Moderate Photon OS Security Update - PHSA-2026-4.0-0941

Updates of 'curl' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2025-5.0-0660

Updates of 'curl' packages of Photon OS have been released...

[slackware-security] curl

New curl packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-8.14.0-i586-1slack15.0.txz: Upgraded. This update fixes security issues: No QUIC certificate pinning with wolfSSL. QUIC certificate...

RLSA-2024:5654 Moderate: curl security update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: HTTP/2 push headers memory-leak CVE-2024-2398 For more details about the security issues, including the impact, a CVS...

MGASA-2025-0123 Updated curl packages fix security vulnerabilities

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. The fix was included previously as part of MGAA-2025-0004...

Updated curl packages fix security vulnerabilities

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. The fix was included previously as part of MGAA-2025-0004...

Moderate Photon OS Security Update - PHSA-2025-4.0-0774

Updates of 'curl' packages of Photon OS have been released...

Linux Distros Unpatched Vulnerability : CVE-2018-1000120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse...

CVE-2025-0167 vulnerabilities

Vulnerabilities for packages: curl...

CVE-2025-0725 vulnerabilities

Vulnerabilities for packages: curl...

CVE-2025-0725 vulnerabilities

Vulnerabilities for packages: curl...

Updated curl packages fix security vulnerability

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but...

MGASA-2024-0391 Updated curl packages fix security vulnerability

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but...

MGASA-2024-0360 Updated curl packages fix security vulnerability

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

MGASA-2024-0099 Updated curl packages fix security vulnerabilities

CVE-2024-2004: Usage of disabled protocol If all protocols are disabled at run-time with none being added, curl/libcurl would still allow communication with the default set of allowed protocols, including some that are unencrypted. CVE-2024-2398: HTTP/2 push headers memory-leak A memory leak coul...

Important Photon OS Security Update - PHSA-2024-4.0-0585

Updates of 'curl' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2024-3.0-0743

Updates of 'curl' packages of Photon OS have been released...

MGASA-2023-0288 Updated the curl packages to fix two security vulnerabilities

curl/libcurl is vulnerable to a heap buffer overflow in its SOCKS5 support that could be exploited by a remote web server when curl is configured to use a SOCKS5 proxy with remote hostname resolution. libcurl is vulnerable to a cookie injection attack where a local attacker can inject cookies int...

MGASA-2023-0263 Updated curl packages fix security vulnerability

TELNET option IAC injection. CVE-2023-27533 SFTP path resolving discrepancy. CVE-2023-27534 FTP too eager connection reuse. CVE-2023-27535 GSS delegation too eager connection re-use. CVE-2023-27536 HSTS double free. CVE-2023-27537 SSH connection too eager reuse still. CVE-2023-27538 UAF in SSH...

Oracle Linux 8 : curl (ELSA-2020-1792)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1792 advisory. - double free due to subsequent call of realloc CVE-2019-5481 - fix heap buffer overflow in function tftpreceivepacket CVE-2019-5482 Tenable has...