Security update for curl
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2016-5419: TLS session resumption client cert bypass (bsc#991389)
- CVE-2016-5420: Re-using connections with wrong client cert (bsc#991390)
- CVE-2016-5421: use of connection struct after free (bsc#991391)
- CVE-2016-7141: Fixed incorrect reuse of client certificates with NSS (bsc#997420)
Also the following bug was fixed:
- fixing a performance issue (bsc#991746)
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
P. Janouch (pjanouch)
Fixed bugs
bnc#991389
VUL-0: CVE-2016-5419: curl: TLS session resumption client cert bypass
bnc#991391
VUL-0: CVE-2016-5421: curl: use of connection struct after free
bnc#991390
VUL-0: CVE-2016-5420: curl: Re-using connections with wrong client cert
bnc#991746
SLES 12 libcurl performance decline from SLES 11 SP4
bnc#997420
VUL-1: CVE-2016-7141: curl: Incorrect reuse of client certificates
