Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
USN-8062-1 fixed vulnerabilities in curl. This update provides the
corresponding update for CVE-2025-14017, CVE-2025-15079, and CVE-2025-15224
for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04
LTS.
Original advisory details:
It was discovered that curl incorrectly handled cookies when redirected
from secure to insecure connections. An attacker could possibly use this
issue to cause a denial of service, or obtain sensitive information.
This issue only affected Ubuntu 25.10. (CVE-2025-9086)
Calvin Ruocco discovered that curl did not properly handle WebSocket
communications under certain circumstances. A malicious server could
possibly use this issue to poison proxy caches with malicious content.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2025-10148)
Stanislav Fort discovered that wcurl did n...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
curl 7.68.0-1ubuntu2.25+esm2
Available with Ubuntu Pro
libcurl4 7.68.0-1ubuntu2.25+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
curl 7.58.0-2ubuntu3.24+esm7
Available with Ubuntu Pro
libcurl4 7.58.0-2ubuntu3.24+esm7
Available with Ubuntu Pro
Ubuntu 16.04 LTS
curl 7.47.0-1ubuntu2.19+esm15
Available with Ubuntu Pro
libcurl3 7.47.0-1ubuntu2.19+esm15
Available with Ubuntu Pro
Ubuntu 14.04 LTS
curl 7.35.0-1ubuntu2.20+esm19
Available with Ubuntu Pro
libcurl3 7.35.0-1ubuntu2.20+esm19
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-8062-2
https://ubuntu.com/security/notices/USN-8062-1
CVE-2025-14017, CVE-2025-15079, CVE-2025-15224
Get the latest Linux and open source security news straight to your inbox.