[3.5] curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)
CVE-2016-5419: TLS session resumption client cert bypass
Fixed In Version:
curl 7.50.1
Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
Patch:
https://curl.haxx.se/CVE-2016-5419.patch
CVE-2016-5420: Re-using connection with wrong client cert
Fixed In Version:
curl 7.50.1
Reference:
https://curl.haxx.se/docs/adv\_20160803B.html
Patch:
https://curl.haxx.se/CVE-2016-5420.patch
CVE-2016-5421: Use of connection struct after free
Fixed In Version:
curl 7.50.1
References:
https://curl.haxx.se/docs/adv\_20160803C.html
Patch:
https://curl.haxx.se/CVE-2016-5421.patch
(from redmine: issue id 6003, created on 2016-08-04, closed on 2016-08-17)
- Relations:
- parent #6002 (closed)
- Changesets:
- Revision da2c76f8 by Natanael Copa on 2016-08-04T14:51:38Z:
main/curl: security upgrade to 7.50.1 (CVE-2016-5419,CVE-2016-5420,CVE-2016-5421)
fixes #6003