Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu curl Important Security Issues Denial of Service USN-8487-1

ubuntu
Calendar Grey June 30, 2026
Dist Ubuntu Esm H88
Multiple security issues were addressed in curl for various Ubuntu releases to enhance system integrity and security.
Several security issues were fixed in curl.

Summary

Several security issues were fixed in curl.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Andrew Nesbitt discovered that curl could reuse an existing live

connection during STARTTLS-based connection upgrades even when the TLS

configuration did not match. A remote attacker could possibly use this

issue to cause curl to use an unintended TLS configuration.

(CVE-2026-8286)

Muhamad Arga Reksapati discovered that curl incorrectly reused

connections for Negotiate-authenticated requests when different services

were involved. A remote attacker could possibly use this issue to access

resources authenticated for another service. This issue only affected

Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS,

Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-8458)

It was discovered that curl incorrectly handled cookie parsing in

certain circumstances. A remote attacker could possibly use this issue

to set cookies that would be transmi...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  curl                            8.18.0-1ubuntu2.2
  libcurl3t64-gnutls              8.18.0-1ubuntu2.2
  libcurl4-gnutls-dev             8.18.0-1ubuntu2.2
  libcurl4-openssl-dev            8.18.0-1ubuntu2.2
  libcurl4t64                     8.18.0-1ubuntu2.2

Ubuntu 25.10
  curl                            8.14.1-2ubuntu1.4
  libcurl3t64-gnutls              8.14.1-2ubuntu1.4
  libcurl4-gnutls-dev             8.14.1-2ubuntu1.4
  libcurl4-openssl-dev            8.14.1-2ubuntu1.4
  libcurl4t64                     8.14.1-2ubuntu1.4

Ubuntu 24.04 LTS
  curl                            8.5.0-2ubuntu10.10
  libcurl3t64-gnutls              8.5.0-2ubuntu10.10
  libcurl4-gnutls-dev             8.5.0-2ubuntu10.10
  libcurl4-openssl-dev            8.5.0-2ubuntu10.10
  libcurl4t64                     8.5.0-2ubuntu10.10

Ubuntu 22.04 LTS
  curl                            7.81.0-1ubuntu1.25
  libcurl3-gnutls                 7.81.0-1ubuntu1.25
  libcurl3-nss                    7.81.0-1ubuntu1.25
  libcurl4                        7.81.0-1ubuntu1.25
  libcurl4-gnutls-dev             7.81.0-1ubuntu1.25
  libcurl4-nss-dev                7.81.0-1ubuntu1.25
  libcurl4-openssl-dev            7.81.0-1ubuntu1.25

Ubuntu 20.04 LTS
  curl                            7.68.0-1ubuntu2.25+esm4
                                  Available with Ubuntu Pro
  libcurl3-gnutls                 7.68.0-1ubuntu2.25+esm4
                                  Available with Ubuntu Pro
  libcurl3-nss                    7.68.0-1ubuntu2.25+esm4
                                  Available with Ubuntu Pro
  libcurl4                        7.68.0-1ubuntu2.25+esm4
                                  Available with Ubuntu Pro
  libcurl4-gnutls-dev             7.68.0-1ubuntu2.25+esm4
                                  Available with Ubuntu Pro
  libcurl4-nss-dev                7.68.0-1ubuntu2.25+esm4
                                  Available with Ubuntu Pro
  libcurl4-openssl-dev            7.68.0-1ubuntu2.25+esm4
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  curl                            7.58.0-2ubuntu3.24+esm9
                                  Available with Ubuntu Pro
  libcurl3-gnutls                 7.58.0-2ubuntu3.24+esm9
                                  Available with Ubuntu Pro
  libcurl3-nss                    7.58.0-2ubuntu3.24+esm9
                                  Available with Ubuntu Pro
  libcurl4                        7.58.0-2ubuntu3.24+esm9
                                  Available with Ubuntu Pro
  libcurl4-gnutls-dev             7.58.0-2ubuntu3.24+esm9
                                  Available with Ubuntu Pro
  libcurl4-nss-dev                7.58.0-2ubuntu3.24+esm9
                                  Available with Ubuntu Pro
  libcurl4-openssl-dev            7.58.0-2ubuntu3.24+esm9
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  curl                            7.47.0-1ubuntu2.19+esm16
                                  Available with Ubuntu Pro
  libcurl3                        7.47.0-1ubuntu2.19+esm16
                                  Available with Ubuntu Pro
  libcurl3-gnutls                 7.47.0-1ubuntu2.19+esm16
                                  Available with Ubuntu Pro
  libcurl3-nss                    7.47.0-1ubuntu2.19+esm16
                                  Available with Ubuntu Pro
  libcurl4-gnutls-dev             7.47.0-1ubuntu2.19+esm16
                                  Available with Ubuntu Pro
  libcurl4-nss-dev                7.47.0-1ubuntu2.19+esm16
                                  Available with Ubuntu Pro
  libcurl4-openssl-dev            7.47.0-1ubuntu2.19+esm16
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  curl                            7.35.0-1ubuntu2.20+esm20
                                  Available with Ubuntu Pro
  libcurl3                        7.35.0-1ubuntu2.20+esm20
                                  Available with Ubuntu Pro
  libcurl3-gnutls                 7.35.0-1ubuntu2.20+esm20
                                  Available with Ubuntu Pro
  libcurl3-nss                    7.35.0-1ubuntu2.20+esm20
                                  Available with Ubuntu Pro
  libcurl4-gnutls-dev             7.35.0-1ubuntu2.20+esm20
                                  Available with Ubuntu Pro
  libcurl4-nss-dev                7.35.0-1ubuntu2.20+esm20
                                  Available with Ubuntu Pro
  libcurl4-openssl-dev            7.35.0-1ubuntu2.20+esm20
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8487-1

CVE-2026-8286, CVE-2026-8458, CVE-2026-8924, CVE-2026-8925,

CVE-2026-8926, CVE-2026-8927, CVE-2026-9079, CVE-2026-9080,

CVE-2026-9545, CVE-2026-9547

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8487-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here