What is the vulnerability ID for this advisory?

The vulnerability ID for this advisory is USN-3648-1.

What software is affected by this vulnerability?

The software affected by this vulnerability is curl, libcurl3-gnutls, libcurl3-nss, and libcurl4.

What version of Ubuntu is affected?

Ubuntu 18.04, Ubuntu 17.10, Ubuntu 16.04, and Ubuntu 14.04 are affected.

What is the severity of this vulnerability?

The severity of this vulnerability is not mentioned in the advisory.

How do I fix this vulnerability?

To fix this vulnerability, update the software to the specified versions mentioned in the advisory.

Vulnerability/
USN-3648-1

16/5/2018

USN-3648-1: curl vulnerabilities

First published: Wed May 16 2018(Updated: )

Dario Weisser discovered that curl incorrectly handled long FTP server command replies. If a user or automated system were tricked into connecting to a malicious FTP server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-1000300) Max Dymond discovered that curl incorrectly handled certain RTSP responses. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2018-1000301)

Affected Software	Affected Version	How to fix
All of
ubuntu/curl	<7.58.0-2ubuntu3.1	7.58.0-2ubuntu3.1
	=18.04
All of
ubuntu/libcurl3-gnutls	<7.58.0-2ubuntu3.1	7.58.0-2ubuntu3.1
	=18.04
All of
ubuntu/libcurl3-nss	<7.58.0-2ubuntu3.1	7.58.0-2ubuntu3.1
	=18.04
All of
ubuntu/libcurl4	<7.58.0-2ubuntu3.1	7.58.0-2ubuntu3.1
	=18.04
All of
ubuntu/curl	<7.55.1-1ubuntu2.5	7.55.1-1ubuntu2.5
	=17.10
All of
ubuntu/libcurl3	<7.55.1-1ubuntu2.5	7.55.1-1ubuntu2.5
	=17.10
All of
ubuntu/libcurl3-gnutls	<7.55.1-1ubuntu2.5	7.55.1-1ubuntu2.5
	=17.10
All of
ubuntu/libcurl3-nss	<7.55.1-1ubuntu2.5	7.55.1-1ubuntu2.5
	=17.10
All of
ubuntu/curl	<7.47.0-1ubuntu2.8	7.47.0-1ubuntu2.8
	=16.04
All of
ubuntu/libcurl3	<7.47.0-1ubuntu2.8	7.47.0-1ubuntu2.8
	=16.04
All of
ubuntu/libcurl3-gnutls	<7.47.0-1ubuntu2.8	7.47.0-1ubuntu2.8
	=16.04
All of
ubuntu/libcurl3-nss	<7.47.0-1ubuntu2.8	7.47.0-1ubuntu2.8
	=16.04
All of
ubuntu/curl	<7.35.0-1ubuntu2.16	7.35.0-1ubuntu2.16
	=14.04
All of
ubuntu/libcurl3	<7.35.0-1ubuntu2.16	7.35.0-1ubuntu2.16
	=14.04
All of
ubuntu/libcurl3-gnutls	<7.35.0-1ubuntu2.16	7.35.0-1ubuntu2.16
	=14.04
All of
ubuntu/libcurl3-nss	<7.35.0-1ubuntu2.16	7.35.0-1ubuntu2.16
	=14.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-3648-1.
What software is affected by this vulnerability?
The software affected by this vulnerability is curl, libcurl3-gnutls, libcurl3-nss, and libcurl4.
What version of Ubuntu is affected?
Ubuntu 18.04, Ubuntu 17.10, Ubuntu 16.04, and Ubuntu 14.04 are affected.
What is the severity of this vulnerability?
The severity of this vulnerability is not mentioned in the advisory.
How do I fix this vulnerability?
To fix this vulnerability, update the software to the specified versions mentioned in the advisory.

agent/severity
agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/title
agent/description
agent/event
agent/tags
collector/usn
source/Ubuntu
anchor-related/USN-3598-2
agent/software-canonical-lookup
agent/trending
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/18.04
version/ubuntu ubuntu/17.10
version/ubuntu ubuntu/16.04
version/ubuntu ubuntu/14.04