CLSA-2026:1773134717

[CLSA-2026:1773134717] curl: Fix of 2 CVEs

Type:

security

Severity:

Low

Release date:

2026-03-10 09:25:22 UTC

Description:

- CVE-2025-14524: prevent bearer token leak on cross-protocol redirect
- CVE-2025-15079: set both SSH knownhosts options to the same file to prevent
  libssh global known_hosts override

Updated packages:

curl-7.61.1-22.el8.tuxcare.els16.x86_64.rpm
sha:6cf93e5a10f07c145cbdd6a9c5ba60dc8ae63a039448be9d01eeb2989a3ffe1d
curl-minimal-7.61.1-22.el8.tuxcare.els16.x86_64.rpm
sha:2b0368c1075cf296d0fe8f2d70fad04c9d5c6e2871d1ed27d365230d918a0475
libcurl-7.61.1-22.el8.tuxcare.els16.i686.rpm
sha:01f9eef963b9f03a807d6d19addcf2826d622461f5284e2c992aacbf2d9701cb
libcurl-7.61.1-22.el8.tuxcare.els16.x86_64.rpm
sha:1785868fd514127568dd244f06905e0f72614fbb5c629ee358b03ceb52ffee10
libcurl-devel-7.61.1-22.el8.tuxcare.els16.i686.rpm
sha:cd7f3ac38224ffe41d957501089199ec9084d55e53a9d9844bafe056ca1d41a1
libcurl-devel-7.61.1-22.el8.tuxcare.els16.x86_64.rpm
sha:352167ff7bbae0b7d7b3e3da09099381830447ea31ec956cf18ad252da37cd7d
libcurl-minimal-7.61.1-22.el8.tuxcare.els16.i686.rpm
sha:c3b23e2a89c6f6a02e35a7fdb210a9f6a7ff2ebd1e780212f79084f06dd00248
libcurl-minimal-7.61.1-22.el8.tuxcare.els16.x86_64.rpm
sha:f1d6618bebd3366a28889173510d7e7648920725816e5d4d5fcd005dc183f86d

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.