CVE-2016-5419 (retired)

Priority
Description
curl and libcurl before 7.50.1 do not prevent TLS session resumption when
the client certificate has changed, which allows remote attackers to bypass
intended restrictions by resuming a session.
Assigned-to
mdeslaur
Notes
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.50.1-1)
Ubuntu 12.04 ESM (Precise Pangolin):released (7.22.0-3ubuntu4.16)
Ubuntu 16.04 LTS (Xenial Xerus):released (7.47.0-1ubuntu2.1)
Patches:
Upstream:https://curl.haxx.se/CVE-2016-5419.patch
More Information

Updated: 2019-10-09 07:56:54 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)