USN-3048-1: curl vulnerabilities
8 August 2016
Several security issues were fixed in curl.
Releases
Packages
- curl - HTTP, HTTPS, and FTP client and client libraries
Details
Bru Rom discovered that curl incorrectly handled client certificates when
resuming a TLS session. (CVE-2016-5419)
It was discovered that curl incorrectly handled client certificates when
reusing TLS connections. (CVE-2016-5420)
Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectly
reused a connection struct, contrary to expectations. This issue only
applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5421)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
Ubuntu 14.04
Ubuntu 12.04
-
libcurl3
-
7.22.0-3ubuntu4.16
-
libcurl3-gnutls
-
7.22.0-3ubuntu4.16
-
libcurl3-nss
-
7.22.0-3ubuntu4.16
In general, a standard system update will make all the necessary changes.