ubuntu3.16
7.58.0-2ubuntu3.17
7.58.0-2ubuntu3.18
7.58.0-2ubuntu3.19
7.58.0-2ubuntu3.20
7.58.0-2ubuntu3.21
7.58.0-2ubuntu3.22
7.58.0-2ubuntu3.23
7.58.0-2ubuntu3.24
7.58.0-2ubuntu3.24+esm1
7.58.0-2ubuntu3.24+esm2
7.58.0-2ubuntu3.24+esm3
7.58.0-2ubuntu3.24+esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "7.58.0-2ubuntu3.24+esm5",
            "binary_name": "curl"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24+esm5",
            "binary_name": "curl-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24+esm5",
            "binary_name": "libcurl3-gnutls"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24+esm5",
            "binary_name": "libcurl3-gnutls-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24+esm5",
            "binary_name": "libcurl3-nss"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24+esm5",
            "binary_name": "libcurl3-nss-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24+esm5",
            "binary_name": "libcurl4"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24+esm5",
            "binary_name": "libcurl4-dbgsym"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24+esm5",
            "binary_name": "libcurl4-doc"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24+esm5",
            "binary_name": "libcurl4-gnutls-dev"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24+esm5",
            "binary_name": "libcurl4-nss-dev"
        },
        {
            "binary_version": "7.58.0-2ubuntu3.24+esm5",
            "binary_name": "libcurl4-openssl-dev"
        }
    ]
}