curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)
CVE-2016-5419: TLS session resumption client cert bypass
Fixed In Version:
curl 7.50.1
Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
Patch:
https://curl.haxx.se/CVE-2016-5419.patch
CVE-2016-5420: Re-using connection with wrong client cert
Fixed In Version:
curl 7.50.1
Reference:
https://curl.haxx.se/docs/adv\_20160803B.html
Patch:
https://curl.haxx.se/CVE-2016-5420.patch
CVE-2016-5421: Use of connection struct after free
Fixed In Version:
curl 7.50.1
References:
https://curl.haxx.se/docs/adv\_20160803C.html
Patch:
https://curl.haxx.se/CVE-2016-5421.patch
(from redmine: issue id 6002, created on 2016-08-04, closed on 2016-08-17)
- Relations:
- child #6003 (closed)
- child #6004 (closed)
- child #6005 (closed)
- child #6006 (closed)
- child #6007 (closed)