EUVD-2016-8013

Malware in sbrugna...

SUSE CVE-2016-7141

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has...

SUSE-SU-2016:2449-1 Security update for curl

This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass bsc991389 - CVE-2016-5420: Re-using connections with wrong client cert bsc991390 - CVE-2016-7141: Fixed incorrect reuse of client certificates bsc997420...

CVE-2016-7141

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has...

DEBIAN-CVE-2016-7141

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has...

Incorrect reuse of client certificates

libcurl built on top of NSS Network Security Services incorrectly reused client certificates if a certificate from file was used for one TLS connection but no certificate set for a subsequent TLS connection. While the symptoms are similar to CVE-2016-5420 Reusing connection with wrong client cert...