Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisoryfedoracurlFedora 42 curl Severity Important TLS Fix for CVE-2025-14017
fix broken TLS options for threaded LDAPS (CVE-2025-14017). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3f0f0f85be 2026-01-28 01:25:55.182848+00:00 -------------------------------------------------------------------------------- Name : curl Product : Fedora 42 Version : 8.11.1 Release : 7.fc42 URL : https://curl.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. -------------------------------------------------------------------------------- Update Information: fix broken TLS options for threaded LDAPS (CVE-2025-14017) -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 19 2026 Jan Macku - 8.11.1-7 - fix broken TLS options for threaded LDAPS (CVE-2025-14017) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2428024 - CVE-2025-14017 curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2428024 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3f0f0f85be' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages aresigned with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 28, 2026
•Important
Fedora
100
security advisorymoderateSuSESUSE Linux Enterprise OpenSSH Vulnerability Advisory SUSE-SU-2026:0651-8
An update that solves one vulnerability can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2026:0221-1 Release Date: 2026-01-22T12:15:42Z Rating: moderate References: * bsc#1256105 Cross-References: * CVE-2025-14017 CVSS scores: * CVE-2025-14017 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-14017 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-14017 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-221=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libcurl-devel-8.14.1-150700.7.11.1 * curl-debuginfo-8.14.1-150700.7.11.1 * libcurl4-debuginfo-8.14.1-150700.7.11.1 * curl-8.14.1-150700.7.11.1 * libcurl4-8.14.1-150700.7.11.1 * curl-debugsource-8.14.1-150700.7.11.1 * Basesystem Module 15-SP7 (x86_64) * libcurl4-32bit-8.14.1-150700.7.11.1 * libcurl4-32bit-debuginfo-8.14.1-150700.7.11.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14017.html * https://bugzilla.suse.com/show_bug.cgi?id=1256105 . Update for curl fixes moderate security issue with threaded LDAPS options. Follow patch instructions to secure systems.. SUSE Linux curl security patch TLSoptions. . LinuxSecurity.com Team
Jan 22, 2026
SuSE
202
security advisorymoderatebug fixopenSUSE: curl Moderate Security Fix for 5 Issues 2026:20031-1
An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.. openSUSE security update: security update for curl ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20031-1 Rating: moderate References: * bsc#1255731 * bsc#1255732 * bsc#1255733 * bsc#1255734 * bsc#1256105 Cross-References: * CVE-2025-14017 * CVE-2025-14524 * CVE-2025-14819 * CVE-2025-15079 * CVE-2025-15224 CVSS scores: * CVE-2025-14017 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-14017 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-14524 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-14524 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-14819 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-14819 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-15079 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-15079 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-15224 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2025-15224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed. Description: This update for curl fixes the following issues: This update for curl fixes the following issues: - CVE-2025-14017: broken TLS options for threaded LDAPS (bsc#1256105). - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). Patchinstructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-140=1 Package List: - openSUSE Leap 16.0: curl-8.14.1-160000.4.1 curl-fish-completion-8.14.1-160000.4.1 curl-zsh-completion-8.14.1-160000.4.1 libcurl-devel-8.14.1-160000.4.1 libcurl-devel-doc-8.14.1-160000.4.1 libcurl4-8.14.1-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2025-14017.html * https://www.suse.com/security/cve/CVE-2025-14524.html * https://www.suse.com/security/cve/CVE-2025-14819.html * https://www.suse.com/security/cve/CVE-2025-15079.html * https://www.suse.com/security/cve/CVE-2025-15224.html . Update addresses 5 bugs and vulnerabilities in curl on openSUSE Leap 16.0. Critical patch to enhance system security.. curl update, openSUSE security, bug fixes, patch instructions, curl vulnerabilities. . LinuxSecurity.com Team
Jan 15, 2026
OpenSUSE
100
security advisorymoderatesecurity updateSUSE Linux Enterprise Micro: curl Security Update for CVE-2025-14017
An update that solves one vulnerability can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2026:0078-1 Release Date: 2026-01-09T07:07:10Z Rating: moderate References: * bsc#1256105 Cross-References: * CVE-2025-14017 CVSS scores: * CVE-2025-14017 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-14017 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-78=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-78=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * curl-8.14.1-150200.4.100.1 * libcurl4-debuginfo-8.14.1-150200.4.100.1 * libcurl4-8.14.1-150200.4.100.1 * curl-debugsource-8.14.1-150200.4.100.1 * curl-debuginfo-8.14.1-150200.4.100.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * curl-8.14.1-150200.4.100.1 * libcurl4-debuginfo-8.14.1-150200.4.100.1 * libcurl4-8.14.1-150200.4.100.1 * curl-debugsource-8.14.1-150200.4.100.1 * curl-debuginfo-8.14.1-150200.4.100.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14017.html * https://bugzilla.suse.com/show_bug.cgi?id=1256105 . Update for curl resolves a TLS options issue coded as CVE-2025-14017 in SUSE Linux. Install with zypper patch for solutions.. curl update, TLS security, SUSEMicro, vulnerability fix, software patch. . LinuxSecurity.com Team
Jan 09, 2026
SuSE
100
security advisorymoderatecurlopenSUSE: curl Moderate TLS Options Fix SUSE-2026:0077-1 CVE-2025-14017
An update that solves one vulnerability can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2026:0077-1 Release Date: 2026-01-08T19:04:01Z Rating: moderate References: * bsc#1256105 Cross-References: * CVE-2025-14017 CVSS scores: * CVE-2025-14017 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-14017 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-77=1 openSUSE-SLE-15.6-2026-77=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libcurl4-8.14.1-150600.4.37.1 * curl-8.14.1-150600.4.37.1 * curl-debuginfo-8.14.1-150600.4.37.1 * libcurl4-debuginfo-8.14.1-150600.4.37.1 * curl-mini-debugsource-8.14.1-150600.4.37.1 * libcurl-mini4-8.14.1-150600.4.37.1 * libcurl-mini4-debuginfo-8.14.1-150600.4.37.1 * curl-debugsource-8.14.1-150600.4.37.1 * libcurl-devel-8.14.1-150600.4.37.1 * openSUSE Leap 15.6 (noarch) * curl-fish-completion-8.14.1-150600.4.37.1 * curl-zsh-completion-8.14.1-150600.4.37.1 * libcurl-devel-doc-8.14.1-150600.4.37.1 * openSUSE Leap 15.6 (x86_64) * libcurl4-32bit-8.14.1-150600.4.37.1 * libcurl-devel-32bit-8.14.1-150600.4.37.1 * libcurl4-32bit-debuginfo-8.14.1-150600.4.37.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libcurl-devel-64bit-8.14.1-150600.4.37.1 * libcurl4-64bit-8.14.1-150600.4.37.1 * libcurl4-64bit-debuginfo-8.14.1-150600.4.37.1 ## References: *https://www.suse.com/security/cve/CVE-2025-14017.html * https://bugzilla.suse.com/show_bug.cgi?id=1256105 . Significant security update for curl in openSUSE addresses a moderate issue. Install promptly to enhance security.. curl update OpenSUSE TLS patch 2026. . LinuxSecurity.com Team
Jan 09, 2026
SuSE
202
security advisorymoderatenetwork threatopenSUSE: curl Moderate TLS Options Flaw CVE-2025-14017 2026:0077-1
An update that solves one vulnerability can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2026:0077-1 Release Date: 2026-01-08T19:04:01Z Rating: moderate References: * bsc#1256105 Cross-References: * CVE-2025-14017 CVSS scores: * CVE-2025-14017 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-14017 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-77=1 openSUSE-SLE-15.6-2026-77=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libcurl4-8.14.1-150600.4.37.1 * curl-8.14.1-150600.4.37.1 * curl-debuginfo-8.14.1-150600.4.37.1 * libcurl4-debuginfo-8.14.1-150600.4.37.1 * curl-mini-debugsource-8.14.1-150600.4.37.1 * libcurl-mini4-8.14.1-150600.4.37.1 * libcurl-mini4-debuginfo-8.14.1-150600.4.37.1 * curl-debugsource-8.14.1-150600.4.37.1 * libcurl-devel-8.14.1-150600.4.37.1 * openSUSE Leap 15.6 (noarch) * curl-fish-completion-8.14.1-150600.4.37.1 * curl-zsh-completion-8.14.1-150600.4.37.1 * libcurl-devel-doc-8.14.1-150600.4.37.1 * openSUSE Leap 15.6 (x86_64) * libcurl4-32bit-8.14.1-150600.4.37.1 * libcurl-devel-32bit-8.14.1-150600.4.37.1 * libcurl4-32bit-debuginfo-8.14.1-150600.4.37.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libcurl-devel-64bit-8.14.1-150600.4.37.1 * libcurl4-64bit-8.14.1-150600.4.37.1 * libcurl4-64bit-debuginfo-8.14.1-150600.4.37.1 ## References: *https://www.suse.com/security/cve/CVE-2025-14017.html * https://bugzilla.suse.com/show_bug.cgi?id=1256105 . Critical update for openSUSE curl addressing a moderate risk TLS options flaw, ensuring system integrity and safety.. curl security update, openSUSE advisory, TLS options fix, SUSE vulnerability resolution. . LinuxSecurity.com Team
Jan 09, 2026
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!