[CLSA-2026:1783937975] Fix CVE(s): CVE-2026-11856
Type:
security
Severity:
Moderate
Release date:
2026-07-13 10:19:50 UTC
Description:
* SECURITY UPDATE: cross-origin Digest authentication state leak - debian/patches/CVE-2026-11856.patch: flush the cached Digest state in lib/http_digest.c, lib/urldata.h and lib/curl_sasl.c when the origin or credentials it was created for change on a reused handle, so an Authorization/Proxy-Authorization header is not sent to a different origin. - CVE-2026-11856
CVEs fixed:
Updated packages:
  • curl_7.47.0-1ubuntu2.23+tuxcare.els16_amd64.deb
    sha:9a9c721830bcc9b942829b46fb055296f61e6746
  • libcurl3_7.47.0-1ubuntu2.23+tuxcare.els16_amd64.deb
    sha:498ee8a9807cb877af4726cf9b5a0546328ed77b
  • libcurl3-gnutls_7.47.0-1ubuntu2.23+tuxcare.els16_amd64.deb
    sha:3e5c1f942cc065b9c73ec76952022e822f96105b
  • libcurl3-nss_7.47.0-1ubuntu2.23+tuxcare.els16_amd64.deb
    sha:31bed612281115b9cc4cf16a02dcd676e89363b6
  • libcurl4-doc_7.47.0-1ubuntu2.23+tuxcare.els16_all.deb
    sha:095f49f6c69e653956d8900bd990c74989c95a89
  • libcurl4-gnutls-dev_7.47.0-1ubuntu2.23+tuxcare.els16_amd64.deb
    sha:9009f45c00f33e25331981c8faa58d68e880e3c5
  • libcurl4-nss-dev_7.47.0-1ubuntu2.23+tuxcare.els16_amd64.deb
    sha:42dcd67eec2857489ebe0c9b0d40aa7737614bc1
  • libcurl4-openssl-dev_7.47.0-1ubuntu2.23+tuxcare.els16_amd64.deb
    sha:371156c4931f4a9bbb95456bf77a2afbb03d028b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.