CVE-2016-7141: curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication…

CVE-2016-7141 [HIGH] CVE-2016-7141: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite Apple Security Update: About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite Product: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite CVE: CVE-2016-7141 Component: CVE-2016-7141

CVE-2016-7141 [HIGH] curl vulnerabilities Title: curl vulnerabilities Summary: Several security issues were fixed in curl. It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. (CVE-2016-7141) Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7167) It was discovered that curl incorrectly handled storing cookies. A remote attacker could possibly use this issue to inject cookies for arbitrary domains in the cookie jar. (CVE-2016-8615) It was discovered that curl incorrect handled case when comparing user names and pa

CVE-2016-7141 [HIGH] CWE-295 curl: Incorrect reuse of client certificates curl: Incorrect reuse of client certificates curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. It was found that the libcurl library using the NSS (Network Security Services) library as TLS/SSL backend incorrectly re-used client certificates for subsequent TLS connections in certain cases. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. Package: rh-dotnetcore10-curl

CVE-2016-7141 [HIGH] CVE-2016-7141: curl - curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library... curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. Scope: local bookworm: resolved (fixed in 7.51.0-1) bullseye: resolved (fixed in 7.51.0-1) forky: resolved (fixed in 7.51.0-1) sid: resolved (fixed in 7.51.0-1) trixie: resolved (fixed in 7.51.0-1)

CVE-2016-7141 [HIGH] CWE-287 GHSA-vx32-35rm-8jq5: curl and libcurl before 7 curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.

CVE-2016-7141 [HIGH] curl vulnerabilities curl vulnerabilities It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. (CVE-2016-7141) Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-7167) It was discovered that curl incorrectly handled storing cookies. A remote attacker could possibly use this issue to inject cookies for arbitrary domains in the cookie jar. (CVE-2016-8615) It was discovered that curl incorrect handled case when comparing user names and passwords. A remote attacker with knowledge of a case-insensiti

CVE-2016-7141 [HIGH] CVE-2016-7141: curl and libcurl before 7 curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.

CVE-2016-7141 [HIGH] CVE-2016-7141 mingw-curl: curl: Incorrect reuse of client certificates [fedora-all] CVE-2016-7141 mingw-curl: curl: Incorrect reuse of client certificates [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versio

CVE-2016-7141 [HIGH] CVE-2016-7141 curl: Incorrect reuse of client certificates [fedora-all] CVE-2016-7141 curl: Incorrect reuse of client certificates [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora

CVE-2016-7141 [HIGH] CVE-2016-7141 curl: Incorrect reuse of client certificates CVE-2016-7141 curl: Incorrect reuse of client certificates After testing original CVE-2016-5420 patch, it was discovered that libcurl built on top of NSS (Network Security Services) still incorrectly re-uses client certificates if a certificate from file is used for one TLS connection but no certificate is set for a subsequent TLS connection. The original patch for CVE-2016-5420 has been amended to also contain the attached patch: https://curl.haxx.se/CVE-2016-5420.patch Discussion: Created curl tracking bugs for this issue: Affects: fedora-all [bug 1373230] --- Created mingw-curl tracking bugs for this issue: Affects: fedora-all [bug 1373231] Affects: epel-7 [bug 1373232] --- CVE assignment: http://seclists.org/oss-sec/2016/q3/419 --- This issue has been addressed in the fol

CVE-2016-7141 [HIGH] CVE-2016-7141 mingw-curl: curl: Incorrect reuse of client certificates [epel-7] CVE-2016-7141 mingw-curl: curl: Incorrect reuse of client certificates [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. [bug automatically created by: add-tracking-bugs]