DSA-3638-1 curl -- curlID: oval:org.secpod.oval:def:602578 | Date: (C)2016-08-09 (M)2023-12-20 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in cURL, an URL transfer library: CVE-2016-5419 Bru Rom discovered that libcurl would attempt to resume a TLS session even if the client certificate had changed. CVE-2016-5420 It was discovered that libcurl did not consider client certificates when reusing TLS connections. CVE-2016-5421 Marcelo Echeverria and Fernando Muñoz discovered that libcurl was vulnerable to a use-after-free flaw.