[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 616-1] curl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : curl
Version        : 7.26.0-1+wheezy15
CVE ID         : CVE-2016-7141
Debian Bug     : 836918

It was discovered that libcurl built on top of NSS (Network Security
Services) incorrectly re-used client certificates if a certificate from
file was used for one TLS connection but no certificate set for a
subsequent TLS connection.

For Debian 7 "Wheezy", this problem has been fixed in version
7.26.0-1+wheezy15.

We recommend that you upgrade your curl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJX0qGbAAoJEPZk0la0aRp9rSsP/30PNyEz8smnzqQZRAWYwJz2
/THly88AJLPjavd2+SG617/f7lqxNd03R6gl/03yF1O+6KskQ2UffDA0rLqgqXnW
9fPYP34wAAfwAaHLMsmB6j4ASkHRe1xemcVCklOc0+Gm3yaQw3q/xXo1PZgcEkhD
cuDlKpTSe/IVw3Qr6gCVH6CY3NM8G/75ec9M9Sn6kNodYpZ4DVTeDtj+EAjE71jO
O/yIJd9Z8UwD5rBDct8Ysc9g73pL9Nro77T5tMw89W/hcUUouvsp7BHXYaLJdSO4
DcgRzNg56F+ZY+v7W6CFrhH1EQFyiqin9VB3Bx6AYks4Wc80WZhF4BvK8QuDXsgw
Do/TpDEK4E6hRZpmVP82qF5NOPoXYCODecs8gRW2jrOyFhNZKHDCEod++CiqSIpJ
kkjXNZDgv+DQkUgmko+GH/e2mMPNXpl8QM85kPTkz4yGQp7nr0UvJVjTW+wfnkXn
FTcEGQ79fE3BMbr5wJTQX6s5kGiItnCRqbAwzkppoE7VVhzXCtrhVi8ZVcj5x2zB
TIEPGhp1oqS0sdHhow5tOwzml1ihAOveE8eOmY+J/96Tzo01IpQPUWMqaHk3qntE
kFtvPgx0YnA0ePQ0FWSY4sbPERW9TkZnJrzNKALMkdWCAi7e2p+/tMfn02+KavcL
Dsx2jDLqeM8E6zRXma42
=6fmS
-----END PGP SIGNATURE-----
Reply to: