CVE-2016-5421

Synopsis Moderate: httpd24 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of ...

Several security issues were fixed in curl ...

Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed CVE-2016-5420 It was discovered that libcurl did not consider client certificates when reusing TLS connections CVE-2016-5421 M ...

curl and libcurl before 7501 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session (CVE-2016-5419) curl and libcurl before 7501 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote atta ...

Use-after-free vulnerability in libcurl before 7501 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors ...

The Log Correlation Engine (LCE) is potentially impacted by several vulnerabilities in OpenSSL (20160503), libpcre / PCRE, Libxml2, Handlebars, libcurl, and jQuery that were recently disclosed and fixed Note that due to the time involved in doing a full analysis of each issue, Tenable has opted to upgrade the included versions of each library as a ...