Low
Canonical Ubuntu
Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTP(S) server might return a 400 (Bad Request Error) response. A malicious cookie host could possibly use this to cause denial-of-service. Update Instructions: Run sudo ua fix USN-5587-1
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcurl4-gnutls-dev โ 7.47.0-1ubuntu2.19+esm5 libcurl4-openssl-dev โ 7.47.0-1ubuntu2.19+esm5 libcurl3-gnutls โ 7.47.0-1ubuntu2.19+esm5 libcurl4-doc โ 7.47.0-1ubuntu2.19+esm5 libcurl3-nss โ 7.47.0-1ubuntu2.19+esm5 libcurl4-nss-dev โ 7.47.0-1ubuntu2.19+esm5 libcurl3 โ 7.47.0-1ubuntu2.19+esm5 curl โ 7.47.0-1ubuntu2.19+esm5 Available with UA Infra or UA Desktop: https://ubuntu.com/advantage
CVEs contained in this USN include: CVE-2022-35252.
Severity is low unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
2022-09-29: Initial vulnerability report published.
CPE | Name | Operator | Version |
---|---|---|---|
bionic stemcells | lt | 1.107 | |
cflinuxfs3 | lt | 0.320.0 | |
cf deployment | lt | 21.9.0 |