Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Ubuntu 25.10 curl Important Credential Leak DoS Vuln 8084-1

ubuntu
Calendar Grey March 11, 2026
Dist Ubuntu Esm H88
Multiple security fixes for curl in Ubuntu prevent credential leaks and enhance protection against denial of service attacks.
Several security issues were fixed in curl.

Summary

Several security issues were fixed in curl.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Zhicheng Chen discovered that curl could incorrectly reuse the wrong

connection for Negotiate-authenticated HTTP or HTTPS requests. This could

result in the use of credentials from a different connection, contrary to

expectations. (CVE-2026-1965)

It was discovered that curl incorrectly leaked OAuth2 bearer tokens when

following a redirect. This could result in tokens being sent to the wrong

host, contrary to expectations. (CVE-2026-3783)

Muhamad Arga Reksapati discovered that curl incorrectly reused existing

HTTP proxy connections even if the request used different credentials. This

could result in the use of incorrect credentials, contrary to expectations.

(CVE-2026-3784)

Daniel Wade discovered that curl incorrectly handled certain memory

operations when doing a second SMB request to the same host. An attacker

could use this issue to cause curl ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  curl                            8.14.1-2ubuntu1.2
  libcurl3t64-gnutls              8.14.1-2ubuntu1.2
  libcurl4t64                     8.14.1-2ubuntu1.2

Ubuntu 24.04 LTS
  curl                            8.5.0-2ubuntu10.8
  libcurl3t64-gnutls              8.5.0-2ubuntu10.8
  libcurl4t64                     8.5.0-2ubuntu10.8

Ubuntu 22.04 LTS
  curl                            7.81.0-1ubuntu1.23
  libcurl3-gnutls                 7.81.0-1ubuntu1.23
  libcurl3-nss                    7.81.0-1ubuntu1.23
  libcurl4                        7.81.0-1ubuntu1.23

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8084-1

CVE-2025-0167, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784,

CVE-2026-3805

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8084-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.