Release date:
2026-03-02 09:31:51 UTC
Description:
* SECURITY UPDATE: bearer token leakage to IMAP/LDAP/POP3/SMTP hosts via
cross-protocol redirects
- debian/patches/CVE-2025-14524.patch: Require permission when redirected
for bearer use and prevent sending bearer token to other hosts; fix
unconditional reuse of oauth bearer during redirects.
- CVE-2025-14524
Updated packages:
-
curl_7.64.0-4+deb10u9+tuxcare.els1_amd64.deb
sha:0a2c933d802e76ba0b6c4af1f375f2bc6e4ca358
-
libcurl3-gnutls_7.64.0-4+deb10u9+tuxcare.els1_amd64.deb
sha:bac9bfd6822852691801680c7c0cab0846ef3b86
-
libcurl3-nss_7.64.0-4+deb10u9+tuxcare.els1_amd64.deb
sha:98ef3e68f569654b4322fe4cd93bb2caaa91420b
-
libcurl4_7.64.0-4+deb10u9+tuxcare.els1_amd64.deb
sha:7e4b5c5e05056649ef8cac09b25730ddfebc11ab
-
libcurl4-doc_7.64.0-4+deb10u9+tuxcare.els1_all.deb
sha:fb3b130b036e80829dab59b7bd9a81c26244bb31
-
libcurl4-gnutls-dev_7.64.0-4+deb10u9+tuxcare.els1_amd64.deb
sha:96784fd51d7f7b2842b5c1827c107a3f45e88496
-
libcurl4-nss-dev_7.64.0-4+deb10u9+tuxcare.els1_amd64.deb
sha:912f34a5444d06189d8d521ec9a346ab1777208d
-
libcurl4-openssl-dev_7.64.0-4+deb10u9+tuxcare.els1_amd64.deb
sha:99a93620602bd6c75cab8be60c0ee99cf2919223
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
