[CLSA-2026:1784018641] curl: Fix of CVE-2026-10536
Type:
security
Severity:
Important
Release date:
2026-07-14 08:44:18 UTC
Description:
- CVE-2026-10536: fix HTTP/2 stream-dependency use-after-free by making CURLOPT_STREAM_DEPENDS/CURLOPT_STREAM_DEPENDS_E a no-op and stopping h2_pri_spec() from emitting cross-stream dependency references
CVEs fixed:
Updated packages:
  • curl-8.3.0-1.amzn2.0.12.tuxcare.els4.x86_64.rpm
    sha:eaeca450fdbba71c31b2da8c8b5a29f6c2d4c789413706a31e896a137626befa
  • libcurl-8.3.0-1.amzn2.0.12.tuxcare.els4.i686.rpm
    sha:612da2471e14040a36a18067d3d3aeea51309306397cedad99fe6f41eaf7fb11
  • libcurl-8.3.0-1.amzn2.0.12.tuxcare.els4.x86_64.rpm
    sha:eb8f3b4cb12415bcc61dd7b4a2c4ae33038de98cb87acdefa79535d267a3f7c5
  • libcurl-devel-8.3.0-1.amzn2.0.12.tuxcare.els4.x86_64.rpm
    sha:4e6c9381b2c266e452fd7cb19bf46da3f504202b633335c75bd1e38a65ec7eab
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.