[security-announce] Security Update: : cURL: CVE-2016-5419, CVE-2016-5420, CVE-2016-5421

Sona Sarmadi sona.sarmadi at enea.com
Thu Sep 8 08:55:33 CEST 2016


		Enea Linux Security Advisory

====================================================================
Product/package: Enea Linux 6.0: (cURL 7.47.1)
Severity: Medium, Low, Medium
Architecture: all
CVE Name: CVE-2016-5419, CVE-2016-5420, CVE-2016-5421
====================================================================

This security update fixes following vulnerabilities in cURL 7.47.1.

Description
===========
CVE-2016-5419:
curl and libcurl before 7.50.1 do not prevent TLS session resumption
when the client certificate has changed, which allows remote attackers
to bypass intended restrictions by resuming a session.

CVE-2016-5420:
curl and libcurl before 7.50.1 do not check the client certificate when
choosing the TLS connection to reuse, which might allow remote attackers
to hijack the authentication of the connection by leveraging a
previously created connection with a different client certificate.

CVE-2016-5421:
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers
to control which connection is used or possibly have unspecified other
impact via unknown vectors.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421
https://curl.haxx.se/docs/adv_20160803A.html
https://curl.haxx.se/docs/adv_20160803B.html
https://curl.haxx.se/docs/adv_20160803C.html

Reference to the upstream fixes:
===================================================
https://curl.haxx.se/CVE-2016-5419.patch
https://curl.haxx.se/CVE-2016-5420.patch
https://curl.haxx.se/CVE-2016-5421.patch

Correction for Enea Linux
=========================
CVE-2016-5419:
http://git.enea.com/cgit/linux/poky.git/patch/?id=094a36886f2ac3e8e67220ffc938973879b3762a

CVE-2016-5420:
http://git.enea.com/cgit/linux/poky.git/patch/?id=6980d4fa2feba6147013933a173621513ec2dcd0

CVE-2016-5421:
http://git.enea.com/cgit/linux/poky.git/patch/?id=aad7166704021d82ad3a5ec468552f8f10360d41


How to get the latest patches
=============================
- If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-6.0
$ repo sync

- If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

Use repo tool to download the source for Enea Linux, follow the steps below:
1. Make sure that the repo tool is installed. If not, follow the
instructions below:

$ curl https://storage.googleapis.com/git-repo-downloads/repo >
~/bin/repo
$ chmod a+x ~/bin/repo

The instruction assumes that ~/bin exists and is included in the PATH
variable.

2.Use the repo tool to download the source:
$ mkdir Enea-Linux-6.0
$ cd Enea-Linux-6.0
$ repo init \
-u git://git.enea.com/linux/el_manifests-standard.git \
-b krogoth\
-m <manifest file>
$ repo sync

The parameter <manifest file> depends on the target:
P2041RDB: p2041rdb/default.xml
LS1021a-IoT: ls1021aiot/default.xml
QEMUARM: qemuarm/default.xml
QEMUPCC: qemuppc/default.xml
QEMUX86: qemux86/default.xml

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20160908/80c57b9b/attachment.sig>


More information about the security-announce mailing list