CVE-2016-5419 (retired)

Priority
Description
curl and libcurl before 7.50.1 do not prevent TLS session resumption when
the client certificate has changed, which allows remote attackers to bypass
intended restrictions by resuming a session.
Assigned-to
mdeslaur
Package
Source: curl (LP Ubuntu Debian)
Upstream:released (7.50.1-1)
Ubuntu 12.04 ESM (Precise Pangolin):released (7.22.0-3ubuntu4.16)
Ubuntu 14.04 LTS (Trusty Tahr):released (7.35.0-1ubuntu2.8)
Ubuntu 16.04 LTS (Xenial Xerus):released (7.47.0-1ubuntu2.1)
Patches:
Upstream:https://curl.haxx.se/CVE-2016-5419.patch
More Information

Updated: 2019-03-26 12:22:11 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)