I have uploaded a curl package for jammy that fixes this issue in the security team ppa here:
https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages Please test it to make sure it fixes the regression in your environment and leave a comment here. Once it has been tested successfully, I will release it as a regression fix. Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to curl in Ubuntu. https://bugs.launchpad.net/bugs/2118865 Title: libcurl outgoing Cookie header field size check is broken Status in curl package in Ubuntu: Fix Released Status in curl source package in Jammy: In Progress Bug description: libcurl's check to limit outgoing Cookier header field size is broken. The implementation in Jammy's libcurl4-7.81.0* was backported from a newer curl (as part of CVE-2022-32205) but that implementation is buggy and mistakenly checks against the entire outgoing request size, instead of the cookie header size. Upstream curl has fixed this, and the (simple) fix should be backported to here too. For example, if someone has a big request header (very common with different authentication schemes like big JWT/bearer tokens or Kerberos/SPNEGO), curl will drop cookies even though the cookies are tiny. Here is curl's original fix for CVE-2022-32205: https://github.com/curl/curl/commit/48d7064a49148f03942380967da739dcde1cdc24 Here is the bugfix that correctly tracks the Cookie header size: https://github.com/curl/curl/commit/d40e5cc9a3c7c5ba88523be0272f842ca8672357 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2118865/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
