Release date:
2026-03-12 11:48:14 UTC
Description:
* SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect
- debian/patches/CVE-2025-14524.patch: do not use bearer when following
redirect unless allow_auth_to_other_hosts is set
- CVE-2025-14524
* SECURITY UPDATE: libssh global known_hosts override
- debian/patches/CVE-2025-15079.patch: set SSH_OPTIONS_GLOBAL_KNOWNHOSTS
to same path as SSH_OPTIONS_KNOWNHOSTS
- CVE-2025-15079
* Resolve test failure
- debian/patches/fix-test-46.patch: updated outdated cookies' timestamps
Updated packages:
-
curl_7.58.0-2ubuntu3.24+tuxcare.els7_amd64.deb
sha:105f62d038995f8686cff9c7051647213cf1c4d3
-
libcurl3-gnutls_7.58.0-2ubuntu3.24+tuxcare.els7_amd64.deb
sha:31f637123a1116f502e3a12c9cc6a1c225cbcd79
-
libcurl3-nss_7.58.0-2ubuntu3.24+tuxcare.els7_amd64.deb
sha:d370202bfa4a053a8b575549ae79f9ce5960579a
-
libcurl4_7.58.0-2ubuntu3.24+tuxcare.els7_amd64.deb
sha:59478a0d1bff72491072766efc487e980d1a15af
-
libcurl4-doc_7.58.0-2ubuntu3.24+tuxcare.els7_all.deb
sha:52058792c268aa864affbeb8e3a77ae368273893
-
libcurl4-gnutls-dev_7.58.0-2ubuntu3.24+tuxcare.els7_amd64.deb
sha:732dbe86a8583a08b9dbb62eb3003f1788f491ac
-
libcurl4-nss-dev_7.58.0-2ubuntu3.24+tuxcare.els7_amd64.deb
sha:7a21631f761fd3111a4f07ad630ba51220da09a0
-
libcurl4-openssl-dev_7.58.0-2ubuntu3.24+tuxcare.els7_amd64.deb
sha:f5546c270e8aefbde35dfb54ffd211acdff4126f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
