Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
202
security advisoryimportantcurlopenSUSE Curl Important Netrc Credential Leak Advisory SUSE-SU-2026-1717-1
An update that solves six vulnerabilities can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2026:1717-1 Release Date: 2026-05-06T12:14:02Z Rating: important References: * bsc#1259362 * bsc#1262631 * bsc#1262632 * bsc#1262635 * bsc#1262636 * bsc#1262638 Cross-References: * CVE-2026-1965 * CVE-2026-4873 * CVE-2026-5545 * CVE-2026-6253 * CVE-2026-6276 * CVE-2026-6429 CVSS scores: * CVE-2026-1965 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2026-1965 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-1965 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-4873 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4873 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-5545 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-5545 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-6253 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6253 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6276 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6276 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6429 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6429 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves six vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: Security issues fixed: * CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). * CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). * CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). * CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). * CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: * sws: prevent "connection monitor" to say disconnect twice (bsc#1259362). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1717=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1717=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1717=1 SUSE-SLE-Product- SLES_SAP-15-SP5-2026-1717=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1717=1 *SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1717=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1717=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1717=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1717=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1717=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1717=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1717=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1717=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1717=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1717=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1717=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1717=1 SUSE-SLE- INSTALLER-15-SP4-2026-1717=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1717=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-1717=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-1717=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-1717=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-1717=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-1717=1 * SUSEManager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-1717=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) *libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise HighPerformance Computing LTSS 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libcurl-devel-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libcurl-devel-8.14.1-150400.5.83.1 * curl-mini-debugsource-8.14.1-150400.5.83.1 * libcurl4-8.14.1-150400.5.83.1 * curl-debugsource-8.14.1-150400.5.83.1 * curl-debuginfo-8.14.1-150400.5.83.1 * libcurl-mini4-debuginfo-8.14.1-150400.5.83.1 * libcurl-mini4-8.14.1-150400.5.83.1 * libcurl4-debuginfo-8.14.1-150400.5.83.1 * curl-8.14.1-150400.5.83.1 * openSUSE Leap 15.4 (noarch) *curl-zsh-completion-8.14.1-150400.5.83.1 * curl-fish-completion-8.14.1-150400.5.83.1 * libcurl-devel-doc-8.14.1-150400.5.83.1 * openSUSE Leap 15.4 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.83.1 * libcurl4-32bit-8.14.1-150400.5.83.1 * libcurl-devel-32bit-8.14.1-150400.5.83.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcurl4-64bit-8.14.1-150400.5.83.1 * libcurl-devel-64bit-8.14.1-150400.5.83.1 * libcurl4-64bit-debuginfo-8.14.1-150400.5.83.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libcurl4-8.14.1-150400.5.83.1 * SUSE Manager Proxy 4.3 (x86_64) * libcurl4-8.14.1-150400.5.83.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1965.html * https://www.suse.com/security/cve/CVE-2026-4873.html * https://www.suse.com/security/cve/CVE-2026-5545.html * https://www.suse.com/security/cve/CVE-2026-6253.html * https://www.suse.com/security/cve/CVE-2026-6276.html * https://www.suse.com/security/cve/CVE-2026-6429.html * https://bugzilla.suse.com/show_bug.cgi?id=1259362 * https://bugzilla.suse.com/show_bug.cgi?id=1262631 * https://bugzilla.suse.com/show_bug.cgi?id=1262632 * https://bugzilla.suse.com/show_bug.cgi?id=1262635 * https://bugzilla.suse.com/show_bug.cgi?id=1262636 * https://bugzilla.suse.com/show_bug.cgi?id=1262638 . A security update for openSUSE curl addressing multiple important vulnerabilities is now available for installation.. SUSE Linux, curl vulnerabilities, openSUSE update, important security patches. . Severity: Important. LinuxSecurity.com Team
May 06, 2026
•Important
OpenSUSE
100
security advisorySuSEimportantSUSE Linux Micro 6.1 Curl Important Connection Issues 2026-21452-1
An update that solves six vulnerabilities can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2026:21452-1 Release Date: 2026-04-30T14:47:08Z Rating: important References: * bsc#1259362 * bsc#1262631 * bsc#1262632 * bsc#1262635 * bsc#1262636 * bsc#1262638 Cross-References: * CVE-2026-1965 * CVE-2026-4873 * CVE-2026-5545 * CVE-2026-6253 * CVE-2026-6276 * CVE-2026-6429 CVSS scores: * CVE-2026-1965 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2026-1965 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-1965 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-4873 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4873 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-5545 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-5545 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-6253 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6253 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6276 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6276 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6429 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6429 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: Security issues fixed: * CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). * CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). * CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). * CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). * CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). Other updates and bugfixes: * sws: prevent "connection monitor" to say disconnect twice (bsc#1259362). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-517=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * curl-8.14.1-slfo.1.1_7.1 * libcurl4-8.14.1-slfo.1.1_7.1 * curl-debugsource-8.14.1-slfo.1.1_7.1 * libcurl4-debuginfo-8.14.1-slfo.1.1_7.1 * curl-debuginfo-8.14.1-slfo.1.1_7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1965.html * https://www.suse.com/security/cve/CVE-2026-4873.html * https://www.suse.com/security/cve/CVE-2026-5545.html * https://www.suse.com/security/cve/CVE-2026-6253.html * https://www.suse.com/security/cve/CVE-2026-6276.html * https://www.suse.com/security/cve/CVE-2026-6429.html * https://bugzilla.suse.com/show_bug.cgi?id=1259362 * https://bugzilla.suse.com/show_bug.cgi?id=1262631 * https://bugzilla.suse.com/show_bug.cgi?id=1262632 * https://bugzilla.suse.com/show_bug.cgi?id=1262635 * https://bugzilla.suse.com/show_bug.cgi?id=1262636 * https://bugzilla.suse.com/show_bug.cgi?id=1262638 . An update for curl in SUSE addresses six important issues including credential leaks and connection reuse problems.. curl vulnerabilities update SUSE security fixes. . Severity: Important. LinuxSecurity.com Team
May 04, 2026
•Important
SuSE
219
security advisorymoderatesoftware updateRocky Linux 8 RLSA-2023:4523 Moderate: Curl Connection Issues
Moderate: curl security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:4523", "synopsis": "Moderate: curl security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for curl.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es):\n\n* curl: GSS delegation too eager connection re-use (CVE-2023-27536)\n\n* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2179092", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2179092", "description": ""}, {"ticket": "2196786", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786", "description": ""}], "cves": [{"name": "CVE-2023-27536", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-27536", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.9", "cwe": "CWE-305"}, {"name": "CVE-2023-28321", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-28321", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "cvss3BaseScore": "5.9", "cwe": "CWE-295"}], "references": [], "publishedAt": "2023-10-06T23:10:01.903350Z", "rpms": {"Rocky Linux 8": {"nvras": ["curl-0:7.61.1-30.el8_8.3.aarch64.rpm", "curl-0:7.61.1-30.el8_8.3.src.rpm", "curl-debuginfo-0:7.61.1-30.el8_8.3.aarch64.rpm", "curl-debugsource-0:7.61.1-30.el8_8.3.aarch64.rpm","libcurl-0:7.61.1-30.el8_8.3.aarch64.rpm", "libcurl-debuginfo-0:7.61.1-30.el8_8.3.aarch64.rpm", "libcurl-devel-0:7.61.1-30.el8_8.3.aarch64.rpm", "libcurl-minimal-0:7.61.1-30.el8_8.3.aarch64.rpm", "libcurl-minimal-debuginfo-0:7.61.1-30.el8_8.3.aarch64.rpm", "curl-0:7.61.1-30.el8_8.3.x86_64.rpm", "curl-debuginfo-0:7.61.1-30.el8_8.3.i686.rpm", "curl-debuginfo-0:7.61.1-30.el8_8.3.x86_64.rpm", "curl-debugsource-0:7.61.1-30.el8_8.3.i686.rpm", "curl-debugsource-0:7.61.1-30.el8_8.3.x86_64.rpm", "libcurl-0:7.61.1-30.el8_8.3.i686.rpm", "libcurl-0:7.61.1-30.el8_8.3.x86_64.rpm", "libcurl-debuginfo-0:7.61.1-30.el8_8.3.i686.rpm", "libcurl-debuginfo-0:7.61.1-30.el8_8.3.x86_64.rpm", "libcurl-devel-0:7.61.1-30.el8_8.3.i686.rpm", "libcurl-devel-0:7.61.1-30.el8_8.3.x86_64.rpm", "libcurl-minimal-0:7.61.1-30.el8_8.3.i686.rpm", "libcurl-minimal-0:7.61.1-30.el8_8.3.x86_64.rpm", "libcurl-minimal-debuginfo-0:7.61.1-30.el8_8.3.i686.rpm", "libcurl-minimal-debuginfo-0:7.61.1-30.el8_8.3.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A moderate vulnerability in Curl has been patched for Rocky Linux 8. It's advisable to update your system to bolster its security.. Curl Security Fix, Rocky Linux Update, Certificate Validation Issues. . LinuxSecurity.com Team
Oct 06, 2023
Rocky Linux
217
security advisorymoderatesecurity updateOracle Linux 8 ELSA-2023-4523 Moderate: Curl Connection Fixes
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-4523 https://linux.oracle.com/errata/ELSA-2023-4523.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: curl-7.61.1-30.el8_8.3.x86_64.rpm libcurl-7.61.1-30.el8_8.3.i686.rpm libcurl-7.61.1-30.el8_8.3.x86_64.rpm libcurl-devel-7.61.1-30.el8_8.3.i686.rpm libcurl-devel-7.61.1-30.el8_8.3.x86_64.rpm libcurl-minimal-7.61.1-30.el8_8.3.i686.rpm libcurl-minimal-7.61.1-30.el8_8.3.x86_64.rpm aarch64: curl-7.61.1-30.el8_8.3.aarch64.rpm libcurl-7.61.1-30.el8_8.3.aarch64.rpm libcurl-devel-7.61.1-30.el8_8.3.aarch64.rpm libcurl-minimal-7.61.1-30.el8_8.3.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//curl-7.61.1-30.el8_8.3.src.rpm Related CVEs: CVE-2023-27536 CVE-2023-28321 Description of changes: [7.61.1-30.el8_8.3] - GSS delegation too eager connection re-use (CVE-2023-27536) - fix host name wildcard checking (CVE-2023-28321) - rebuild certs with 2048-bit RSA keys _______________________________________________ El-errata mailing list
Aug 10, 2023
•Important
Oracle
98
security advisorymoderatesoftware updateRed Hat Enterprise Linux 8 RHSA-2023-4523-01 Moderate: Curl Security Update
An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security update Advisory ID: RHSA-2023:4523-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4523 Issue date: 2023-08-08 CVE Names: CVE-2023-27536 CVE-2023-28321 ===================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: GSS delegation too eager connection re-use (CVE-2023-27536) * curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2179092 -CVE-2023-27536 curl: GSS delegation too eager connection re-use 2196786 - CVE-2023-28321 curl: IDN wildcard match may lead to Improper Cerificate Validation 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: curl-7.61.1-30.el8_8.3.src.rpm aarch64: curl-7.61.1-30.el8_8.3.aarch64.rpm curl-debuginfo-7.61.1-30.el8_8.3.aarch64.rpm curl-debugsource-7.61.1-30.el8_8.3.aarch64.rpm curl-minimal-debuginfo-7.61.1-30.el8_8.3.aarch64.rpm libcurl-7.61.1-30.el8_8.3.aarch64.rpm libcurl-debuginfo-7.61.1-30.el8_8.3.aarch64.rpm libcurl-devel-7.61.1-30.el8_8.3.aarch64.rpm libcurl-minimal-7.61.1-30.el8_8.3.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.aarch64.rpm ppc64le: curl-7.61.1-30.el8_8.3.ppc64le.rpm curl-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm curl-debugsource-7.61.1-30.el8_8.3.ppc64le.rpm curl-minimal-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm libcurl-7.61.1-30.el8_8.3.ppc64le.rpm libcurl-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm libcurl-devel-7.61.1-30.el8_8.3.ppc64le.rpm libcurl-minimal-7.61.1-30.el8_8.3.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.ppc64le.rpm s390x: curl-7.61.1-30.el8_8.3.s390x.rpm curl-debuginfo-7.61.1-30.el8_8.3.s390x.rpm curl-debugsource-7.61.1-30.el8_8.3.s390x.rpm curl-minimal-debuginfo-7.61.1-30.el8_8.3.s390x.rpm libcurl-7.61.1-30.el8_8.3.s390x.rpm libcurl-debuginfo-7.61.1-30.el8_8.3.s390x.rpm libcurl-devel-7.61.1-30.el8_8.3.s390x.rpm libcurl-minimal-7.61.1-30.el8_8.3.s390x.rpm libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.s390x.rpm x86_64: curl-7.61.1-30.el8_8.3.x86_64.rpm curl-debuginfo-7.61.1-30.el8_8.3.i686.rpm curl-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm curl-debugsource-7.61.1-30.el8_8.3.i686.rpm curl-debugsource-7.61.1-30.el8_8.3.x86_64.rpm curl-minimal-debuginfo-7.61.1-30.el8_8.3.i686.rpm curl-minimal-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm libcurl-7.61.1-30.el8_8.3.i686.rpm libcurl-7.61.1-30.el8_8.3.x86_64.rpm libcurl-debuginfo-7.61.1-30.el8_8.3.i686.rpm libcurl-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm libcurl-devel-7.61.1-30.el8_8.3.i686.rpm libcurl-devel-7.61.1-30.el8_8.3.x86_64.rpm libcurl-minimal-7.61.1-30.el8_8.3.i686.rpm libcurl-minimal-7.61.1-30.el8_8.3.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.i686.rpm libcurl-minimal-debuginfo-7.61.1-30.el8_8.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-27536 https://access.redhat.com/security/cve/CVE-2023-28321 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk0lAVAAoJENzjgjWX9erEToIP/1mHLNCNDQXyH65Qn144+9df 6S/oiWeUDzh2nOmt/sQb35k7Mm6RNYFDtPFSgxLENye6whymeDD11YeUNE02kHRz m0RSoL3AZocS/EjV5vSuJViTdVe0VInheEIUNt8a8s2xpYh1BWBUxnGGc0sJcPJG 3FoPzck93D6niRUTdsx7MH+qUcY2L4rIvtzX2KgJWd4hYm3A7eS8EW3uWS+ob/6U Fn0AfhCv4J74mX9QfF6eUYY4qb2eego+Br+stOt0Lp1rk2ddKf458D5JQq+ktMIA bTVBiDY9JDbBK0td8mNTR91bEKCYwE4adi0VbVtfixMlKG2Hl/OAYPssO5zxDnMM oH3HxdEHmISNmqNimdsc/6Ecyb9LXevSUCcI/hty6BV+jCTw1j4ghk4FZEXTPkyM FmVWnl18MqcW4iGLK9tmyTH/D4JNfj+JtiBblaVbDteV+LbhMLsNHnXdujwwuTy4 0XJ2s5pN7q2x3PSCXoleFLkL+DLtP8jYcXxbs6J6oD29ebVMa2iStY7i2mb/92YE fqs9TydNmXwOZJsp5P6ThwLySD1CcwZdWFuGVulfbm6Mvn2RwR8dFZPYO2wUjntL hEf8zVdTRKfv6tz3a3NNSKZP583WhURip1uLZcBTOtQrH3otY8D/0wQJCsHb69U2 mqeV5Shl7CB/jsathhUK =wvSp -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 08, 2023
Red Hat
98
security advisorymoderatesecurity issueRed Hat Enterprise Linux 9: RHSA-2023-2650 Moderate: Curl FTP Risk
An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security update Advisory ID: RHSA-2023:2650-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2650 Issue date: 2023-05-09 CVE Names: CVE-2023-27535 ==================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: FTP too eager connection reuse (CVE-2023-27535) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2179073 - CVE-2023-27535 curl: FTP too eager connectionreuse 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): aarch64: curl-debuginfo-7.76.1-23.el9_2.1.aarch64.rpm curl-debugsource-7.76.1-23.el9_2.1.aarch64.rpm curl-minimal-debuginfo-7.76.1-23.el9_2.1.aarch64.rpm libcurl-debuginfo-7.76.1-23.el9_2.1.aarch64.rpm libcurl-devel-7.76.1-23.el9_2.1.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9_2.1.aarch64.rpm ppc64le: curl-debuginfo-7.76.1-23.el9_2.1.ppc64le.rpm curl-debugsource-7.76.1-23.el9_2.1.ppc64le.rpm curl-minimal-debuginfo-7.76.1-23.el9_2.1.ppc64le.rpm libcurl-debuginfo-7.76.1-23.el9_2.1.ppc64le.rpm libcurl-devel-7.76.1-23.el9_2.1.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-23.el9_2.1.ppc64le.rpm s390x: curl-debuginfo-7.76.1-23.el9_2.1.s390x.rpm curl-debugsource-7.76.1-23.el9_2.1.s390x.rpm curl-minimal-debuginfo-7.76.1-23.el9_2.1.s390x.rpm libcurl-debuginfo-7.76.1-23.el9_2.1.s390x.rpm libcurl-devel-7.76.1-23.el9_2.1.s390x.rpm libcurl-minimal-debuginfo-7.76.1-23.el9_2.1.s390x.rpm x86_64: curl-debuginfo-7.76.1-23.el9_2.1.i686.rpm curl-debuginfo-7.76.1-23.el9_2.1.x86_64.rpm curl-debugsource-7.76.1-23.el9_2.1.i686.rpm curl-debugsource-7.76.1-23.el9_2.1.x86_64.rpm curl-minimal-debuginfo-7.76.1-23.el9_2.1.i686.rpm curl-minimal-debuginfo-7.76.1-23.el9_2.1.x86_64.rpm libcurl-debuginfo-7.76.1-23.el9_2.1.i686.rpm libcurl-debuginfo-7.76.1-23.el9_2.1.x86_64.rpm libcurl-devel-7.76.1-23.el9_2.1.i686.rpm libcurl-devel-7.76.1-23.el9_2.1.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9_2.1.i686.rpm libcurl-minimal-debuginfo-7.76.1-23.el9_2.1.x86_64.rpm Red Hat Enterprise Linux BaseOS (v.9): Source: curl-7.76.1-23.el9_2.1.src.rpm aarch64: curl-7.76.1-23.el9_2.1.aarch64.rpm curl-debuginfo-7.76.1-23.el9_2.1.aarch64.rpm curl-debugsource-7.76.1-23.el9_2.1.aarch64.rpm curl-minimal-7.76.1-23.el9_2.1.aarch64.rpm curl-minimal-debuginfo-7.76.1-23.el9_2.1.aarch64.rpm libcurl-7.76.1-23.el9_2.1.aarch64.rpm libcurl-debuginfo-7.76.1-23.el9_2.1.aarch64.rpm libcurl-minimal-7.76.1-23.el9_2.1.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9_2.1.aarch64.rpm ppc64le: curl-7.76.1-23.el9_2.1.ppc64le.rpm curl-debuginfo-7.76.1-23.el9_2.1.ppc64le.rpm curl-debugsource-7.76.1-23.el9_2.1.ppc64le.rpm curl-minimal-7.76.1-23.el9_2.1.ppc64le.rpm curl-minimal-debuginfo-7.76.1-23.el9_2.1.ppc64le.rpm libcurl-7.76.1-23.el9_2.1.ppc64le.rpm libcurl-debuginfo-7.76.1-23.el9_2.1.ppc64le.rpm libcurl-minimal-7.76.1-23.el9_2.1.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-23.el9_2.1.ppc64le.rpm s390x: curl-7.76.1-23.el9_2.1.s390x.rpm curl-debuginfo-7.76.1-23.el9_2.1.s390x.rpm curl-debugsource-7.76.1-23.el9_2.1.s390x.rpm curl-minimal-7.76.1-23.el9_2.1.s390x.rpm curl-minimal-debuginfo-7.76.1-23.el9_2.1.s390x.rpm libcurl-7.76.1-23.el9_2.1.s390x.rpm libcurl-debuginfo-7.76.1-23.el9_2.1.s390x.rpm libcurl-minimal-7.76.1-23.el9_2.1.s390x.rpm libcurl-minimal-debuginfo-7.76.1-23.el9_2.1.s390x.rpm x86_64: curl-7.76.1-23.el9_2.1.x86_64.rpm curl-debuginfo-7.76.1-23.el9_2.1.i686.rpm curl-debuginfo-7.76.1-23.el9_2.1.x86_64.rpm curl-debugsource-7.76.1-23.el9_2.1.i686.rpm curl-debugsource-7.76.1-23.el9_2.1.x86_64.rpm curl-minimal-7.76.1-23.el9_2.1.x86_64.rpm curl-minimal-debuginfo-7.76.1-23.el9_2.1.i686.rpm curl-minimal-debuginfo-7.76.1-23.el9_2.1.x86_64.rpm libcurl-7.76.1-23.el9_2.1.i686.rpm libcurl-7.76.1-23.el9_2.1.x86_64.rpm libcurl-debuginfo-7.76.1-23.el9_2.1.i686.rpm libcurl-debuginfo-7.76.1-23.el9_2.1.x86_64.rpm libcurl-minimal-7.76.1-23.el9_2.1.i686.rpm libcurl-minimal-7.76.1-23.el9_2.1.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-23.el9_2.1.i686.rpm libcurl-minimal-debuginfo-7.76.1-23.el9_2.1.x86_64.rpm These packages are GPG signed by RedHat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFo12dzjgjWX9erEAQinOg/+J1KYUySRXZuGAKLoNKOLhYbW2hxBzBOi ciNitTjWAGH4DROdDgEuNjVxG3sioZiSnuNR+1PcJV6jDhNPpfA1uUfU40hpl3fK iTPfZhMd6DdnlJLX7B5z2Iz4feR2UKFln3yP9bJuk+3ouZJqzvdbEAofk0A3C0a2 H3l/HU7taaqg5BnqIYrzLlkX5M/scaF46Xn5cbp/zoD5GJpFCoX86Tci8gNclmrQ IOvQ+kpji9whgfjpMMiSknoU44fwc0Y/PyClAiBFamIVSxBzAgHomJ467aaEomGr V+EdP2eNgrgPHChlDCKh2E4t5zjvZlF2w9izw5uygR0GF8u4uRD/EXE7RmLxoGTr 5H5OW0C4A5LSXHymOGXpnx8qXrmXrNWjyvtnvn1SJhjPx+lbO4iuTIlz3Rgy9zJ6 u8SSy6h6XcpmyrKL8W86LgFB3S+lPTnoRbupNiDRfzrkVPokpQArS1AL8LKMuahE ZnUjMwIBfrCRfLJKI3ssk8OValhdS4irBqkvm7zZ2PqvmVfrKQXMMHONHmjSIxBH Rhn56WKKvTNgFnZH8ts2mons7oJnt9SADGxiKJljfDVbHB8aOq/y512/HbI79WHf qgMBFAHG9PD5/wNeBiXzJlDveGkzn8fSCu9pnx0jHSPJKSKOcHelqKvsbVti88pL Aa/f/3zOpuw=k2pn -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 09, 2023
Red Hat
217
security advisorymoderate severitycurl updateOracle Linux 8 ELSA-2022-5313 Moderate: Curl Security Fixes
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-5313 https://linux.oracle.com/errata/ELSA-2022-5313.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: curl-7.61.1-22.el8_6.3.x86_64.rpm libcurl-7.61.1-22.el8_6.3.i686.rpm libcurl-7.61.1-22.el8_6.3.x86_64.rpm libcurl-devel-7.61.1-22.el8_6.3.i686.rpm libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm aarch64: curl-7.61.1-22.el8_6.3.aarch64.rpm libcurl-7.61.1-22.el8_6.3.aarch64.rpm libcurl-devel-7.61.1-22.el8_6.3.aarch64.rpm libcurl-minimal-7.61.1-22.el8_6.3.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/curl-7.61.1-22.el8_6.3.src.rpm Related CVEs: CVE-2022-22576 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 Description of changes: [7.61.1-22.el8_6.3] - fix too eager reuse of TLS and SSH connections (CVE-2022-27782) [7.61.1-22.el8_6.2] - fix invalid type in printf() argument detected by Coverity [7.61.1-22.el8_6.1] - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) _______________________________________________ El-errata mailing list
Jul 01, 2022
•Important
Oracle
89
security advisoryFedoracurlFedora 35: FEDORA-2022-3d8f00cde2 Critical: curl Connection Reuse Issues
- fix too eager reuse of TLS and SSH connections (CVE-2022-27782) ---- - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-3d8f00cde2 2022-05-18 01:10:53.154416 --------------------------------------------------------------------------------Name : curl Product : Fedora 35 Version : 7.79.1 Release : 4.fc35 URL : https://curl.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. --------------------------------------------------------------------------------Update Information: - fix too eager reuse of TLS and SSH connections (CVE-2022-27782) ---- - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) --------------------------------------------------------------------------------ChangeLog: * Wed May 11 2022 Kamil Dudka - 7.79.1-4 - fix too eager reuse of TLS and SSH connections (CVE-2022-27782) * Mon May 2 2022 Kamil Dudka - 7.79.1-3 - fix leak of SRP credentials in redirects (CVE-2022-27774) * Thu Apr 28 2022 Kamil Dudka - 7.79.1-2 - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak onredirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) --------------------------------------------------------------------------------References: [ 1 ] Bug #2079167 - CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079167 [ 2 ] Bug #2079169 - CVE-2022-27774 curl: credential leak on redirect [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079169 [ 3 ] Bug #2079171 - CVE-2022-27775 curl: bad local IPv6 connection reuse [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079171 [ 4 ] Bug #2079174 - CVE-2022-27776 curl: auth/cookie leak on redirect [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079174 [ 5 ] Bug #2083980 - CVE-2022-27782 curl: TLS and SSH connection too eager reuse [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2083980 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3d8f00cde2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 17, 2022
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!