USN-3048-1: curl vulnerabilities
USN-3048-1: curl vulnerabilities Ubuntu Security Notice USN-3048-1 8th August, 2016 curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in curl. Software description curl – HTTP, HTTPS, and FTP client and client libraries Details Bru Rom discovered that curl incorrectly handled client certificates whenresuming a TLS session. (CVE-2016-5419) It was discovered that curl incorrectly handled client certificates whenreusing TLS connections. (CVE-2016-5420) Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectlyreused a connection struct, contrary to expectations. This issue onlyapplied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5421) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: libcurl3-nss 7.47.0-1ubuntu2.1 libcurl3-gnutls 7.47.0-1ubuntu2.1 libcurl3 7.47.0-1ubuntu2.1 Ubuntu 14.04 LTS: libcurl3-nss 7.35.0-1ubuntu2.8 libcurl3-gnutls 7.35.0-1ubuntu2.8 libcurl3 [ more… ]