Mailinglist Archive: opensuse-updates (111 mails)

< Previous Next >
openSUSE-SU-2016:2379-1: moderate: Security update for curl
openSUSE Security Update: Security update for curl
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:2379-1
Rating: moderate
References: #991389 #991390 #991391 #991746 #997420
Cross-References: CVE-2016-5419 CVE-2016-5420 CVE-2016-5421
CVE-2016-7141
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________

An update that solves four vulnerabilities and has one
errata is now available.

Description:

This update for curl fixes the following issues:

Security issues fixed:
- CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389)
- CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390)
- CVE-2016-5421: use of connection struct after free (bsc#991391)
- CVE-2016-7141: Fixed incorrect reuse of client certificates with NSS
(bsc#997420)

Also the following bug was fixed:
- fixing a performance issue (bsc#991746)

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-1124=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.1 (i586 x86_64):

curl-7.37.0-13.1
curl-debuginfo-7.37.0-13.1
curl-debugsource-7.37.0-13.1
libcurl-devel-7.37.0-13.1
libcurl4-7.37.0-13.1
libcurl4-debuginfo-7.37.0-13.1

- openSUSE Leap 42.1 (x86_64):

libcurl-devel-32bit-7.37.0-13.1
libcurl4-32bit-7.37.0-13.1
libcurl4-debuginfo-32bit-7.37.0-13.1


References:

https://www.suse.com/security/cve/CVE-2016-5419.html
https://www.suse.com/security/cve/CVE-2016-5420.html
https://www.suse.com/security/cve/CVE-2016-5421.html
https://www.suse.com/security/cve/CVE-2016-7141.html
https://bugzilla.suse.com/991389
https://bugzilla.suse.com/991390
https://bugzilla.suse.com/991391
https://bugzilla.suse.com/991746
https://bugzilla.suse.com/997420


< Previous Next >
This Thread
  • No further messages