Ubuntu Security Notification for Curl Vulnerabilities (USN-3123-1)

It was discovered that curl incorrectly reused client certificates when built with NSS.

It was discovered that curl incorrectly handled escaping certain strings.

It was discovered that curl incorrectly handled storing cookies.

It was discovered that curl incorrect handled case when comparing user names and passwords.

It was discovered that curl incorrect handled memory when encoding to base64.

It was discovered that curl incorrect handled memory when preparing formatted output.

It was discovered that curl incorrect handled memory when performing Kerberos authentication.

It was discovered that curl incorrectly handled parsing globs.

It was discovered that curl incorrectly handled converting dates.

It was discovered that curl incorrectly handled URL percent-encoding decoding.

It was discovered that curl incorrectly handled shared cookies.

It was discovered that curl incorrect parsed certain URLs.

A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. (CVE-2016-7141)

A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7167)

A remote attacker could possibly use this issue to inject cookies for arbitrary domains in the cookie jar. (CVE-2016-8615)

A remote attacker with knowledge of a case-insensitive version of the correct password could possibly use this issue to cause a connection to be reused. (CVE-2016-8616)

A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8617)

A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8618)

A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8619)

A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8620)

A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2016-8621)

A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-8622)

A remote server could possibly obtain incorrect cookies or other sensitive information. (CVE-2016-8623)

A remote attacker could possibly use this issue to trick curl into connecting to a different host. (CVE-2016-8624)

Refer to Ubuntu advisory USN-3123-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3123-1: 16.10 (Yakkety) on src (libcurl3-nss)

USN-3123-1: 16.04 (Xenial) on src (libcurl3-nss)

USN-3123-1: 16.04 (Xenial) on src (libcurl3-gnutls)

USN-3123-1: 12.04 (Precise) on src (libcurl3-gnutls)

USN-3123-1: 12.04 (Precise) on src (libcurl3-nss)

USN-3123-1: 14.04 (Kylin) on src (libcurl3)

USN-3123-1: 16.10 (Yakkety) on src (libcurl3-gnutls)

USN-3123-1: 16.10 (Yakkety) on src (libcurl3)

USN-3123-1: 14.04 (Kylin) on src (libcurl3-nss)

USN-3123-1: 14.04 (Kylin) on src (libcurl3-gnutls)

USN-3123-1: 16.04 (Xenial) on src (libcurl3)

USN-3123-1: 12.04 (Precise) on src (libcurl3)