Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 897 articles for you...
202

openSUSE Curl Important Security Fixes Advisory 2026-3043-1

An update that solves 10 vulnerabilities can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2026:3043-1 Release Date: 2026-07-15T11:51:45Z Rating: important References: * bsc#1268402 * bsc#1268407 * bsc#1268409 * bsc#1268413 * bsc#1268415 * bsc#1268416 * bsc#1268417 * bsc#1268420 * bsc#1268422 * bsc#1268427 Cross-References: * CVE-2026-10536 * CVE-2026-12064 * CVE-2026-8286 * CVE-2026-8458 * CVE-2026-8924 * CVE-2026-8927 * CVE-2026-9079 * CVE-2026-9080 * CVE-2026-9545 * CVE-2026-9547 CVSS scores: * CVE-2026-10536 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-10536 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-10536 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12064 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-12064 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12064 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-8286 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-8286 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8286 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8458 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-8458 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-8458 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-8924 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-8924 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-8924 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8927 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-8927 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-8927 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-9079 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-9079 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-9079 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-9080 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-9080 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-9080 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-9545 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-9545 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-9545 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-9547 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-9547 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-9547 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE LinuxEnterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues * CVE-2026-8286: wrong STARTTLS connection reuse (bsc#1268402). * CVE-2026-8458: wrong reuse for different services (bsc#1268407). * CVE-2026-8924: traling dot domain super cookie (bsc#1268409). * CVE-2026-8927: env-set cross-proxy Digest auth state leak (bsc#1268413). * CVE-2026-9079: stale proxy password leak (bsc#1268415). * CVE-2026-9080: UAF after pause in socket callback (bsc#1268416). * CVE-2026-9545: exposing HTTP/3 early data (bsc#1268417). * CVE-2026-9547: SSH improper host validation (bsc#1268420). * CVE-2026-10536: HTTP/2 stream-dependency tree UAF (bsc#1268422). * CVE-2026-12064: proto-default skips SSH verification (bsc#1268427). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3043=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-3043=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-3043=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-3043=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-3043=1 SUSE-SLE-Product- SLES_SAP-15-SP5-2026-3043=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-3043=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3043=1 *SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3043=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3043=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-3043=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3043=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3043=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-3043=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-3043=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-3043=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-3043=1 SUSE-SLE-Product- SLES_SAP-15-SP4-2026-3043=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-3043=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-3043=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2026-3043=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-3043=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-3043=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-3043=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-3043=1 ## Package List: * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1 * libcurl4-32bit-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390xx86_64) * libcurl4-8.14.1-150400.5.86.1 * curl-debuginfo-8.14.1-150400.5.86.1 * libcurl-devel-8.14.1-150400.5.86.1 * libcurl4-debuginfo-8.14.1-150400.5.86.1 * curl-debugsource-8.14.1-150400.5.86.1 * curl-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libcurl4-8.14.1-150400.5.86.1 * curl-debuginfo-8.14.1-150400.5.86.1 * libcurl4-debuginfo-8.14.1-150400.5.86.1 * curl-debugsource-8.14.1-150400.5.86.1 * curl-8.14.1-150400.5.86.1 * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * curl-mini-debugsource-8.14.1-150400.5.86.1 * libcurl-mini4-8.14.1-150400.5.86.1 * libcurl4-8.14.1-150400.5.86.1 * curl-debuginfo-8.14.1-150400.5.86.1 * libcurl-mini4-debuginfo-8.14.1-150400.5.86.1 * libcurl-devel-8.14.1-150400.5.86.1 * libcurl4-debuginfo-8.14.1-150400.5.86.1 * curl-debugsource-8.14.1-150400.5.86.1 * curl-8.14.1-150400.5.86.1 * openSUSE Leap 15.4 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1 * libcurl-devel-32bit-8.14.1-150400.5.86.1 * libcurl4-32bit-8.14.1-150400.5.86.1 * openSUSE Leap 15.4 (noarch) * curl-zsh-completion-8.14.1-150400.5.86.1 * libcurl-devel-doc-8.14.1-150400.5.86.1 * curl-fish-completion-8.14.1-150400.5.86.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcurl4-64bit-8.14.1-150400.5.86.1 * libcurl-devel-64bit-8.14.1-150400.5.86.1 * libcurl4-64bit-debuginfo-8.14.1-150400.5.86.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libcurl4-8.14.1-150400.5.86.1 * curl-debuginfo-8.14.1-150400.5.86.1 * libcurl-devel-8.14.1-150400.5.86.1 * libcurl4-debuginfo-8.14.1-150400.5.86.1 * curl-debugsource-8.14.1-150400.5.86.1 * curl-8.14.1-150400.5.86.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1 * libcurl4-32bit-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5(ppc64le x86_64) * libcurl4-8.14.1-150400.5.86.1 * curl-debuginfo-8.14.1-150400.5.86.1 * libcurl-devel-8.14.1-150400.5.86.1 * libcurl4-debuginfo-8.14.1-150400.5.86.1 * curl-debugsource-8.14.1-150400.5.86.1 * curl-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1 * libcurl4-32bit-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libcurl4-8.14.1-150400.5.86.1 * curl-debuginfo-8.14.1-150400.5.86.1 * libcurl4-debuginfo-8.14.1-150400.5.86.1 * curl-debugsource-8.14.1-150400.5.86.1 * curl-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libcurl4-8.14.1-150400.5.86.1 * curl-debuginfo-8.14.1-150400.5.86.1 * libcurl4-debuginfo-8.14.1-150400.5.86.1 * curl-debugsource-8.14.1-150400.5.86.1 * curl-8.14.1-150400.5.86.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libcurl4-8.14.1-150400.5.86.1 * curl-debuginfo-8.14.1-150400.5.86.1 * libcurl-devel-8.14.1-150400.5.86.1 * libcurl4-debuginfo-8.14.1-150400.5.86.1 * curl-debugsource-8.14.1-150400.5.86.1 * curl-8.14.1-150400.5.86.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1 * libcurl4-32bit-8.14.1-150400.5.86.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libcurl4-8.14.1-150400.5.86.1 * curl-debuginfo-8.14.1-150400.5.86.1 * libcurl-devel-8.14.1-150400.5.86.1 * libcurl4-debuginfo-8.14.1-150400.5.86.1 * curl-debugsource-8.14.1-150400.5.86.1 * curl-8.14.1-150400.5.86.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1 * libcurl4-32bit-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) *libcurl4-8.14.1-150400.5.86.1 * curl-debuginfo-8.14.1-150400.5.86.1 * libcurl4-debuginfo-8.14.1-150400.5.86.1 * curl-debugsource-8.14.1-150400.5.86.1 * curl-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libcurl4-8.14.1-150400.5.86.1 * curl-debuginfo-8.14.1-150400.5.86.1 * libcurl4-debuginfo-8.14.1-150400.5.86.1 * curl-debugsource-8.14.1-150400.5.86.1 * curl-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1 * libcurl4-32bit-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libcurl4-8.14.1-150400.5.86.1 * curl-debuginfo-8.14.1-150400.5.86.1 * libcurl-devel-8.14.1-150400.5.86.1 * libcurl4-debuginfo-8.14.1-150400.5.86.1 * curl-debugsource-8.14.1-150400.5.86.1 * curl-8.14.1-150400.5.86.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libcurl4-8.14.1-150400.5.86.1 * curl-debuginfo-8.14.1-150400.5.86.1 * libcurl-devel-8.14.1-150400.5.86.1 * libcurl4-debuginfo-8.14.1-150400.5.86.1 * curl-debugsource-8.14.1-150400.5.86.1 * curl-8.14.1-150400.5.86.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1 * libcurl4-32bit-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libcurl4-8.14.1-150400.5.86.1 * curl-debuginfo-8.14.1-150400.5.86.1 * libcurl-devel-8.14.1-150400.5.86.1 * libcurl4-debuginfo-8.14.1-150400.5.86.1 * curl-debugsource-8.14.1-150400.5.86.1 * curl-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.86.1 * libcurl4-32bit-8.14.1-150400.5.86.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libcurl4-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390xx86_64) * libcurl4-8.14.1-150400.5.86.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libcurl4-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libcurl4-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64) * libcurl4-8.14.1-150400.5.86.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libcurl4-8.14.1-150400.5.86.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libcurl4-8.14.1-150400.5.86.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libcurl4-8.14.1-150400.5.86.1 * SUSE Manager Proxy 4.3 (x86_64) * libcurl4-8.14.1-150400.5.86.1 ## References: * https://www.suse.com/security/cve/CVE-2026-10536.html * https://www.suse.com/security/cve/CVE-2026-12064.html * https://www.suse.com/security/cve/CVE-2026-8286.html * https://www.suse.com/security/cve/CVE-2026-8458.html * https://www.suse.com/security/cve/CVE-2026-8924.html * https://www.suse.com/security/cve/CVE-2026-8927.html * https://www.suse.com/security/cve/CVE-2026-9079.html * https://www.suse.com/security/cve/CVE-2026-9080.html * https://www.suse.com/security/cve/CVE-2026-9545.html * https://www.suse.com/security/cve/CVE-2026-9547.html * https://bugzilla.suse.com/show_bug.cgi?id=1268402 * https://bugzilla.suse.com/show_bug.cgi?id=1268407 * https://bugzilla.suse.com/show_bug.cgi?id=1268409 * https://bugzilla.suse.com/show_bug.cgi?id=1268413 * https://bugzilla.suse.com/show_bug.cgi?id=1268415 * https://bugzilla.suse.com/show_bug.cgi?id=1268416 * https://bugzilla.suse.com/show_bug.cgi?id=1268417 * https://bugzilla.suse.com/show_bug.cgi?id=1268420 * https://bugzilla.suse.com/show_bug.cgi?id=1268422 * https://bugzilla.suse.com/show_bug.cgi?id=1268427 . Resolve 10 important vulnerabilities in curl with the latest update for openSUSE, enhancing system security now.. openSUSE curl security update vulnerabilities important. . Severity: Important.LinuxSecurity.com Team

Calendar%202 Jul 15, 2026 Important OpenSUSE
202

openSUSE Curl Important Threat Exploit Resolution 2026-2926-1

An update that solves 10 vulnerabilities can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2026:2926-1 Release Date: 2026-07-13T17:55:14Z Rating: important References: * bsc#1268402 * bsc#1268407 * bsc#1268409 * bsc#1268413 * bsc#1268415 * bsc#1268416 * bsc#1268417 * bsc#1268420 * bsc#1268422 * bsc#1268427 Cross-References: * CVE-2026-10536 * CVE-2026-12064 * CVE-2026-8286 * CVE-2026-8458 * CVE-2026-8924 * CVE-2026-8927 * CVE-2026-9079 * CVE-2026-9080 * CVE-2026-9545 * CVE-2026-9547 CVSS scores: * CVE-2026-10536 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-10536 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-10536 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12064 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-12064 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12064 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-8286 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-8286 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8286 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8458 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-8458 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-8458 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-8924 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-8924 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-8924 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8927 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-8927 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-8927 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-9079 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-9079 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-9079 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-9080 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-9080 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-9080 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-9545 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-9545 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-9545 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-9547 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-9547 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-9547 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues * CVE-2026-8286: wrong STARTTLS connection reuse (bsc#1268402). * CVE-2026-8458: wrong reuse for different services (bsc#1268407). * CVE-2026-8924: traling dot domain super cookie (bsc#1268409). * CVE-2026-8927: env-set cross-proxy Digest auth state leak (bsc#1268413). * CVE-2026-9079: stale proxy password leak (bsc#1268415). * CVE-2026-9080: UAF after pause in socket callback (bsc#1268416). * CVE-2026-9545: exposing HTTP/3 early data (bsc#1268417). * CVE-2026-9547: SSH improper host validation (bsc#1268420). * CVE-2026-10536: HTTP/2stream-dependency tree UAF (bsc#1268422). * CVE-2026-12064: proto-default skips SSH verification (bsc#1268427). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2926=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2926=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2926=1 ## Package List: * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * curl-mini-debugsource-8.14.1-150600.4.46.1 * libcurl4-8.14.1-150600.4.46.1 * libcurl-mini4-8.14.1-150600.4.46.1 * curl-8.14.1-150600.4.46.1 * libcurl4-debuginfo-8.14.1-150600.4.46.1 * libcurl-mini4-debuginfo-8.14.1-150600.4.46.1 * curl-debugsource-8.14.1-150600.4.46.1 * curl-debuginfo-8.14.1-150600.4.46.1 * libcurl-devel-8.14.1-150600.4.46.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libcurl-devel-64bit-8.14.1-150600.4.46.1 * libcurl4-64bit-8.14.1-150600.4.46.1 * libcurl4-64bit-debuginfo-8.14.1-150600.4.46.1 * openSUSE Leap 15.6 (x86_64) * libcurl4-32bit-8.14.1-150600.4.46.1 * libcurl-devel-32bit-8.14.1-150600.4.46.1 * libcurl4-32bit-debuginfo-8.14.1-150600.4.46.1 * openSUSE Leap 15.6 (noarch) * curl-zsh-completion-8.14.1-150600.4.46.1 * libcurl-devel-doc-8.14.1-150600.4.46.1 * curl-fish-completion-8.14.1-150600.4.46.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libcurl4-8.14.1-150600.4.46.1 * curl-8.14.1-150600.4.46.1 * libcurl4-debuginfo-8.14.1-150600.4.46.1 * curl-debugsource-8.14.1-150600.4.46.1 * libcurl-devel-8.14.1-150600.4.46.1 * curl-debuginfo-8.14.1-150600.4.46.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libcurl4-32bit-8.14.1-150600.4.46.1 *libcurl4-32bit-debuginfo-8.14.1-150600.4.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libcurl4-8.14.1-150600.4.46.1 * curl-8.14.1-150600.4.46.1 * libcurl4-debuginfo-8.14.1-150600.4.46.1 * curl-debugsource-8.14.1-150600.4.46.1 * curl-debuginfo-8.14.1-150600.4.46.1 * libcurl-devel-8.14.1-150600.4.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150600.4.46.1 * libcurl4-32bit-8.14.1-150600.4.46.1 ## References: * https://www.suse.com/security/cve/CVE-2026-10536.html * https://www.suse.com/security/cve/CVE-2026-12064.html * https://www.suse.com/security/cve/CVE-2026-8286.html * https://www.suse.com/security/cve/CVE-2026-8458.html * https://www.suse.com/security/cve/CVE-2026-8924.html * https://www.suse.com/security/cve/CVE-2026-8927.html * https://www.suse.com/security/cve/CVE-2026-9079.html * https://www.suse.com/security/cve/CVE-2026-9080.html * https://www.suse.com/security/cve/CVE-2026-9545.html * https://www.suse.com/security/cve/CVE-2026-9547.html * https://bugzilla.suse.com/show_bug.cgi?id=1268402 * https://bugzilla.suse.com/show_bug.cgi?id=1268407 * https://bugzilla.suse.com/show_bug.cgi?id=1268409 * https://bugzilla.suse.com/show_bug.cgi?id=1268413 * https://bugzilla.suse.com/show_bug.cgi?id=1268415 * https://bugzilla.suse.com/show_bug.cgi?id=1268416 * https://bugzilla.suse.com/show_bug.cgi?id=1268417 * https://bugzilla.suse.com/show_bug.cgi?id=1268420 * https://bugzilla.suse.com/show_bug.cgi?id=1268422 * https://bugzilla.suse.com/show_bug.cgi?id=1268427 . This important advisory for openSUSE provides installation instructions for curl addressing 10 critical leaks and exploits.. openSUSE curl update security fixes exploits. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 14, 2026 Important OpenSUSE
100

SUSE Linux Micro Curl Important Security Issues Resolved 2026-22553-1

An update that solves 10 vulnerabilities can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2026:22553-1 Release Date: 2026-07-08T13:45:27Z Rating: important References: * bsc#1268402 * bsc#1268407 * bsc#1268409 * bsc#1268413 * bsc#1268415 * bsc#1268416 * bsc#1268417 * bsc#1268420 * bsc#1268422 * bsc#1268427 Cross-References: * CVE-2026-10536 * CVE-2026-12064 * CVE-2026-8286 * CVE-2026-8458 * CVE-2026-8924 * CVE-2026-8927 * CVE-2026-9079 * CVE-2026-9080 * CVE-2026-9545 * CVE-2026-9547 CVSS scores: * CVE-2026-10536 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-10536 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-10536 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12064 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-12064 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12064 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-8286 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-8286 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8286 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8458 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-8458 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-8458 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-8924 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-8924 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-8924 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8927 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-8927 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-8927 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-9079 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-9079 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-9079 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-9080 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-9080 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-9080 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-9545 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-9545 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-9545 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-9547 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-9547 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-9547 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues * CVE-2026-8286: wrong STARTTLS connection reuse (bsc#1268402). * CVE-2026-8458: wrong reuse for different services (bsc#1268407). * CVE-2026-8924: traling dot domain super cookie (bsc#1268409). * CVE-2026-8927: env-set cross-proxy Digest auth state leak (bsc#1268413). * CVE-2026-9079: stale proxy password leak (bsc#1268415). * CVE-2026-9080: UAF after pause in socket callback (bsc#1268416). * CVE-2026-9545: exposing HTTP/3 early data (bsc#1268417). * CVE-2026-9547: SSH improper host validation (bsc#1268420). * CVE-2026-10536: HTTP/2 stream-dependency tree UAF (bsc#1268422). * CVE-2026-12064: proto-default skips SSH verification (bsc#1268427). ## Patch Instructions: To install thisSUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-1187=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libcurl4-8.14.1-160000.8.1 * curl-debuginfo-8.14.1-160000.8.1 * curl-debugsource-8.14.1-160000.8.1 * curl-8.14.1-160000.8.1 * libcurl4-debuginfo-8.14.1-160000.8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-10536.html * https://www.suse.com/security/cve/CVE-2026-12064.html * https://www.suse.com/security/cve/CVE-2026-8286.html * https://www.suse.com/security/cve/CVE-2026-8458.html * https://www.suse.com/security/cve/CVE-2026-8924.html * https://www.suse.com/security/cve/CVE-2026-8927.html * https://www.suse.com/security/cve/CVE-2026-9079.html * https://www.suse.com/security/cve/CVE-2026-9080.html * https://www.suse.com/security/cve/CVE-2026-9545.html * https://www.suse.com/security/cve/CVE-2026-9547.html * https://bugzilla.suse.com/show_bug.cgi?id=1268402 * https://bugzilla.suse.com/show_bug.cgi?id=1268407 * https://bugzilla.suse.com/show_bug.cgi?id=1268409 * https://bugzilla.suse.com/show_bug.cgi?id=1268413 * https://bugzilla.suse.com/show_bug.cgi?id=1268415 * https://bugzilla.suse.com/show_bug.cgi?id=1268416 * https://bugzilla.suse.com/show_bug.cgi?id=1268417 * https://bugzilla.suse.com/show_bug.cgi?id=1268420 * https://bugzilla.suse.com/show_bug.cgi?id=1268422 * https://bugzilla.suse.com/show_bug.cgi?id=1268427 . A security update for curl addresses 10 vulnerabilities, enhancing protection for SUSE users and supporting prompt installations.. SUSE update,curl security,important patch,curl vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Important SuSE
172

Ubuntu 26.04 curl Security Advisory USN-8525-1 Critical Risks and Fixes

Several security issues were fixed in curl.. ========================================================================== Ubuntu Security Notice USN-8525-1 July 09, 2026 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP redirects in conjunction with .netrc files. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2024-11053) Hiroki Kurosawa discovered that curl incorrectly handled OCSP stapling responses. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-8096) Joshua Rogers discovered that curl had a use-after-free vulnerability when resetting and cleaning up HTTP/2 stream handles. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2026-10536) Quac Tran and Ngoc Hieu discovered that curl incorrectly reused connections when switching authentication methods to the same host. An attacker could possibly use this issue to obtain sensitive information or perform unauthorized actions. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-5545) Osama Hamad discovered that curl incorrectly reused SMB connections when the target share differed between transfers. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu20.04 LTS. (CVE-2026-5773) Muhamad Arga Reksapati discovered that curl incorrectly forwarded Digest proxy authentication credentials to a different proxy host. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-7168) It was discovered that curl incorrectly skipped SSH host verification options when using schemeless URLs with --proto-default. An attacker could possibly use this issue to perform machine-in-the-middle attacks. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. (CVE-2026-12064) It was discovered that curl did not enforce an upper bound on memory allocated for unacknowledged WebSocket PING frames. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-11586) It was discovered that curl could stall indefinitely when a malicious HTTP/3 server sent a continuous stream of empty UDP datagrams. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-11352) It was discovered that curl could incorrectly continue trusting a native platform CA store after an application switched the handle to use custom CA material. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 25.10. (CVE-2026-11564) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS curl 8.18.0-1ubuntu2.3 libcurl3t64-gnutls 8.18.0-1ubuntu2.3 libcurl4-gnutls-dev 8.18.0-1ubuntu2.3 libcurl4-openssl-dev 8.18.0-1ubuntu2.3 libcurl4t64 8.18.0-1ubuntu2.3 Ubuntu 25.10 curl 8.14.1-2ubuntu1.5 libcurl3t64-gnutls 8.14.1-2ubuntu1.5 libcurl4-gnutls-dev 8.14.1-2ubuntu1.5 libcurl4-openssl-dev 8.14.1-2ubuntu1.5 libcurl4t64 8.14.1-2ubuntu1.5 Ubuntu 24.04 LTS curl 8.5.0-2ubuntu10.11 libcurl3t64-gnutls 8.5.0-2ubuntu10.11 libcurl4-gnutls-dev 8.5.0-2ubuntu10.11 libcurl4-openssl-dev 8.5.0-2ubuntu10.11 libcurl4t64 8.5.0-2ubuntu10.11 Ubuntu 20.04 LTS curl 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl3-gnutls 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl3-nss 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl4 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl4-gnutls-dev 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl4-nss-dev 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl4-openssl-dev 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro Ubuntu 18.04 LTS curl 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl3-gnutls 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl3-nss 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl4 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl4-gnutls-dev 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl4-nss-dev 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl4-openssl-dev 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro Ubuntu 16.04 LTS curl 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl3 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl3-gnutls 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl3-nss 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl4-gnutls-dev 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl4-nss-dev 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl4-openssl-dev 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro Ubuntu 14.04 LTS curl 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl3 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl3-gnutls 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl3-nss 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl4-gnutls-dev 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl4-nss-dev 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl4-openssl-dev 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8525-1 CVE-2024-11053, CVE-2024-8096, CVE-2026-10536, CVE-2026-11352, CVE-2026-11564, CVE-2026-11586, CVE-2026-12064, CVE-2026-5545, CVE-2026-5773, CVE-2026-7168 Package Information: https://launchpad.net/ubuntu/+source/curl/8.18.0-1ubuntu2.3 https://launchpad.net/ubuntu/+source/curl/8.14.1-2ubuntu1.5 https://launchpad.net/ubuntu/+source/curl/8.5.0-2ubuntu10.11 . Multiple security issues resolved in curl for various Ubuntu versions addressing sensitive information exposure and denial of service.. Ubuntu Security, curl Update, HTTP Client Issues, Open Source Vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 09, 2026 Important Ubuntu
203

Mageia 10 Curl Important CPU Usage Fix Advisory 2026-0040

Security update. Publication date: 07 Jul 2026 URL: https://advisories.mageia.org/MGAA-2026-0040.html Type: bugfix Affected Mageia releases: 10 Description: nheko was permanently using 100% of the CPU, which was caused by an issue with curl. This update fixes the issue. References: - https://bugs.mageia.org/show_bug.cgi?id=35732 - https://github.com/Nheko-Reborn/nheko/issues/2054 SRPMS: - 10/core/curl-8.21.0-1.mga10 . Critical security fix for curl in Mageia 10 addressing CPU usage issue impacting performance, please update immediately.. curl security fix, mageia bug report, CPU usage issue, mageia curl update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 07, 2026 Important Mageia
172

Ubuntu curl Important Security Issues Denial of Service USN-8487-1

Several security issues were fixed in curl.. ========================================================================== Ubuntu Security Notice USN-8487-1 June 30, 2026 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Andrew Nesbitt discovered that curl could reuse an existing live connection during STARTTLS-based connection upgrades even when the TLS configuration did not match. A remote attacker could possibly use this issue to cause curl to use an unintended TLS configuration. (CVE-2026-8286) Muhamad Arga Reksapati discovered that curl incorrectly reused connections for Negotiate-authenticated requests when different services were involved. A remote attacker could possibly use this issue to access resources authenticated for another service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-8458) It was discovered that curl incorrectly handled cookie parsing in certain circumstances. A remote attacker could possibly use this issue to set cookies that would be transmitted to unrelated third-party domains. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-8924) Joshua Rogers discovered that curl could double-free a GSASL context when handling SASL authentication. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-8925) Joshua Rogersdiscovered that curl could select the wrong password from a .netrc file when a username was specified in the URL without a password. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-8926) Ady Elouej discovered that curl did not clear proxy authentication state between requests when reusing a handle with environment-variable proxy configuration. A remote attacker could possibly use this issue to obtain sensitive credentials. (CVE-2026-8927) Guannan Wang, Zhanpeng Liu, Jiashuo Liang, and Guancheng Li discovered that curl did not properly clear proxy authentication credentials when instructed to do so. A remote attacker could possibly use this issue to obtain sensitive credentials. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-9079) Joshua Rogers discovered that curl contained a use-after-free when curl_easy_pause() was called within the event-based socket callback. A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-9080) Eunsoo Kim discovered that curl could send early data on a resumed TLS session before enforcing certificate verification failure. A machine-in-the-middle attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-9545) Joshua Rogers discovered that curl did not properly reject host key type mismatches when using the SSH key callback for SCP and SFTP transfers. A machine-in-the-middle attacker could possibly use this issue to impersonate a trusted server. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-9547) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS curl 8.18.0-1ubuntu2.2 libcurl3t64-gnutls 8.18.0-1ubuntu2.2 libcurl4-gnutls-dev 8.18.0-1ubuntu2.2 libcurl4-openssl-dev 8.18.0-1ubuntu2.2 libcurl4t64 8.18.0-1ubuntu2.2 Ubuntu 25.10 curl 8.14.1-2ubuntu1.4 libcurl3t64-gnutls 8.14.1-2ubuntu1.4 libcurl4-gnutls-dev 8.14.1-2ubuntu1.4 libcurl4-openssl-dev 8.14.1-2ubuntu1.4 libcurl4t64 8.14.1-2ubuntu1.4 Ubuntu 24.04 LTS curl 8.5.0-2ubuntu10.10 libcurl3t64-gnutls 8.5.0-2ubuntu10.10 libcurl4-gnutls-dev 8.5.0-2ubuntu10.10 libcurl4-openssl-dev 8.5.0-2ubuntu10.10 libcurl4t64 8.5.0-2ubuntu10.10 Ubuntu 22.04 LTS curl 7.81.0-1ubuntu1.25 libcurl3-gnutls 7.81.0-1ubuntu1.25 libcurl3-nss 7.81.0-1ubuntu1.25 libcurl4 7.81.0-1ubuntu1.25 libcurl4-gnutls-dev 7.81.0-1ubuntu1.25 libcurl4-nss-dev 7.81.0-1ubuntu1.25 libcurl4-openssl-dev 7.81.0-1ubuntu1.25 Ubuntu 20.04 LTS curl 7.68.0-1ubuntu2.25+esm4 Available with Ubuntu Pro libcurl3-gnutls 7.68.0-1ubuntu2.25+esm4 Available with Ubuntu Pro libcurl3-nss 7.68.0-1ubuntu2.25+esm4 Available with Ubuntu Pro libcurl4 7.68.0-1ubuntu2.25+esm4 Available with Ubuntu Pro libcurl4-gnutls-dev 7.68.0-1ubuntu2.25+esm4 Available with Ubuntu Pro libcurl4-nss-dev 7.68.0-1ubuntu2.25+esm4 Available with Ubuntu Pro libcurl4-openssl-dev 7.68.0-1ubuntu2.25+esm4 Available with Ubuntu Pro Ubuntu 18.04 LTS curl 7.58.0-2ubuntu3.24+esm9 Available with Ubuntu Pro libcurl3-gnutls 7.58.0-2ubuntu3.24+esm9 Available with Ubuntu Pro libcurl3-nss 7.58.0-2ubuntu3.24+esm9 Available with Ubuntu Pro libcurl4 7.58.0-2ubuntu3.24+esm9 Available with Ubuntu Pro libcurl4-gnutls-dev 7.58.0-2ubuntu3.24+esm9 Available with Ubuntu Pro libcurl4-nss-dev 7.58.0-2ubuntu3.24+esm9 Available with Ubuntu Pro libcurl4-openssl-dev 7.58.0-2ubuntu3.24+esm9 Available with Ubuntu Pro Ubuntu 16.04 LTS curl 7.47.0-1ubuntu2.19+esm16 Available with Ubuntu Pro libcurl3 7.47.0-1ubuntu2.19+esm16 Available with Ubuntu Pro libcurl3-gnutls 7.47.0-1ubuntu2.19+esm16 Available with Ubuntu Pro libcurl3-nss 7.47.0-1ubuntu2.19+esm16 Available with Ubuntu Pro libcurl4-gnutls-dev 7.47.0-1ubuntu2.19+esm16 Available with Ubuntu Pro libcurl4-nss-dev 7.47.0-1ubuntu2.19+esm16 Available with Ubuntu Pro libcurl4-openssl-dev 7.47.0-1ubuntu2.19+esm16 Available with Ubuntu Pro Ubuntu 14.04 LTS curl 7.35.0-1ubuntu2.20+esm20 Available with Ubuntu Pro libcurl3 7.35.0-1ubuntu2.20+esm20 Available with Ubuntu Pro libcurl3-gnutls 7.35.0-1ubuntu2.20+esm20 Available with Ubuntu Pro libcurl3-nss 7.35.0-1ubuntu2.20+esm20 Available with Ubuntu Pro libcurl4-gnutls-dev 7.35.0-1ubuntu2.20+esm20 Available with Ubuntu Pro libcurl4-nss-dev 7.35.0-1ubuntu2.20+esm20 Available with Ubuntu Pro libcurl4-openssl-dev 7.35.0-1ubuntu2.20+esm20 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8487-1 CVE-2026-8286, CVE-2026-8458, CVE-2026-8924, CVE-2026-8925, CVE-2026-8926, CVE-2026-8927, CVE-2026-9079, CVE-2026-9080, CVE-2026-9545, CVE-2026-9547 Package Information: https://launchpad.net/ubuntu/+source/curl/8.18.0-1ubuntu2.2 https://launchpad.net/ubuntu/+source/curl/8.14.1-2ubuntu1.4 https://launchpad.net/ubuntu/+source/curl/8.5.0-2ubuntu10.10 https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.25 . Multiple security issues were addressed in curl for various Ubuntu releases to enhance system integrity and security.. curl security update, ubuntu package update, system vulnerability fix, TLS configuration issues. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 30, 2026 Important Ubuntu
100

SUSE Curl Moderate Connection Reuse Credential Leak Vuln 2026-2703-1

An update that solves six vulnerabilities can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2026:2703-1 Release Date: 2026-06-30T10:27:51Z Rating: moderate References: * bsc#1262631 * bsc#1262632 * bsc#1262633 * bsc#1262635 * bsc#1262636 * bsc#1262638 Cross-References: * CVE-2026-4873 * CVE-2026-5545 * CVE-2026-5773 * CVE-2026-6253 * CVE-2026-6276 * CVE-2026-6429 CVSS scores: * CVE-2026-4873 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4873 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-4873 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-5545 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-5545 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-5545 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-5545 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-5773 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-5773 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-5773 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-5773 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6253 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6253 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6253 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6276 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6276 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6276 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6276 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6429 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6429 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6429 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues * CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). * CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). * CVE-2026-5773: wrong reuse of SMB connection (bsc#1262633). * CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). * CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). * CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2703=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * curl-debugsource-8.0.1-11.123.1 * libcurl4-8.0.1-11.123.1 * libcurl4-debuginfo-32bit-8.0.1-11.123.1 * libcurl4-32bit-8.0.1-11.123.1 * curl-debuginfo-8.0.1-11.123.1 * curl-8.0.1-11.123.1 * libcurl4-debuginfo-8.0.1-11.123.1 * libcurl-devel-8.0.1-11.123.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4873.html * https://www.suse.com/security/cve/CVE-2026-5545.html * https://www.suse.com/security/cve/CVE-2026-5773.html * https://www.suse.com/security/cve/CVE-2026-6253.html * https://www.suse.com/security/cve/CVE-2026-6276.html *https://www.suse.com/security/cve/CVE-2026-6429.html * https://bugzilla.suse.com/show_bug.cgi?id=1262631 * https://bugzilla.suse.com/show_bug.cgi?id=1262632 * https://bugzilla.suse.com/show_bug.cgi?id=1262633 * https://bugzilla.suse.com/show_bug.cgi?id=1262635 * https://bugzilla.suse.com/show_bug.cgi?id=1262636 * https://bugzilla.suse.com/show_bug.cgi?id=1262638 . Install the latest SUSE security update for curl addressing six vulnerabilities and enhancing system security.. SUSE curl security update, curl vulnerabilities fix, SUSE patch instructions. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 30, 2026 moderate SuSE
100

SUSE Curl Moderate Credential Leak Fix SUSE-SU-2026-22156-1

An update that solves five vulnerabilities can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2026:22156-1 Release Date: 2026-06-17T08:47:34Z Rating: moderate References: * bsc#1262631 * bsc#1262632 * bsc#1262635 * bsc#1262636 * bsc#1262638 Cross-References: * CVE-2026-4873 * CVE-2026-5545 * CVE-2026-6253 * CVE-2026-6276 * CVE-2026-6429 CVSS scores: * CVE-2026-4873 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-4873 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-4873 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-5545 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-5545 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-5545 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-5545 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-6253 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6253 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6253 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6276 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6276 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-6276 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6276 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6429 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-6429 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-6429 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves five vulnerabilities can now be installed. ##Description: This update for curl fixes the following issues: * CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). * CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). * CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). * CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). * CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-938=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-938=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libcurl-mini4-8.14.1-160000.6.1 * curl-debugsource-8.14.1-160000.6.1 * libcurl-mini4-debuginfo-8.14.1-160000.6.1 * libcurl4-8.14.1-160000.6.1 * curl-mini-debugsource-8.14.1-160000.6.1 * libcurl4-debuginfo-8.14.1-160000.6.1 * libcurl-devel-8.14.1-160000.6.1 * curl-debuginfo-8.14.1-160000.6.1 * curl-8.14.1-160000.6.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * curl-zsh-completion-8.14.1-160000.6.1 * libcurl-devel-doc-8.14.1-160000.6.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libcurl-mini4-8.14.1-160000.6.1 * curl-debugsource-8.14.1-160000.6.1 * libcurl-mini4-debuginfo-8.14.1-160000.6.1 * libcurl4-8.14.1-160000.6.1 * curl-mini-debugsource-8.14.1-160000.6.1 * libcurl4-debuginfo-8.14.1-160000.6.1 * libcurl-devel-8.14.1-160000.6.1 * curl-debuginfo-8.14.1-160000.6.1 * curl-8.14.1-160000.6.1 * SUSE Linux Enterprise Server 16.0 (noarch) * curl-zsh-completion-8.14.1-160000.6.1 * libcurl-devel-doc-8.14.1-160000.6.1 ## References: *https://www.suse.com/security/cve/CVE-2026-4873.html * https://www.suse.com/security/cve/CVE-2026-5545.html * https://www.suse.com/security/cve/CVE-2026-6253.html * https://www.suse.com/security/cve/CVE-2026-6276.html * https://www.suse.com/security/cve/CVE-2026-6429.html * https://bugzilla.suse.com/show_bug.cgi?id=1262631 * https://bugzilla.suse.com/show_bug.cgi?id=1262632 * https://bugzilla.suse.com/show_bug.cgi?id=1262635 * https://bugzilla.suse.com/show_bug.cgi?id=1262636 * https://bugzilla.suse.com/show_bug.cgi?id=1262638 . Five vulnerabilities addressed in moderates security update for curl on SUSE. Install using recommended methods now.. SUSE Security Update, Curl Security Fix, Moderate Curl Vulnerability, SUSE Curl Patch. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 23, 2026 moderate SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200