USN-726-2: curl regression
Ubuntu Security Notice USN-726-2
4th March, 2009
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.10
USN-726-1 fixed a vulnerability in curl. Due to an incomplete fix, a regression
was introduced in Ubuntu 8.10 that caused certain types of URLs to fail. This
update fixes the problem. We apologize for the inconvenience.
Original advisory details:
It was discovered that curl did not enforce any restrictions when following
URL redirects. If a user or automated system were tricked into opening a URL to
an untrusted server, an attacker could use redirects to gain access to abitrary
files. This update changes curl behavior to prevent following "file" URLs after
The problem can be corrected by updating your system to the following package version:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the