Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed. CVE-2016-5420 It was discovered that libcurl did not consider client certificates when reusing TLS connections. CVE-2016-5421 Marcelo Echeverria and Fernando Muñoz discovered that libcurl was vulnerable to a use-after-free flaw. For the stable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u4. For the unstable distribution (sid), these problems have been fixed in version 7.50.1-1. We recommend that you upgrade your curl packages.
Several vulnerabilities were discovered in cURL, an URL transfer library:
Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed.
It was discovered that libcurl did not consider client certificates when reusing TLS connections.
Marcelo Echeverria and Fernando Muñoz discovered that libcurl was vulnerable to a use-after-free flaw.
For the stable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u4.
For the unstable distribution (sid), these problems have been fixed in version 7.50.1-1.
We recommend that you upgrade your curl packages.