USN-3262-1: curl vulnerability
20 April 2017
Applications using curl could allow unintended access over the network.
Releases
Packages
- curl - HTTP, HTTPS, and FTP client and client libraries
Details
It was discovered that curl incorrectly handled client certificates when
resuming a TLS session. A remote attacker could use this to hijack a
previously authenticated connection.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04
-
libcurl3-nss
-
7.52.1-4ubuntu1.1
-
curl
-
7.52.1-4ubuntu1.1
-
libcurl3-gnutls
-
7.52.1-4ubuntu1.1
-
libcurl3
-
7.52.1-4ubuntu1.1
In general, a standard system update will make all the necessary changes.