Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 754
Alerts This Week
Warning Icon 1 754

Ubuntu 20.04 LTS curl Security Vulnerabilities Denial of Service USN-8062-2

ubuntu
Calendar Grey March 3, 2026
Dist Ubuntu Esm H88
Fix multiple security issues in curl affecting various Ubuntu releases. Update recommended for better protection and security enhancement.
Several security issues were fixed in curl.

Summary

Several security issues were fixed in curl.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

USN-8062-1 fixed vulnerabilities in curl. This update provides the

corresponding update for CVE-2025-14017, CVE-2025-15079, and CVE-2025-15224

for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04

LTS.

Original advisory details:

It was discovered that curl incorrectly handled cookies when redirected

from secure to insecure connections. An attacker could possibly use this

issue to cause a denial of service, or obtain sensitive information.

This issue only affected Ubuntu 25.10. (CVE-2025-9086)

Calvin Ruocco discovered that curl did not properly handle WebSocket

communications under certain circumstances. A malicious server could

possibly use this issue to poison proxy caches with malicious content.

This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10.

(CVE-2025-10148)

Stanislav Fort discovered that wcurl did n...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  curl                            7.68.0-1ubuntu2.25+esm2
                                  Available with Ubuntu Pro
  libcurl4                        7.68.0-1ubuntu2.25+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  curl                            7.58.0-2ubuntu3.24+esm7
                                  Available with Ubuntu Pro
  libcurl4                        7.58.0-2ubuntu3.24+esm7
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  curl                            7.47.0-1ubuntu2.19+esm15
                                  Available with Ubuntu Pro
  libcurl3                        7.47.0-1ubuntu2.19+esm15
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  curl                            7.35.0-1ubuntu2.20+esm19
                                  Available with Ubuntu Pro
  libcurl3                        7.35.0-1ubuntu2.20+esm19
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8062-2

https://ubuntu.com/security/notices/USN-8062-1

CVE-2025-14017, CVE-2025-15079, CVE-2025-15224

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8062-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.