Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : curl vulnerabilities (USN-3882-1)
High Nessus Plugin ID 121639
Synopsis
The remote Ubuntu host is missing one or more security-related
patches.
Description
Wenxiang Qian discovered that curl incorrectly handled certain NTLM
authentication messages. A remote attacker could possibly use this
issue to cause curl to crash, resulting in a denial of service. This
issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu
18.10. (CVE-2018-16890)
Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2
authentication messages. A remote attacker could use this issue to
cause curl to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822)
Brian Carpenter discovered that curl incorrectly handled certain SMTP
responses. A remote attacker could possibly use this issue to cause
curl to crash, resulting in a denial of service. (CVE-2019-3823).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Solution
Update the affected packages.