Release date:
2026-05-21 10:06:53 UTC
Description:
* SECURITY UPDATE: libcurl may reuse the wrong connection for SMB(S)
transfers, leading to access of an unintended SMB share with the
same credentials.
- debian/patches/CVE-2026-5773.patch: disable connection reuse for
SMB(S) in lib/url.c by returning early from ConnectionExists() when
the requested protocol is SMB or SMBS.
- CVE-2026-5773
* test46-bump-cookie-expiry.patch: bump the hard-coded cookie expiry
timestamp in tests/data/test46 from 2025-02-10 to 2099-01-01 so the
cookie-jar test no longer fails on systems whose wall clock has
advanced past February 2025.
Updated packages:
-
curl_7.47.0-1ubuntu2.23+tuxcare.els14_amd64.deb
sha:91345f56d7d4158545be3f07e7467a5d05730c2a
-
libcurl3_7.47.0-1ubuntu2.23+tuxcare.els14_amd64.deb
sha:f83aa6f9bae490d4f41183acfa99b7b800965caf
-
libcurl3-gnutls_7.47.0-1ubuntu2.23+tuxcare.els14_amd64.deb
sha:46594e31ccd1d234f352f848c6734989232dcda4
-
libcurl3-nss_7.47.0-1ubuntu2.23+tuxcare.els14_amd64.deb
sha:c6d13765642369bbc78e3e16aa91d918eae62b5e
-
libcurl4-doc_7.47.0-1ubuntu2.23+tuxcare.els14_all.deb
sha:8f172b3f611c1bc0acd216120481f2ed29516b6d
-
libcurl4-gnutls-dev_7.47.0-1ubuntu2.23+tuxcare.els14_amd64.deb
sha:84272afb6ef5b07398814fa97fb44d8a41cdaf95
-
libcurl4-nss-dev_7.47.0-1ubuntu2.23+tuxcare.els14_amd64.deb
sha:cb2cb668274a28b07db4d49a7154c077a9f327ec
-
libcurl4-openssl-dev_7.47.0-1ubuntu2.23+tuxcare.els14_amd64.deb
sha:80c2e545f9d06e24f45f48f520925eebab3f3fa9
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
