USN-5499-1: curl vulnerabilities

🗓️ 01 Jul 2022 02:04:04Reported by UbuntuType

ubuntu🔗 ubuntu.com👁 104 Views

Florian Kohnhuser and Harry Sintonen discovered vulnerabilities in curl, affecting Ubuntu 16.04, 14.04 ES

Reporter	Title	Published	Views	Family All 301
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC	23 Sep 202222:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-32206, CVE-2022-32208)	7 Oct 202218:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a man-in-the-middle attack in cURL libcurl (CVE-2022-32208)	31 Mar 202316:58	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java, OpenSSL, and libcurl may affect IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V	4 Apr 202418:41	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Linux Kernel, Golang Go, and cURL libcurl may affect IBM Spectrum Protect Plus	13 Dec 202219:27	–	ibm
IBM Security Bulletins	Security Bulletin: Execution Engine for Apache Hadoop is vulnerable to heap-based buffer overflow and remote attacker to bypass security restrictions	20 Feb 202503:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module uses libcurl with multiple known vulnerabilities (CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208)	6 Oct 202204:10	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.	15 Dec 202209:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module use libcurl with multiple known vulnerabilities	6 Oct 202204:10	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	14.04	any	curl	7.35.0-1ubuntu2.20+esm11	curl_7.35.0-1ubuntu2.20+esm11_any.deb
Ubuntu	16.04	any	curl	7.47.0-1ubuntu2.19+esm4	curl_7.47.0-1ubuntu2.19+esm4_any.deb
Ubuntu	14.04	any	libcurl3	7.35.0-1ubuntu2.20+esm11	libcurl3_7.35.0-1ubuntu2.20+esm11_any.deb
Ubuntu	16.04	any	libcurl3	7.47.0-1ubuntu2.19+esm4	libcurl3_7.47.0-1ubuntu2.19+esm4_any.deb
Ubuntu	14.04	any	libcurl3-gnutls	7.35.0-1ubuntu2.20+esm11	libcurl3-gnutls_7.35.0-1ubuntu2.20+esm11_any.deb
Ubuntu	16.04	any	libcurl3-gnutls	7.47.0-1ubuntu2.19+esm4	libcurl3-gnutls_7.47.0-1ubuntu2.19+esm4_any.deb
Ubuntu	14.04	any	libcurl3-nss	7.35.0-1ubuntu2.20+esm11	libcurl3-nss_7.35.0-1ubuntu2.20+esm11_any.deb
Ubuntu	16.04	any	libcurl3-nss	7.47.0-1ubuntu2.19+esm4	libcurl3-nss_7.47.0-1ubuntu2.19+esm4_any.deb
Ubuntu	14.04	any	libcurl4-doc	7.35.0-1ubuntu2.20+esm11	libcurl4-doc_7.35.0-1ubuntu2.20+esm11_any.deb
Ubuntu	16.04	any	libcurl4-doc	7.47.0-1ubuntu2.19+esm4	libcurl4-doc_7.47.0-1ubuntu2.19+esm4_any.deb

01 Jul 2022 02:04Current

6.9Medium risk

Vulners AI Score6.9

CVSS 25

CVSS 3.17.5

EPSS0.05595

SSVC