Описание
Security update for curl
This update for curl fixes the following issues:
- CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389)
- CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390)
- CVE-2016-7141: Fixed incorrect reuse of client certificates (bsc#997420).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 11-SECURITY
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Manager 2.1
SUSE Manager Proxy 2.1
SUSE OpenStack Cloud 5
Ссылки
- Link for SUSE-SU-2016:2449-1
- E-Mail link for SUSE-SU-2016:2449-1
- SUSE Security Ratings
- SUSE Bug 991389
- SUSE Bug 991390
- SUSE Bug 997420
- SUSE CVE CVE-2016-5419 page
- SUSE CVE CVE-2016-5420 page
- SUSE CVE CVE-2016-7141 page
Описание
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
Затронутые продукты
Ссылки
- CVE-2016-5419
- SUSE Bug 1033413
- SUSE Bug 1033442
- SUSE Bug 991389
Описание
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
Затронутые продукты
Ссылки
- CVE-2016-5420
- SUSE Bug 991390
- SUSE Bug 997420
Описание
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
Затронутые продукты
Ссылки
- CVE-2016-7141
- SUSE Bug 991390
- SUSE Bug 997420