Release date:
2026-05-21 10:03:16 UTC
Description:
* SECURITY UPDATE: libcurl may reuse the wrong connection for SMB(S)
transfers, leading to access of an unintended SMB share with the
same credentials.
- debian/patches/CVE-2026-5773.patch: disable connection reuse for
SMB(S) in lib/url.c by returning early from ConnectionExists() when
the requested protocol is SMB or SMBS.
- CVE-2026-5773
Updated packages:
-
curl_7.58.0-2ubuntu3.24+tuxcare.els9_amd64.deb
sha:0558f13cae06682d00314409c056aff0558a52fd
-
libcurl3-gnutls_7.58.0-2ubuntu3.24+tuxcare.els9_amd64.deb
sha:a0caa340878818762842f05fdb5b6476ae468446
-
libcurl3-nss_7.58.0-2ubuntu3.24+tuxcare.els9_amd64.deb
sha:71bad6a01abe50998580c2d36dc02740d6878a67
-
libcurl4_7.58.0-2ubuntu3.24+tuxcare.els9_amd64.deb
sha:35b7a7cca0b325f637fa44ff72d745e02903de38
-
libcurl4-doc_7.58.0-2ubuntu3.24+tuxcare.els9_all.deb
sha:c5a76e0adf4214b76728d557f6754f531f4df4b2
-
libcurl4-gnutls-dev_7.58.0-2ubuntu3.24+tuxcare.els9_amd64.deb
sha:e6cdcf82fbe85ebe18f6879975fb760db34d34b9
-
libcurl4-nss-dev_7.58.0-2ubuntu3.24+tuxcare.els9_amd64.deb
sha:cc88eb75b7d67656aae292f4f7e2e3e2c643fc72
-
libcurl4-openssl-dev_7.58.0-2ubuntu3.24+tuxcare.els9_amd64.deb
sha:afc827979361439d37773bddf732aff55643a27b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
