First published: Wed Feb 06 2019(Updated: )
Wenxiang Qian discovered that curl incorrectly handled certain NTLM authentication messages. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890) Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822) Brian Carpenter discovered that curl incorrectly handled certain SMTP responses. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2019-3823)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/curl | <7.61.0-1ubuntu2.3 | 7.61.0-1ubuntu2.3 |
=18.10 | ||
All of | ||
ubuntu/libcurl3-gnutls | <7.61.0-1ubuntu2.3 | 7.61.0-1ubuntu2.3 |
=18.10 | ||
All of | ||
ubuntu/libcurl3-nss | <7.61.0-1ubuntu2.3 | 7.61.0-1ubuntu2.3 |
=18.10 | ||
All of | ||
ubuntu/libcurl4 | <7.61.0-1ubuntu2.3 | 7.61.0-1ubuntu2.3 |
=18.10 | ||
All of | ||
ubuntu/curl | <7.58.0-2ubuntu3.6 | 7.58.0-2ubuntu3.6 |
=18.04 | ||
All of | ||
ubuntu/libcurl3-gnutls | <7.58.0-2ubuntu3.6 | 7.58.0-2ubuntu3.6 |
=18.04 | ||
All of | ||
ubuntu/libcurl3-nss | <7.58.0-2ubuntu3.6 | 7.58.0-2ubuntu3.6 |
=18.04 | ||
All of | ||
ubuntu/libcurl4 | <7.58.0-2ubuntu3.6 | 7.58.0-2ubuntu3.6 |
=18.04 | ||
All of | ||
ubuntu/curl | <7.47.0-1ubuntu2.12 | 7.47.0-1ubuntu2.12 |
=16.04 | ||
All of | ||
ubuntu/libcurl3 | <7.47.0-1ubuntu2.12 | 7.47.0-1ubuntu2.12 |
=16.04 | ||
All of | ||
ubuntu/libcurl3-gnutls | <7.47.0-1ubuntu2.12 | 7.47.0-1ubuntu2.12 |
=16.04 | ||
All of | ||
ubuntu/libcurl3-nss | <7.47.0-1ubuntu2.12 | 7.47.0-1ubuntu2.12 |
=16.04 | ||
All of | ||
ubuntu/curl | <7.35.0-1ubuntu2.20 | 7.35.0-1ubuntu2.20 |
=14.04 | ||
All of | ||
ubuntu/libcurl3 | <7.35.0-1ubuntu2.20 | 7.35.0-1ubuntu2.20 |
=14.04 | ||
All of | ||
ubuntu/libcurl3-gnutls | <7.35.0-1ubuntu2.20 | 7.35.0-1ubuntu2.20 |
=14.04 | ||
All of | ||
ubuntu/libcurl3-nss | <7.35.0-1ubuntu2.20 | 7.35.0-1ubuntu2.20 |
=14.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of CVE-2018-16890 is moderate.
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 are affected.
A remote attacker could possibly cause curl to crash, resulting in a denial of service.
To fix the curl vulnerability in Ubuntu 18.10, update the curl package to version 7.61.0-1ubuntu2.3 or later.
You can find more information about CVE-2018-16890 on the Ubuntu Security website.