Release date:
2026-07-13 10:19:50 UTC
Description:
* SECURITY UPDATE: cross-origin Digest authentication state leak
- debian/patches/CVE-2026-11856.patch: flush the cached Digest state in
lib/http_digest.c, lib/urldata.h and lib/curl_sasl.c when the origin or
credentials it was created for change on a reused handle, so an
Authorization/Proxy-Authorization header is not sent to a different
origin.
- CVE-2026-11856
Updated packages:
-
curl_7.47.0-1ubuntu2.23+tuxcare.els16_amd64.deb
sha:9a9c721830bcc9b942829b46fb055296f61e6746
-
libcurl3_7.47.0-1ubuntu2.23+tuxcare.els16_amd64.deb
sha:498ee8a9807cb877af4726cf9b5a0546328ed77b
-
libcurl3-gnutls_7.47.0-1ubuntu2.23+tuxcare.els16_amd64.deb
sha:3e5c1f942cc065b9c73ec76952022e822f96105b
-
libcurl3-nss_7.47.0-1ubuntu2.23+tuxcare.els16_amd64.deb
sha:31bed612281115b9cc4cf16a02dcd676e89363b6
-
libcurl4-doc_7.47.0-1ubuntu2.23+tuxcare.els16_all.deb
sha:095f49f6c69e653956d8900bd990c74989c95a89
-
libcurl4-gnutls-dev_7.47.0-1ubuntu2.23+tuxcare.els16_amd64.deb
sha:9009f45c00f33e25331981c8faa58d68e880e3c5
-
libcurl4-nss-dev_7.47.0-1ubuntu2.23+tuxcare.els16_amd64.deb
sha:42dcd67eec2857489ebe0c9b0d40aa7737614bc1
-
libcurl4-openssl-dev_7.47.0-1ubuntu2.23+tuxcare.els16_amd64.deb
sha:371156c4931f4a9bbb95456bf77a2afbb03d028b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.