5 matches found
SUSE-SU-2026:2925-1 Security update for curl
This update for curl fixes the following issues - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-8286: wrong STARTTLS connection reuse bsc1268402. - CVE-2026-8458: wrong reuse for different services bsc1268407. - CVE-2026-8924: traling dot domain super cookie...
SUSE-SU-2026:22582-1 Security update for curl
This update for curl fixes the following issues - CVE-2026-8286: wrong STARTTLS connection reuse bsc1268402. - CVE-2026-8458: wrong reuse for different services bsc1268407. - CVE-2026-8924: traling dot domain super cookie bsc1268409. - CVE-2026-8927: env-set cross-proxy Digest auth state leak...
wrong STARTTLS connection reuse
...
Curl 7.30.0 < 8.21.0 Wrong STARTTLS Connection Reuse
The version of curl installed on the remote host is 7.30.0 prior to 8.21.0. It is, therefore, affected by an improper certificate validation vulnerability: - A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even thoug...
curl: CVE-2026-8286: wrong STARTTLS connection reuse
A vulnerability was found in the Curl library that allowed a plain-text connection to reuse an existing SSL-upgraded connection without verifying the SSL configuration. This could lead to a man-in-the-middle attack if an attacker was able to intercept the initial STARTTLS upgrade. The issue was...