Wind River Support Network

HomeDefectsLIN7-6305

Fixed

LIN7-6305 : Security Advisory - curl - CVE-2016-3739

Created: May 31, 2016 Updated: Sep 8, 2018

Resolved Date: Jul 20, 2016

Found In Version: 7.0.0.15

Fix Version: 7.0.0.18

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Userspace

Description

The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3739

Other Downloads

Wind River Linux 7.0.0.18
Wind River Linux 7.0.0.19
Wind River Linux 7.0.0.20
Wind River Linux 7.0.0.21
Wind River Linux 7.0.0.22
Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2016-3739