[3.4] curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)
CVE-2016-5419: TLS session resumption client cert bypass
Fixed In Version:
curl 7.50.1
Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
Patch:
https://curl.haxx.se/CVE-2016-5419.patch
CVE-2016-5420: Re-using connection with wrong client cert
Fixed In Version:
curl 7.50.1
Reference:
https://curl.haxx.se/docs/adv\_20160803B.html
Patch:
https://curl.haxx.se/CVE-2016-5420.patch
CVE-2016-5421: Use of connection struct after free
Fixed In Version:
curl 7.50.1
References:
https://curl.haxx.se/docs/adv\_20160803C.html
Patch:
https://curl.haxx.se/CVE-2016-5421.patch
(from redmine: issue id 6004, created on 2016-08-04, closed on 2016-08-17)
- Relations:
- parent #6002 (closed)
- Changesets:
- Revision 4bdd777b by Natanael Copa on 2016-08-04T14:56:59Z:
main/curl: security upgrade to 7.50.1 (CVE-2016-5419,CVE-2016-5420,CVE-2016-5421)
fixes #6004
(cherry picked from commit da2c76f8a5b41b865d6af208d9bc32764eec75a6)