USN-3048-1: curl vulnerabilities
8 August 2016
Several security issues were fixed in curl.
- curl - HTTP, HTTPS, and FTP client and client libraries
Bru Rom discovered that curl incorrectly handled client certificates when
resuming a TLS session. (CVE-2016-5419)
It was discovered that curl incorrectly handled client certificates when
reusing TLS connections. (CVE-2016-5420)
Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectly
reused a connection struct, contrary to expectations. This issue only
applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5421)
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.