All the other supported Ubuntu distros have been affected by this problem

Dec 6, 2013 22:06 GMT  ·  By

On December 5, in a security notice, Canonical published details about a curl vulnerability in its Ubuntu 13.10, Ubuntu 13.04, Ubuntu 12.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems.

According to the company, fraudulent security certificates could have allowed sensitive information to be exposed when accessing the Internet.

It has been discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled.

When libcurl was being used in this uncommon way by specific applications, an attacker could have exploited this to perform a man-in-the-middle attack to view sensitive information or alter encrypted communications.

This system update introduced a regression, which was subsequently fixed for Ubuntu 12.10, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS.

For a more detailed description of the security problems, you can see Canonical's security notification.

The security flaws can be fixed if you upgrade your system(s) to the latest libcurl3 package specific to each distribution. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart will not be needed.