Release date:
2026-07-13 10:16:24 UTC
Description:
* SECURITY UPDATE: cross-origin Digest authentication state leak
- debian/patches/CVE-2026-11856.patch: flush the cached Digest state in
lib/http_digest.c, lib/urldata.h and lib/vauth/digest.c when the origin
or credentials it was created for change on a reused handle, so an
Authorization/Proxy-Authorization header is not sent to a different
origin.
- CVE-2026-11856
Updated packages:
-
curl_7.58.0-2ubuntu3.24+tuxcare.els12_amd64.deb
sha:88eb4c5f6063b734c5cdc33214cb01e38974f34c
-
libcurl3-gnutls_7.58.0-2ubuntu3.24+tuxcare.els12_amd64.deb
sha:3b7f6059cb198e038f7e3d83fc0e78f040aa4d8b
-
libcurl3-nss_7.58.0-2ubuntu3.24+tuxcare.els12_amd64.deb
sha:c8e7967a0f6c26d28f7db8e7881e0c740b9b5286
-
libcurl4_7.58.0-2ubuntu3.24+tuxcare.els12_amd64.deb
sha:e8cefe308e70538f7e02e26d31393d886ecc0c64
-
libcurl4-doc_7.58.0-2ubuntu3.24+tuxcare.els12_all.deb
sha:b618cf0680594db62ade1ddc6ccd4823a27dc8b1
-
libcurl4-gnutls-dev_7.58.0-2ubuntu3.24+tuxcare.els12_amd64.deb
sha:cec5f8d0f13e03a42c18052ceaa9431a71bd07f0
-
libcurl4-nss-dev_7.58.0-2ubuntu3.24+tuxcare.els12_amd64.deb
sha:6e322caa830dff73c8bca0614d4c02cb9adf0d07
-
libcurl4-openssl-dev_7.58.0-2ubuntu3.24+tuxcare.els12_amd64.deb
sha:0689d4d8cb1889311da9b5e7af96da6158a2bc74
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.