USN-7104-1
- Source
- https://ubuntu.com/security/notices/USN-7104-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7104-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-7104-1
- Related
- Published
- 2024-11-18T15:10:29.395335Z
- Modified
- 2024-11-18T15:10:29.395335Z
- Summary
- curl vulnerability
- Details
-
It was discovered that curl could overwrite the HSTS expiry of the parent domain with the subdomain's HSTS entry. This could lead to curl switching back to insecure HTTP earlier than otherwise intended, resulting in information exposure.
- References
Affected packages
Ubuntu:22.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.81.0-1ubuntu1.19
Affected versions
7.*
7.74.0-1.3ubuntu2
7.74.0-1.3ubuntu3
7.80.0-3
7.81.0-1
7.81.0-1ubuntu1.1
7.81.0-1ubuntu1.2
7.81.0-1ubuntu1.3
7.81.0-1ubuntu1.4
7.81.0-1ubuntu1.6
7.81.0-1ubuntu1.7
7.81.0-1ubuntu1.8
7.81.0-1ubuntu1.10
7.81.0-1ubuntu1.11
7.81.0-1ubuntu1.13
7.81.0-1ubuntu1.14
7.81.0-1ubuntu1.15
7.81.0-1ubuntu1.16
7.81.0-1ubuntu1.17
7.81.0-1ubuntu1.18
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "7.81.0-1ubuntu1.19",
"binary_name": "curl"
},
{
"binary_version": "7.81.0-1ubuntu1.19",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.81.0-1ubuntu1.19",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.81.0-1ubuntu1.19",
"binary_name": "libcurl4"
},
{
"binary_version": "7.81.0-1ubuntu1.19",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "7.81.0-1ubuntu1.19",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "7.81.0-1ubuntu1.19",
"binary_name": "libcurl4-nss-dev"
},
{
"binary_version": "7.81.0-1ubuntu1.19",
"binary_name": "libcurl4-openssl-dev"
}
]
}
Ubuntu:24.10 / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=src?distro=oracular
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.9.1-2ubuntu2.1
Affected versions
8.*
8.5.0-2ubuntu10
8.5.0-2ubuntu10.1
8.8.0-1ubuntu1
8.8.0-3ubuntu3
8.9.1-2ubuntu1
8.9.1-2ubuntu2
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8.9.1-2ubuntu2.1",
"binary_name": "curl"
},
{
"binary_version": "8.9.1-2ubuntu2.1",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.9.1-2ubuntu2.1",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "8.9.1-2ubuntu2.1",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "8.9.1-2ubuntu2.1",
"binary_name": "libcurl4-openssl-dev"
},
{
"binary_version": "8.9.1-2ubuntu2.1",
"binary_name": "libcurl4t64"
}
]
}
Ubuntu:24.04:LTS / curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=src?distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.5.0-2ubuntu10.5
Affected versions
8.*
8.2.1-1ubuntu3
8.2.1-1ubuntu3.1
8.4.0-2ubuntu1
8.5.0-2ubuntu1
8.5.0-2ubuntu2
8.5.0-2ubuntu8
8.5.0-2ubuntu9
8.5.0-2ubuntu10
8.5.0-2ubuntu10.1
8.5.0-2ubuntu10.2
8.5.0-2ubuntu10.3
8.5.0-2ubuntu10.4
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8.5.0-2ubuntu10.5",
"binary_name": "curl"
},
{
"binary_version": "8.5.0-2ubuntu10.5",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.5.0-2ubuntu10.5",
"binary_name": "libcurl4-doc"
},
{
"binary_version": "8.5.0-2ubuntu10.5",
"binary_name": "libcurl4-gnutls-dev"
},
{
"binary_version": "8.5.0-2ubuntu10.5",
"binary_name": "libcurl4-openssl-dev"
},
{
"binary_version": "8.5.0-2ubuntu10.5",
"binary_name": "libcurl4t64"
}
]
}