[3.2] curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)
CVE-2016-5419: TLS session resumption client cert bypass
Fixed In Version:
curl 7.50.1
Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
Patch:
https://curl.haxx.se/CVE-2016-5419.patch
CVE-2016-5420: Re-using connection with wrong client cert
Fixed In Version:
curl 7.50.1
Reference:
https://curl.haxx.se/docs/adv\_20160803B.html
Patch:
https://curl.haxx.se/CVE-2016-5420.patch
CVE-2016-5421: Use of connection struct after free
Fixed In Version:
curl 7.50.1
References:
https://curl.haxx.se/docs/adv\_20160803C.html
Patch:
https://curl.haxx.se/CVE-2016-5421.patch
(from redmine: issue id 6006, created on 2016-08-04, closed on 2016-08-17)
- Relations:
- parent #6002 (closed)
- Changesets:
- Revision b3856e24 on 2016-08-12T10:00:44Z:
main/curl: security fixes (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)
Fixes #6006
(cherry picked from commit 773b3cce8cf0ef9f65aa00ac6985aaba3f582b2c)