News

=========================================================== Ubuntu Security Notice USN-205-1 October 14, 2005 curl, wget vulnerabilities CAN-2005-3185 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libcurl2 libcurl3 wget The problem can be corrected by upgrading the affected package to the following versions: Ubuntu 4.10: libcurl2 7.12.0.is.7.11.2-1ubuntu0.2 Ubuntu 5.04: libcurl2 1:7.11.2-12ubuntu3.2 libcurl3 7.12.3-2ubuntu3.2 Ubuntu 5.10: libcurl3 7.14.0-2ubuntu1.1 wget 1.10-2ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. However, if you have the Apache web server installed, you need to restart it with sudo /etc/init.d/apache2 restart to make sure that Apache uses the updated Curl library. Details follow: A buffer overflow has been found in the NTLM authentication handler of the Curl library and wget. By tricking an user or automatic system that uses the Curl library, the curl application, or wget into visiting a specially-crafted web site, a remote attacker could exploit this to execute arbitrary code with the privileges of the calling user. The Ubuntu 4.10 and 5.04 versions of wget are not affected by this.