Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

openSUSE 16.0 Curl Important Patch Advisory 2026-20404-1

opensuse
Calendar Grey March 28, 2026
Dist Opensuse Esm H88
Update for openSUSE Leap fixes important vulnerabilities in curl, enhancing network security and patching bugs.
An update that solves 4 vulnerabilities and has 4 bug fixes can now be installed.

Description

This update for curl fixes the following issues:

- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).

- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).

- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).

- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-418=1

Patch

Package List

- openSUSE Leap 16.0:

curl-8.14.1-160000.5.1

curl-fish-completion-8.14.1-160000.5.1

curl-zsh-completion-8.14.1-160000.5.1

libcurl-devel-8.14.1-160000.5.1

libcurl-devel-doc-8.14.1-160000.5.1

libcurl4-8.14.1-160000.5.1

References

* bsc#1259362

* bsc#1259363

* bsc#1259364

* bsc#1259365

References:

* https://www.suse.com/security/cve/CVE-2026-1965.html

* https://www.suse.com/security/cve/CVE-2026-3783.html

* https://www.suse.com/security/cve/CVE-2026-3784.html

* https://www.suse.com/security/cve/CVE-2026-3805.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20404-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here