stable

curl-7.43.0-8.fc23

FEDORA-2016-8354baae0f created by kdudka 8 years ago for Fedora 23
  • fix re-using connections with wrong client cert (CVE-2016-5420)
  • fix TLS session resumption client cert bypass (CVE-2016-5419)
  • fix use of connection struct after free (CVE-2016-5421)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2016-8354baae0f

This update has been submitted for testing by kdudka.

8 years ago

This update has been pushed to testing.

8 years ago
User Icon k3rn3l commented & provided feedback 8 years ago
karma

Works

User Icon filiperosset commented & provided feedback 8 years ago
karma

no regressions noted

This update has been submitted for stable by bodhi.

8 years ago
User Icon em3rson commented & provided feedback 8 years ago
karma

workd

This update has been pushed to stable.

8 years ago
User Icon kdudka commented & provided feedback 8 years ago

Thank you for testing the update!


Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
8 years ago
in testing
8 years ago
in stable
8 years ago
BZ#1362183 CVE-2016-5419 curl: TLS session resumption client cert bypass
0
0
BZ#1362190 CVE-2016-5420 curl: Re-using connection with wrong client cert
0
0
BZ#1362199 CVE-2016-5421 curl: Use of connection struct after free
0
0
BZ#1363642 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 curl: various flaws [fedora-all]
0
0

Automated Test Results