Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

Ubuntu 26.04 curl Security Advisory USN-8525-1 Critical Risks and Fixes

ubuntu
Calendar Grey July 9, 2026
Dist Ubuntu Esm H88
Multiple security issues resolved in curl for various Ubuntu versions addressing sensitive information exposure and denial of service.
Several security issues were fixed in curl.

Summary

Several security issues were fixed in curl.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Harry Sintonen discovered that curl incorrectly handled credentials when

following HTTP redirects in conjunction with .netrc files. An attacker

could possibly use this issue to obtain sensitive information. This issue

only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.

(CVE-2024-11053)

Hiroki Kurosawa discovered that curl incorrectly handled OCSP stapling

responses. A remote attacker could possibly use this issue to obtain

sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu

18.04 LTS. (CVE-2024-8096)

Joshua Rogers discovered that curl had a use-after-free vulnerability when

resetting and cleaning up HTTP/2 stream handles. An attacker could possibly

use this issue to cause a denial of service or execute arbitrary code. This

issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10.

(CVE-2026-10...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  curl                            8.18.0-1ubuntu2.3
  libcurl3t64-gnutls              8.18.0-1ubuntu2.3
  libcurl4-gnutls-dev             8.18.0-1ubuntu2.3
  libcurl4-openssl-dev            8.18.0-1ubuntu2.3
  libcurl4t64                     8.18.0-1ubuntu2.3

Ubuntu 25.10
  curl                            8.14.1-2ubuntu1.5
  libcurl3t64-gnutls              8.14.1-2ubuntu1.5
  libcurl4-gnutls-dev             8.14.1-2ubuntu1.5
  libcurl4-openssl-dev            8.14.1-2ubuntu1.5
  libcurl4t64                     8.14.1-2ubuntu1.5

Ubuntu 24.04 LTS
  curl                            8.5.0-2ubuntu10.11
  libcurl3t64-gnutls              8.5.0-2ubuntu10.11
  libcurl4-gnutls-dev             8.5.0-2ubuntu10.11
  libcurl4-openssl-dev            8.5.0-2ubuntu10.11
  libcurl4t64                     8.5.0-2ubuntu10.11

Ubuntu 20.04 LTS
  curl                            7.68.0-1ubuntu2.25+esm5
                                  Available with Ubuntu Pro
  libcurl3-gnutls                 7.68.0-1ubuntu2.25+esm5
                                  Available with Ubuntu Pro
  libcurl3-nss                    7.68.0-1ubuntu2.25+esm5
                                  Available with Ubuntu Pro
  libcurl4                        7.68.0-1ubuntu2.25+esm5
                                  Available with Ubuntu Pro
  libcurl4-gnutls-dev             7.68.0-1ubuntu2.25+esm5
                                  Available with Ubuntu Pro
  libcurl4-nss-dev                7.68.0-1ubuntu2.25+esm5
                                  Available with Ubuntu Pro
  libcurl4-openssl-dev            7.68.0-1ubuntu2.25+esm5
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  curl                            7.58.0-2ubuntu3.24+esm10
                                  Available with Ubuntu Pro
  libcurl3-gnutls                 7.58.0-2ubuntu3.24+esm10
                                  Available with Ubuntu Pro
  libcurl3-nss                    7.58.0-2ubuntu3.24+esm10
                                  Available with Ubuntu Pro
  libcurl4                        7.58.0-2ubuntu3.24+esm10
                                  Available with Ubuntu Pro
  libcurl4-gnutls-dev             7.58.0-2ubuntu3.24+esm10
                                  Available with Ubuntu Pro
  libcurl4-nss-dev                7.58.0-2ubuntu3.24+esm10
                                  Available with Ubuntu Pro
  libcurl4-openssl-dev            7.58.0-2ubuntu3.24+esm10
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  curl                            7.47.0-1ubuntu2.19+esm17
                                  Available with Ubuntu Pro
  libcurl3                        7.47.0-1ubuntu2.19+esm17
                                  Available with Ubuntu Pro
  libcurl3-gnutls                 7.47.0-1ubuntu2.19+esm17
                                  Available with Ubuntu Pro
  libcurl3-nss                    7.47.0-1ubuntu2.19+esm17
                                  Available with Ubuntu Pro
  libcurl4-gnutls-dev             7.47.0-1ubuntu2.19+esm17
                                  Available with Ubuntu Pro
  libcurl4-nss-dev                7.47.0-1ubuntu2.19+esm17
                                  Available with Ubuntu Pro
  libcurl4-openssl-dev            7.47.0-1ubuntu2.19+esm17
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  curl                            7.35.0-1ubuntu2.20+esm21
                                  Available with Ubuntu Pro
  libcurl3                        7.35.0-1ubuntu2.20+esm21
                                  Available with Ubuntu Pro
  libcurl3-gnutls                 7.35.0-1ubuntu2.20+esm21
                                  Available with Ubuntu Pro
  libcurl3-nss                    7.35.0-1ubuntu2.20+esm21
                                  Available with Ubuntu Pro
  libcurl4-gnutls-dev             7.35.0-1ubuntu2.20+esm21
                                  Available with Ubuntu Pro
  libcurl4-nss-dev                7.35.0-1ubuntu2.20+esm21
                                  Available with Ubuntu Pro
  libcurl4-openssl-dev            7.35.0-1ubuntu2.20+esm21
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8525-1

CVE-2024-11053, CVE-2024-8096, CVE-2026-10536, CVE-2026-11352,

CVE-2026-11564, CVE-2026-11586, CVE-2026-12064, CVE-2026-5545,

CVE-2026-5773, CVE-2026-7168

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8525-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.