Release date:
2026-07-14 08:44:18 UTC
Description:
- CVE-2026-10536: fix HTTP/2 stream-dependency use-after-free by making
CURLOPT_STREAM_DEPENDS/CURLOPT_STREAM_DEPENDS_E a no-op and stopping
h2_pri_spec() from emitting cross-stream dependency references
Updated packages:
-
curl-8.3.0-1.amzn2.0.12.tuxcare.els4.x86_64.rpm
sha:eaeca450fdbba71c31b2da8c8b5a29f6c2d4c789413706a31e896a137626befa
-
libcurl-8.3.0-1.amzn2.0.12.tuxcare.els4.i686.rpm
sha:612da2471e14040a36a18067d3d3aeea51309306397cedad99fe6f41eaf7fb11
-
libcurl-8.3.0-1.amzn2.0.12.tuxcare.els4.x86_64.rpm
sha:eb8f3b4cb12415bcc61dd7b4a2c4ae33038de98cb87acdefa79535d267a3f7c5
-
libcurl-devel-8.3.0-1.amzn2.0.12.tuxcare.els4.x86_64.rpm
sha:4e6c9381b2c266e452fd7cb19bf46da3f504202b633335c75bd1e38a65ec7eab
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.