About Ubuntu

=========================================================== Ubuntu Security Notice USN-86-1 February 28, 2005 curl vulnerability CAN-2005-0490 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libcurl2 libcurl2-gssapi The problem can be corrected by upgrading the affected package to version 7.12.0.is.7.11.2-1ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: infamous41md discovered a buffer overflow in cURL's NT LAN Manager (NTLM) authentication handling. By sending a specially crafted long NTLM reply packet, a remote attacker could overflow the reply buffer. This could lead to execution of arbitrary attacker specified code with the privileges of the application using the cURL library.