USN-6944-2
- Source
- https://ubuntu.com/security/notices/USN-6944-2
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6944-2.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-6944-2
- Related
- Published
- 2024-08-20T18:15:39.870484Z
- Modified
- 2024-08-20T18:15:39.870484Z
- Summary
- curl vulnerability
- Details
-
USN-6944-1 fixed CVE-2024-7264 for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.
Original advisory details:
Dov Murik discovered that curl incorrectly handled parsing ASN.1 Generalized Time fields. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive memory contents.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.35.0-1ubuntu2.20+esm18?arch=source&distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.35.0-1ubuntu2.20+esm18
Affected versions
7.*
7.32.0-1ubuntu1
7.33.0-1ubuntu1
7.34.0-1ubuntu1
7.35.0-1ubuntu1
7.35.0-1ubuntu2
7.35.0-1ubuntu2.1
7.35.0-1ubuntu2.2
7.35.0-1ubuntu2.3
7.35.0-1ubuntu2.5
7.35.0-1ubuntu2.6
7.35.0-1ubuntu2.7
7.35.0-1ubuntu2.8
7.35.0-1ubuntu2.9
7.35.0-1ubuntu2.10
7.35.0-1ubuntu2.11
7.35.0-1ubuntu2.12
7.35.0-1ubuntu2.13
7.35.0-1ubuntu2.14
7.35.0-1ubuntu2.15
7.35.0-1ubuntu2.16
7.35.0-1ubuntu2.17
7.35.0-1ubuntu2.19
7.35.0-1ubuntu2.20
7.35.0-1ubuntu2.20+esm3
7.35.0-1ubuntu2.20+esm4
7.35.0-1ubuntu2.20+esm5
7.35.0-1ubuntu2.20+esm6
7.35.0-1ubuntu2.20+esm7
7.35.0-1ubuntu2.20+esm8
7.35.0-1ubuntu2.20+esm9
7.35.0-1ubuntu2.20+esm10
7.35.0-1ubuntu2.20+esm11
7.35.0-1ubuntu2.20+esm12
7.35.0-1ubuntu2.20+esm13
7.35.0-1ubuntu2.20+esm14
7.35.0-1ubuntu2.20+esm15
7.35.0-1ubuntu2.20+esm16
7.35.0-1ubuntu2.20+esm17
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "curl",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "curl-dbgsym",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "curl-udeb",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "curl-udeb-dbgsym",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl3",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl3-dbg",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl3-dbgsym",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl3-gnutls",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl3-gnutls-dbgsym",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl3-nss",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl3-nss-dbgsym",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl3-udeb",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl3-udeb-dbgsym",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl4-doc",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl4-gnutls-dev",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl4-gnutls-dev-dbgsym",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl4-nss-dev",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl4-nss-dev-dbgsym",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl4-openssl-dev",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
},
{
"binary_name": "libcurl4-openssl-dev-dbgsym",
"binary_version": "7.35.0-1ubuntu2.20+esm18"
}
]
}
Ubuntu:Pro:16.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.47.0-1ubuntu2.19+esm13?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.47.0-1ubuntu2.19+esm13
Affected versions
7.*
7.43.0-1ubuntu2
7.45.0-1ubuntu1
7.46.0-1ubuntu1
7.47.0-1ubuntu1
7.47.0-1ubuntu2
7.47.0-1ubuntu2.1
7.47.0-1ubuntu2.2
7.47.0-1ubuntu2.3
7.47.0-1ubuntu2.4
7.47.0-1ubuntu2.5
7.47.0-1ubuntu2.6
7.47.0-1ubuntu2.7
7.47.0-1ubuntu2.8
7.47.0-1ubuntu2.9
7.47.0-1ubuntu2.11
7.47.0-1ubuntu2.12
7.47.0-1ubuntu2.13
7.47.0-1ubuntu2.14
7.47.0-1ubuntu2.15
7.47.0-1ubuntu2.16
7.47.0-1ubuntu2.18
7.47.0-1ubuntu2.19
7.47.0-1ubuntu2.19+esm1
7.47.0-1ubuntu2.19+esm2
7.47.0-1ubuntu2.19+esm3
7.47.0-1ubuntu2.19+esm4
7.47.0-1ubuntu2.19+esm5
7.47.0-1ubuntu2.19+esm6
7.47.0-1ubuntu2.19+esm7
7.47.0-1ubuntu2.19+esm8
7.47.0-1ubuntu2.19+esm9
7.47.0-1ubuntu2.19+esm10
7.47.0-1ubuntu2.19+esm11
7.47.0-1ubuntu2.19+esm12
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "curl",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "curl-dbgsym",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "libcurl3",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "libcurl3-dbg",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "libcurl3-dbgsym",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "libcurl3-gnutls",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "libcurl3-gnutls-dbgsym",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "libcurl3-nss",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "libcurl3-nss-dbgsym",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "libcurl4-doc",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "libcurl4-gnutls-dev",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "libcurl4-gnutls-dev-dbgsym",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "libcurl4-nss-dev",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "libcurl4-nss-dev-dbgsym",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "libcurl4-openssl-dev",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
},
{
"binary_name": "libcurl4-openssl-dev-dbgsym",
"binary_version": "7.47.0-1ubuntu2.19+esm13"
}
]
}
Ubuntu:Pro:18.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl@7.58.0-2ubuntu3.24+esm5?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.58.0-2ubuntu3.24+esm5
Affected versions
7.*
7.55.1-1ubuntu2
7.55.1-1ubuntu2.1
7.57.0-1ubuntu1
7.58.0-2ubuntu1
7.58.0-2ubuntu2
7.58.0-2ubuntu3
7.58.0-2ubuntu3.1
7.58.0-2ubuntu3.2
7.58.0-2ubuntu3.3
7.58.0-2ubuntu3.5
7.58.0-2ubuntu3.6
7.58.0-2ubuntu3.7
7.58.0-2ubuntu3.8
7.58.0-2ubuntu3.9
7.58.0-2ubuntu3.10
7.58.0-2ubuntu3.12
7.58.0-2ubuntu3.13
7.58.0-2ubuntu3.14
7.58.0-2ubuntu3.15
7.58.0-2ubuntu3.16
7.58.0-2ubuntu3.17
7.58.0-2ubuntu3.18
7.58.0-2ubuntu3.19
7.58.0-2ubuntu3.20
7.58.0-2ubuntu3.21
7.58.0-2ubuntu3.22
7.58.0-2ubuntu3.23
7.58.0-2ubuntu3.24
7.58.0-2ubuntu3.24+esm1
7.58.0-2ubuntu3.24+esm2
7.58.0-2ubuntu3.24+esm3
7.58.0-2ubuntu3.24+esm4
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "curl",
"binary_version": "7.58.0-2ubuntu3.24+esm5"
},
{
"binary_name": "curl-dbgsym",
"binary_version": "7.58.0-2ubuntu3.24+esm5"
},
{
"binary_name": "libcurl3-gnutls",
"binary_version": "7.58.0-2ubuntu3.24+esm5"
},
{
"binary_name": "libcurl3-gnutls-dbgsym",
"binary_version": "7.58.0-2ubuntu3.24+esm5"
},
{
"binary_name": "libcurl3-nss",
"binary_version": "7.58.0-2ubuntu3.24+esm5"
},
{
"binary_name": "libcurl3-nss-dbgsym",
"binary_version": "7.58.0-2ubuntu3.24+esm5"
},
{
"binary_name": "libcurl4",
"binary_version": "7.58.0-2ubuntu3.24+esm5"
},
{
"binary_name": "libcurl4-dbgsym",
"binary_version": "7.58.0-2ubuntu3.24+esm5"
},
{
"binary_name": "libcurl4-doc",
"binary_version": "7.58.0-2ubuntu3.24+esm5"
},
{
"binary_name": "libcurl4-gnutls-dev",
"binary_version": "7.58.0-2ubuntu3.24+esm5"
},
{
"binary_name": "libcurl4-nss-dev",
"binary_version": "7.58.0-2ubuntu3.24+esm5"
},
{
"binary_name": "libcurl4-openssl-dev",
"binary_version": "7.58.0-2ubuntu3.24+esm5"
}
]
}