USN-3805-2: curl vulnerability
01 November 2018
Several security issues were fixed in curl.
- curl - HTTP, HTTPS, and FTP client and client libraries
USN-3805-1 fixed a vulnerability in curl. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Brian Carpenter discovered that the curl command-line tool incorrectly
handled error messages. A remote attacker could possibly use this issue to
obtain sensitive information. (CVE-2018-16842)
The problem can be corrected by updating your system to the following package versions:
- curl - 7.22.0-3ubuntu4.24
- libcurl3 - 7.22.0-3ubuntu4.24
- libcurl3-gnutls - 7.22.0-3ubuntu4.24
- libcurl3-nss - 7.22.0-3ubuntu4.24
In general, a standard system update will make all the necessary changes.