14 DAY TRIAL // Canonical has announced that a couple of curl vulnerabilities have been found and fixed in its Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS operating systems.
The developers have released a new update for the curl package and it looks like a number of security issues have been corrected.
“Tim Ruehsen discovered that curl incorrectly handled partial literal IP addresses. This could lead to the disclosure of cookies to the wrong site, and malicious sites being able to set cookies for others,” reads the security notice.
Also, “Tim Ruehsen discovered that curl incorrectly allowed cookies to be set for Top Level Domains (TLDs). This could allow a malicious site to set a cookie that gets sent to other sites.”
These are the two exploits that have been identified by the developer, and for a more detailed description of the problems, you can see Canonical's security notification. Users have been advised to upgrade their systems as soon as possible.
The flaws can be fixed if you upgrade your system to the latest libcurl3-nss, libcurl3-gnutls, and libcurl3 packages specific to each distribution. To apply the patch, you will have to run the Update Manager application.
In general, a standard system update will make all the necessary changes. It's not necessary to restart your system.