Wednesday, September 22, 2021

Ubuntu: USN-5079-2 (CVE-2021-22947): curl vulnerabilities

Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.From USN-5079-2:USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.Original advisory details:Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. (CVE-2021-22946)Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947)
Solution(s)
  • ubuntu-upgrade-
  • ubuntu-upgrade-7-35-0-1ubuntu2-20-esm8
  • ubuntu-upgrade-7-47-0-1ubuntu2-19-esm1
  • ubuntu-upgrade-available
  • ubuntu-upgrade-curl
  • ubuntu-upgrade-desktop
  • ubuntu-upgrade-infra
  • ubuntu-upgrade-libcurl3-gnutls
  • ubuntu-upgrade-or
  • ubuntu-upgrade-ua
  • ubuntu-upgrade-with


  • References
  • USN-5079-1
  • USN-5079-2
  • CVE-2021-22947




  •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore