[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 586-1] curl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : curl
Version        : 7.26.0-1+wheezy14
CVE ID         : CVE-2016-5419 CVE-2016-5420


CVE-2016-5419
    Bru Rom discovered that libcurl would attempt to resume a TLS
    session even if the client certificate had changed.

CVE-2016-5420
    It was discovered that libcurl did not consider client certificates
    when reusing TLS connections.

For Debian 7 "Wheezy", these problems have been fixed in version
7.26.0-1+wheezy14.

We recommend that you upgrade your curl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJXo3+gXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkW1AQAJaYJctq1cARch//EzycVlDo
8mNerNq63Qjr1rgPIk5nyG5fWYOFdtazAXeb3YVQV+zOHZ6Gd9LkKVvuKuTZw7oE
qxMSSPqdYpmVjGQf77j9MLgYg0zv5AFgVo1qGQMMCWtR08hnfoe9wJClwj/Ck59t
YATGTtVhfAc5nmEgY27zo7xH/1p0lct+fNNh+YIY1CXquoROEZJ4Z/b6H4UTYkwD
kuUb5qN92H0qCrLcCEyTfRBcn1aCelIC7y1p19lGZkEom0tfhFmucAoWHpJ8Y+gl
EYmFx4XBiTm2tNyH3MDfgAUqomLGr0LWwpHOoe/lpQfFRxN/seeBBoIAc8uY57L8
hI9XntyaJ6HkUzvhf73zAFlr/PQMr16tCwOB7miiis9geNsOkPhrTJZz/LaUHbBP
CeVXHI8ZKAXXJRewO7cO+SshF0Bn2hv7FU2hJMUWhfanuBtHVpCoGYN8m9X2MmMX
hIg85bULhCkYlNfE5WGkSU1nvZGR2Rh/JzK3ur8Pchn0036Im+h+xxMezqqnYMsd
v/JzFIyK4t8kRZE4A8oD8zGAOmJEdRtxkU/6C16P7LOL/8jvKkUOIwF7EOPDa0bg
PsW5D/986FkCofncF29rq2ltop+jNqQQ6ciVx7GgmmoMmvqRzpXvZqBY5KivnusN
JmS5v6wmjzYGPuPDgLHm
=WaDl
-----END PGP SIGNATURE-----
Reply to: