First Last Prev Next    This bug is not in your last search results.
Bug 982778 - (CVE-2016-3739) VUL-0: CVE-2016-3739: curl: TLS certificate name check bypass with mbedTLS and PolarSSL
(CVE-2016-3739)
VUL-0: CVE-2016-3739: curl: TLS certificate name check bypass with mbedTLS an...
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/169178/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-06-02 13:54 UTC by Marcus Meissner
Modified: 2019-05-13 14:44 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-06-02 13:54:19 UTC 
rh#1335430

The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2)
polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl
before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a
numerical IP address, allow remote attackers to spoof servers via an arbitrary
valid certificate.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1335430
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3739
http://seclists.org/oss-sec/2016/q2/362
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3739.html
http://www.cvedetails.com/cve/CVE-2016-3739/
https://curl.haxx.se/CVE-2016-3739.patch
https://curl.haxx.se/docs/adv_20160518.html
https://curl.haxx.se/changes.html#7_49_0
http://www.securitytracker.com/id/1035907
Comment 1 Marcus Meissner 2016-06-02 13:54:48 UTC 
This issue only affects curl when polarssl or embedtls is in use.

We use openssl everywhere, so SUSE is not affected by this problem.
First Last Prev Next    This bug is not in your last search results.