Release date:
2026-03-12 11:51:10 UTC
Description:
* SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect
- debian/patches/CVE-2025-14524.patch: do not use bearer when following
redirect unless allow_auth_to_other_hosts is set
- CVE-2025-14524
* SECURITY UPDATE: libssh global known_hosts override
- debian/patches/CVE-2025-15079-CVE-2025-15224.patch: set
SSH_OPTIONS_GLOBAL_KNOWNHOSTS to same path as SSH_OPTIONS_KNOWNHOSTS
- CVE-2025-15079
* SECURITY UPDATE: libssh key passphrase bypass without agent set
- debian/patches/CVE-2025-15079-CVE-2025-15224.patch: require private
key or CURLSSH_AUTH_AGENT for public key auth
- CVE-2025-15224
Updated packages:
-
curl_7.68.0-1ubuntu2.25+tuxcare.els1_amd64.deb
sha:d8d232071a914c1ada90cb9fbd90e6c9999f50de
-
libcurl3-gnutls_7.68.0-1ubuntu2.25+tuxcare.els1_amd64.deb
sha:726e58c1b5861e8e8c27973b3c1dfe8dbac35932
-
libcurl3-nss_7.68.0-1ubuntu2.25+tuxcare.els1_amd64.deb
sha:dcfff2c729f450d1eb10947638c8632cc6690424
-
libcurl4_7.68.0-1ubuntu2.25+tuxcare.els1_amd64.deb
sha:f75554437bc49ea90f18a552feb37b212b2c3f4a
-
libcurl4-doc_7.68.0-1ubuntu2.25+tuxcare.els1_all.deb
sha:5fe57d2f6b20b05d130df3db481233857fa511f9
-
libcurl4-gnutls-dev_7.68.0-1ubuntu2.25+tuxcare.els1_amd64.deb
sha:ec6e4d9c7a9659e465256140d43dcc508810243d
-
libcurl4-nss-dev_7.68.0-1ubuntu2.25+tuxcare.els1_amd64.deb
sha:4237a93276942a3c83cf9363f6f4188eb127f007
-
libcurl4-openssl-dev_7.68.0-1ubuntu2.25+tuxcare.els1_amd64.deb
sha:0b4009a864907e24ea7413535e348009833ad6a1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
