This update for curl fixes the following issues:
Security issues fixed:
* CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631).
* CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632).
* CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635).
* CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636).
* CVE-2026-6429: netrc credential leak with reused proxy connection
(bsc#1262638).
Other updates and bugfixes:
* sws: prevent "connection monitor" to say disconnect twice (bsc#1259362).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Performance Computing 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1717=1
* SUSE Linux Enterprise Server 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1717=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1717=1 SUSE-SLE-Product-
SLES_SAP-15-SP5-2026-1717=1
* SUSE Linux Enterprise Desktop 15 SP5
zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1717=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1717=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-1717=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-1717=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch...
Read the Full Advisory* SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64)
* libcurl4-8.14.1-150400.5.83.1
* SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64)
* libcurl4-8.14.1-150400.5.83.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libcurl-devel-8.14.1-150400.5.83.1
* libcurl4-8.14.1-150400.5.83.1
* curl-debugsource-8.14.1-150400.5.83.1
* curl-debuginfo-8.14.1-150400.5.83.1
* libcurl4-debuginfo-8.14.1-150400.5.83.1
* curl-8.14.1-150400.5.83.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1
* libcurl4-32bit-8.14.1-150400.5.83.1
* SUSE Linux Enterprise Desktop 15 SP5 (x86_64)
* libcurl4-8.14.1-150400.5.83.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libcurl4-8.14.1-150400.5.83.1
* curl-debugsource-8.14.1-150400.5.83.1
* curl-debuginfo-8.14.1-150400.5.83.1
* libcurl4-debuginfo-8.14.1-150400.5.83.1
* curl-8.14.1-150400.5.83.1
* SUSE Linux Enterprise Micro 5.3...
Read the Full Advisory* bsc#1259362
* bsc#1262631
* bsc#1262632
* bsc#1262635
* bsc#1262636
* bsc#1262638
## References:
* https://www.suse.com/security/cve/CVE-2026-1965.html
* https://www.suse.com/security/cve/CVE-2026-4873.html
* https://www.suse.com/security/cve/CVE-2026-5545.html
* https://www.suse.com/security/cve/CVE-2026-6253.html
* https://www.suse.com/security/cve/CVE-2026-6276.html
* https://www.suse.com/security/cve/CVE-2026-6429.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259362
* https://bugzilla.suse.com/show_bug.cgi?id=1262631
* https://bugzilla.suse.com/show_bug.cgi?id=1262632
* https://bugzilla.suse.com/show_bug.cgi?id=1262635
* https://bugzilla.suse.com/show_bug.cgi?id=1262636
* https://bugzilla.suse.com/show_bug.cgi?id=1262638
Get the latest Linux and open source security news straight to your inbox.