Wednesday, April 7, 2021

Ubuntu: USN-4898-1 (CVE-2021-22876): curl vulnerabilities

Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.From USN-4898-1:Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2021-22876)Mingtao Yang discovered that curl incorrectly handled session tickets when using an HTTPS proxy. A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-22890)
Solution(s)
  • ubuntu-upgrade-curl
  • ubuntu-upgrade-libcurl3
  • ubuntu-upgrade-libcurl3-gnutls
  • ubuntu-upgrade-libcurl3-nss
  • ubuntu-upgrade-libcurl4


  • References
  • USN-4898-1
  • CVE-2021-22876




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated