27 matches found
CLSA-2026-1778890582 curl: Fix of CVE-2026-5545
CVE-2026-5545: wrong reuse of HTTP Negotiate connection; only allow an existing connection to be reused and "upgraded" to NTLM when neither NTLM nor Negotiate authentication is in flight on it...
CVE-2026-5545
libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...
SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2026:1717-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1717-1 advisory. Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545:...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : curl vulnerabilities (USN-8227-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8227-1 advisory. It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations....
USN-8227-1 curl vulnerabilities
It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-4873 It was discovered that curl incorrectly reused certain HTTP Negotiate connection...
USN-8227-1: curl vulnerabilities
It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-4873 It was discovered that curl incorrectly reused certain HTTP Negotiate connection...
Fedora 44 : curl (2026-f13d888b0f)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f13d888b0f advisory. - Fix bad reuse of HTTP Negotiate connection CVE-2026-1965 - Fix token leak with redirect and netrc CVE-2026-3783 - Fix wrong proxy connection reuse...
CLSA-2026-1774260216 Fix CVE(s): CVE-2026-1965, CVE-2026-3783, CVE-2026-3784
SECURITY UPDATE: reuse of connections using HTTP Negotiate - debian/patches/CVE-2026-1965.patch: fix reuse of connections using HTTP Negotiate and fix copy and paste urlmatchauthnego mistake. - CVE-2026-1965 Bearer token sent without checking auth is allowed - debian/patches/CVE-2026-3783.patch:...
SUSE-SU-2026:20760-1 Security update for curl
This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...
Security update for curl
This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. Patch Instructions: To install this SUSE update...
Security update for curl
This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. CVE-2026-3805: use after free in SMB connection...
Security update for curl
This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. CVE-2026-3805: use after free in SMB connection...
SUSE-SU-2026:0903-1 Security update for curl
This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...
Security update for curl
This update for curl fixes the following issues: CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. CVE-2026-3783: token leak with redirect and netrc bsc1259363. CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. CVE-2026-3805: use after free in SMB connection...
SUSE-SU-2026:0879-1 Security update for curl
This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...
SUSE-SU-2026:20668-1 Security update for curl
This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...
MiracleLinux 4 : elinks-0.12-0.21.pre5.AXS4 (AXSA:2013-110:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-110:01 advisory. Links is a text-based Web browser. Links does not display any images, but it does support frames, tables and most other HTML tags. Links' advantage over...
K35453761: cURL and libcurl vulnerability CVE-2017-2628
Security Advisory Description cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RH...
new packages: perl-HTTP-Negotiate
An update is available for perl-HTTP-Negotiate. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...
F5 Networks BIG-IP : cURL and libcurl vulnerability (K35453761)
cURL, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVEGSSAPI define was meanwhile substituted by USEHTTPNEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6...