SB2017042907 - Arch Linux update for curl

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017042907

SB2017042907 - Arch Linux update for curl

Published: April 29, 2017 Updated: May 3, 2017

Security Bulletin ID SB2017042907
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Cryptographic issues (CVE-ID: CVE-2016-5419)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.


2) Improper Certificate Validation (CVE-ID: CVE-2017-7468)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range.


Remediation

Install update from vendor's website.

References