{"id":"USN-5964-2","summary":"curl vulnerabilities","details":"USN-5964-1 fixed several vulnerabilities in curl. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.\n\nOriginal advisory details:\n\n Harry Sintonen discovered that curl incorrectly handled certain TELNET\n connection options. Due to lack of proper input scrubbing, curl could pass\n on user name and telnet options to the server as provided, contrary to\n expectations. (CVE-2023-27533)\n\n Harry Sintonen discovered that curl incorrectly reused certain FTP\n connections. This could lead to the wrong credentials being reused,\n contrary to expectations. (CVE-2023-27535)\n\n Harry Sintonen discovered that curl incorrectly reused connections when the\n GSS delegation option had been changed. This could lead to the option being\n reused, contrary to expectations. (CVE-2023-27536)\n","modified":"2026-02-17T21:46:08.109537Z","published":"2023-03-27T14:47:58Z","related":["UBUNTU-CVE-2023-27533","UBUNTU-CVE-2023-27535","UBUNTU-CVE-2023-27536"],"upstream":["CVE-2023-27533","CVE-2023-27535","CVE-2023-27536","UBUNTU-CVE-2023-27533","UBUNTU-CVE-2023-27535","UBUNTU-CVE-2023-27536"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5964-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-27533"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-27535"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-27536"}],"affected":[{"package":{"name":"curl","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/curl@7.35.0-1ubuntu2.20+esm15?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.35.0-1ubuntu2.20+esm15"}]}],"versions":["7.32.0-1ubuntu1","7.33.0-1ubuntu1","7.34.0-1ubuntu1","7.35.0-1ubuntu1","7.35.0-1ubuntu2","7.35.0-1ubuntu2.1","7.35.0-1ubuntu2.2","7.35.0-1ubuntu2.3","7.35.0-1ubuntu2.5","7.35.0-1ubuntu2.6","7.35.0-1ubuntu2.7","7.35.0-1ubuntu2.8","7.35.0-1ubuntu2.9","7.35.0-1ubuntu2.10","7.35.0-1ubuntu2.11","7.35.0-1ubuntu2.12","7.35.0-1ubuntu2.13","7.35.0-1ubuntu2.14","7.35.0-1ubuntu2.15","7.35.0-1ubuntu2.16","7.35.0-1ubuntu2.17","7.35.0-1ubuntu2.19","7.35.0-1ubuntu2.20","7.35.0-1ubuntu2.20+esm2","7.35.0-1ubuntu2.20+esm3","7.35.0-1ubuntu2.20+esm4","7.35.0-1ubuntu2.20+esm5","7.35.0-1ubuntu2.20+esm6","7.35.0-1ubuntu2.20+esm7","7.35.0-1ubuntu2.20+esm8","7.35.0-1ubuntu2.20+esm9","7.35.0-1ubuntu2.20+esm10","7.35.0-1ubuntu2.20+esm11","7.35.0-1ubuntu2.20+esm12","7.35.0-1ubuntu2.20+esm13","7.35.0-1ubuntu2.20+esm14"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"7.35.0-1ubuntu2.20+esm15","binary_name":"curl"},{"binary_version":"7.35.0-1ubuntu2.20+esm15","binary_name":"libcurl3"},{"binary_version":"7.35.0-1ubuntu2.20+esm15","binary_name":"libcurl3-gnutls"},{"binary_version":"7.35.0-1ubuntu2.20+esm15","binary_name":"libcurl3-nss"},{"binary_version":"7.35.0-1ubuntu2.20+esm15","binary_name":"libcurl4-gnutls-dev"},{"binary_version":"7.35.0-1ubuntu2.20+esm15","binary_name":"libcurl4-nss-dev"},{"binary_version":"7.35.0-1ubuntu2.20+esm15","binary_name":"libcurl4-openssl-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5964-2.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2023-27533"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-27535"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2023-27536"}],"ecosystem":"Ubuntu:Pro:14.04:LTS"}}},{"package":{"name":"curl","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/curl@7.47.0-1ubuntu2.19+esm8?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.47.0-1ubuntu2.19+esm8"}]}],"versions":["7.43.0-1ubuntu2","7.45.0-1ubuntu1","7.46.0-1ubuntu1","7.47.0-1ubuntu1","7.47.0-1ubuntu2","7.47.0-1ubuntu2.1","7.47.0-1ubuntu2.2","7.47.0-1ubuntu2.3","7.47.0-1ubuntu2.4","7.47.0-1ubuntu2.5","7.47.0-1ubuntu2.6","7.47.0-1ubuntu2.7","7.47.0-1ubuntu2.8","7.47.0-1ubuntu2.9","7.47.0-1ubuntu2.11","7.47.0-1ubuntu2.12","7.47.0-1ubuntu2.13","7.47.0-1ubuntu2.14","7.47.0-1ubuntu2.15","7.47.0-1ubuntu2.16","7.47.0-1ubuntu2.18","7.47.0-1ubuntu2.19","7.47.0-1ubuntu2.19+esm1","7.47.0-1ubuntu2.19+esm2","7.47.0-1ubuntu2.19+esm3","7.47.0-1ubuntu2.19+esm4","7.47.0-1ubuntu2.19+esm5","7.47.0-1ubuntu2.19+esm6","7.47.0-1ubuntu2.19+esm7"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"7.47.0-1ubuntu2.19+esm8","binary_name":"curl"},{"binary_version":"7.47.0-1ubuntu2.19+esm8","binary_name":"libcurl3"},{"binary_version":"7.47.0-1ubuntu2.19+esm8","binary_name":"libcurl3-gnutls"},{"binary_version":"7.47.0-1ubuntu2.19+esm8","binary_name":"libcurl3-nss"},{"binary_version":"7.47.0-1ubuntu2.19+esm8","binary_name":"libcurl4-gnutls-dev"},{"binary_version":"7.47.0-1ubuntu2.19+esm8","binary_name":"libcurl4-nss-dev"},{"binary_version":"7.47.0-1ubuntu2.19+esm8","binary_name":"libcurl4-openssl-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5964-2.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2023-27533"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-27535"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2023-27536"}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}}],"schema_version":"1.7.3"}