Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in curl.
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Harry Sintonen discovered that curl incorrectly handled credentials when
following HTTP redirects in conjunction with .netrc files. An attacker
could possibly use this issue to obtain sensitive information. This issue
only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.
(CVE-2024-11053)
Hiroki Kurosawa discovered that curl incorrectly handled OCSP stapling
responses. A remote attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu
18.04 LTS. (CVE-2024-8096)
Joshua Rogers discovered that curl had a use-after-free vulnerability when
resetting and cleaning up HTTP/2 stream handles. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary code. This
issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10.
(CVE-2026-10...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
curl 8.18.0-1ubuntu2.3
libcurl3t64-gnutls 8.18.0-1ubuntu2.3
libcurl4-gnutls-dev 8.18.0-1ubuntu2.3
libcurl4-openssl-dev 8.18.0-1ubuntu2.3
libcurl4t64 8.18.0-1ubuntu2.3
Ubuntu 25.10
curl 8.14.1-2ubuntu1.5
libcurl3t64-gnutls 8.14.1-2ubuntu1.5
libcurl4-gnutls-dev 8.14.1-2ubuntu1.5
libcurl4-openssl-dev 8.14.1-2ubuntu1.5
libcurl4t64 8.14.1-2ubuntu1.5
Ubuntu 24.04 LTS
curl 8.5.0-2ubuntu10.11
libcurl3t64-gnutls 8.5.0-2ubuntu10.11
libcurl4-gnutls-dev 8.5.0-2ubuntu10.11
libcurl4-openssl-dev 8.5.0-2ubuntu10.11
libcurl4t64 8.5.0-2ubuntu10.11
Ubuntu 20.04 LTS
curl 7.68.0-1ubuntu2.25+esm5
Available with Ubuntu Pro
libcurl3-gnutls 7.68.0-1ubuntu2.25+esm5
Available with Ubuntu Pro
libcurl3-nss 7.68.0-1ubuntu2.25+esm5
Available with Ubuntu Pro
libcurl4 7.68.0-1ubuntu2.25+esm5
Available with Ubuntu Pro
libcurl4-gnutls-dev 7.68.0-1ubuntu2.25+esm5
Available with Ubuntu Pro
libcurl4-nss-dev 7.68.0-1ubuntu2.25+esm5
Available with Ubuntu Pro
libcurl4-openssl-dev 7.68.0-1ubuntu2.25+esm5
Available with Ubuntu Pro
Ubuntu 18.04 LTS
curl 7.58.0-2ubuntu3.24+esm10
Available with Ubuntu Pro
libcurl3-gnutls 7.58.0-2ubuntu3.24+esm10
Available with Ubuntu Pro
libcurl3-nss 7.58.0-2ubuntu3.24+esm10
Available with Ubuntu Pro
libcurl4 7.58.0-2ubuntu3.24+esm10
Available with Ubuntu Pro
libcurl4-gnutls-dev 7.58.0-2ubuntu3.24+esm10
Available with Ubuntu Pro
libcurl4-nss-dev 7.58.0-2ubuntu3.24+esm10
Available with Ubuntu Pro
libcurl4-openssl-dev 7.58.0-2ubuntu3.24+esm10
Available with Ubuntu Pro
Ubuntu 16.04 LTS
curl 7.47.0-1ubuntu2.19+esm17
Available with Ubuntu Pro
libcurl3 7.47.0-1ubuntu2.19+esm17
Available with Ubuntu Pro
libcurl3-gnutls 7.47.0-1ubuntu2.19+esm17
Available with Ubuntu Pro
libcurl3-nss 7.47.0-1ubuntu2.19+esm17
Available with Ubuntu Pro
libcurl4-gnutls-dev 7.47.0-1ubuntu2.19+esm17
Available with Ubuntu Pro
libcurl4-nss-dev 7.47.0-1ubuntu2.19+esm17
Available with Ubuntu Pro
libcurl4-openssl-dev 7.47.0-1ubuntu2.19+esm17
Available with Ubuntu Pro
Ubuntu 14.04 LTS
curl 7.35.0-1ubuntu2.20+esm21
Available with Ubuntu Pro
libcurl3 7.35.0-1ubuntu2.20+esm21
Available with Ubuntu Pro
libcurl3-gnutls 7.35.0-1ubuntu2.20+esm21
Available with Ubuntu Pro
libcurl3-nss 7.35.0-1ubuntu2.20+esm21
Available with Ubuntu Pro
libcurl4-gnutls-dev 7.35.0-1ubuntu2.20+esm21
Available with Ubuntu Pro
libcurl4-nss-dev 7.35.0-1ubuntu2.20+esm21
Available with Ubuntu Pro
libcurl4-openssl-dev 7.35.0-1ubuntu2.20+esm21
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-8525-1
CVE-2024-11053, CVE-2024-8096, CVE-2026-10536, CVE-2026-11352,
CVE-2026-11564, CVE-2026-11586, CVE-2026-12064, CVE-2026-5545,
CVE-2026-5773, CVE-2026-7168
Get the latest Linux and open source security news straight to your inbox.