Debian-LTS alert DLA-586-1 (curl)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 586-1] curl security update | |
| Date: | Thu, 4 Aug 2016 19:47:12 +0200 | |
| Message-ID: | <49c44a1d-214f-985f-a6f6-ca5773c49ce9@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : curl Version : 7.26.0-1+wheezy14 CVE ID : CVE-2016-5419 CVE-2016-5420 CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed. CVE-2016-5420 It was discovered that libcurl did not consider client certificates when reusing TLS connections. For Debian 7 "Wheezy", these problems have been fixed in version 7.26.0-1+wheezy14. We recommend that you upgrade your curl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJXo3+gXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkW1AQAJaYJctq1cARch//EzycVlDo 8mNerNq63Qjr1rgPIk5nyG5fWYOFdtazAXeb3YVQV+zOHZ6Gd9LkKVvuKuTZw7oE qxMSSPqdYpmVjGQf77j9MLgYg0zv5AFgVo1qGQMMCWtR08hnfoe9wJClwj/Ck59t YATGTtVhfAc5nmEgY27zo7xH/1p0lct+fNNh+YIY1CXquoROEZJ4Z/b6H4UTYkwD kuUb5qN92H0qCrLcCEyTfRBcn1aCelIC7y1p19lGZkEom0tfhFmucAoWHpJ8Y+gl EYmFx4XBiTm2tNyH3MDfgAUqomLGr0LWwpHOoe/lpQfFRxN/seeBBoIAc8uY57L8 hI9XntyaJ6HkUzvhf73zAFlr/PQMr16tCwOB7miiis9geNsOkPhrTJZz/LaUHbBP CeVXHI8ZKAXXJRewO7cO+SshF0Bn2hv7FU2hJMUWhfanuBtHVpCoGYN8m9X2MmMX hIg85bULhCkYlNfE5WGkSU1nvZGR2Rh/JzK3ur8Pchn0036Im+h+xxMezqqnYMsd v/JzFIyK4t8kRZE4A8oD8zGAOmJEdRtxkU/6C16P7LOL/8jvKkUOIwF7EOPDa0bg PsW5D/986FkCofncF29rq2ltop+jNqQQ6ciVx7GgmmoMmvqRzpXvZqBY5KivnusN JmS5v6wmjzYGPuPDgLHm =WaDl -----END PGP SIGNATURE-----