CVE-2016-5421: Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via…

CVE-2016-5421 [HIGH] CVE-2016-5421: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite Apple Security Update: About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite Product: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite CVE: CVE-2016-5421 Component: CVE-2016-5421

CVE-2016-5421 [HIGH] CVE-2016-5421: Android Security Bulletin 2016-12-01 CVE: CVE-2016-5421 Severity: HIGH Affected AOSP versions: 7 Android Security Bulletin 2016-12-01 CVE: CVE-2016-5421 Severity: HIGH Affected AOSP versions: 7.0 References: A-31271247

CVE-2016-5419 [HIGH] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. (CVE-2016-5419) It was discovered that curl incorrectly handled client certificates when reusing TLS connections. (CVE-2016-5420) Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectly reused a connection struct, contrary to expectations. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5421) Instructions: In general, a standard system update will make all the necessary changes.

CVE-2016-5421 [HIGH] CWE-416 curl: Use of connection struct after free curl: Use of connection struct after free Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. A use-after-free flaw was found in libcurl. When invoking curl_easy_perform() after cleaning up a multi session, an application can be tricked into using libcurl to connect to a malicious server, allowing an attacker to potentially execute arbitrary code. The highest threat from this vulnerability is to data confidentiality and integrity as well as data confidentiality. Statement: The versions of `curl` as shipped with Red Hat Enterprise Linux 5, 6, and 7 are marked as "notaffected" because they did not include the vulnerable code, which was introduced in a later version of the

CVE-2016-5421 [HIGH] CVE-2016-5421: curl - Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to contro... Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. Scope: local bookworm: resolved (fixed in 7.50.1-1) bullseye: resolved (fixed in 7.50.1-1) forky: resolved (fixed in 7.50.1-1) sid: resolved (fixed in 7.50.1-1) trixie: resolved (fixed in 7.50.1-1)

CVE-2016-5421 [HIGH] CWE-416 GHSA-89f8-gvcm-9g9g: Use-after-free vulnerability in libcurl before 7 Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

CVE-2016-5421 [HIGH] CVE-2016-5421: Use-after-free vulnerability in libcurl before 7 Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.

CVE-2016-5419 [HIGH] curl vulnerabilities curl vulnerabilities Bru Rom discovered that curl incorrectly handled client certificates when resuming a TLS session. (CVE-2016-5419) It was discovered that curl incorrectly handled client certificates when reusing TLS connections. (CVE-2016-5420) Marcelo Echeverria and Fernando Muñoz discovered that curl incorrectly reused a connection struct, contrary to expectations. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5421)

CVE-2016-5419 [HIGH] CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 mingw-curl: various flaws [epel-7] CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 mingw-curl: various flaws [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. [bug automatically created by: add-tracking-bugs]

CVE-2016-5419 [HIGH] CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 curl: various flaws [fedora-all] CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 curl: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fed

CVE-2016-5419 [HIGH] CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 mingw-curl: various flaws [fedora-all] CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 mingw-curl: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions

CVE-2016-5421 [HIGH] CVE-2016-5421 curl: Use of connection struct after free CVE-2016-5421 curl: Use of connection struct after free A use-after-free vulnerability in libcurl was found. libcurl works with easy handles using the type 'CURL *' that are objects the application creates using curl_easy_init(). They are the handles that are all each associated with a single transfer at a time. libcurl also has an internal struct that represents and holds most state that is related to a single connection. An easy handle can hold references to one or many such connection structs depending on the requested operations. When using libcurl's multi interface, an application performs transfers by adding one or more easy handles to the multi handle and then it can drive all those transfers in parallel. Due to a flaw, libcurl could leave a pointer to a freed connection struct d