CVE-2014-0138

Publication date 27 March 2014

Last updated 24 July 2024

Ubuntu priority

The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
curl	13.10 saucy	Fixed 7.32.0-1ubuntu1.4
	12.10 quantal	Fixed 7.27.0-1ubuntu1.9
	12.04 LTS precise	Fixed 7.22.0-3ubuntu4.8
	10.04 LTS lucid	Fixed 7.19.7-1ubuntu1.7

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
curl	Upstream: http://curl.haxx.se/libcurl-bad-reuse.patch Upstream: 378af08 Upstream: d765099 Upstream: 517b06d Upstream: f82e0ed

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2167-1
curl vulnerabilities
14 April 2014

Other references

http://curl.haxx.se/docs/adv_20140326A.html
https://www.cve.org/CVERecord?id=CVE-2014-0138