[CLSA-2026:1783937768] Fix CVE(s): CVE-2026-11856
Type:
security
Severity:
Moderate
Release date:
2026-07-13 10:16:24 UTC
Description:
* SECURITY UPDATE: cross-origin Digest authentication state leak - debian/patches/CVE-2026-11856.patch: flush the cached Digest state in lib/http_digest.c, lib/urldata.h and lib/vauth/digest.c when the origin or credentials it was created for change on a reused handle, so an Authorization/Proxy-Authorization header is not sent to a different origin. - CVE-2026-11856
CVEs fixed:
Updated packages:
  • curl_7.58.0-2ubuntu3.24+tuxcare.els12_amd64.deb
    sha:88eb4c5f6063b734c5cdc33214cb01e38974f34c
  • libcurl3-gnutls_7.58.0-2ubuntu3.24+tuxcare.els12_amd64.deb
    sha:3b7f6059cb198e038f7e3d83fc0e78f040aa4d8b
  • libcurl3-nss_7.58.0-2ubuntu3.24+tuxcare.els12_amd64.deb
    sha:c8e7967a0f6c26d28f7db8e7881e0c740b9b5286
  • libcurl4_7.58.0-2ubuntu3.24+tuxcare.els12_amd64.deb
    sha:e8cefe308e70538f7e02e26d31393d886ecc0c64
  • libcurl4-doc_7.58.0-2ubuntu3.24+tuxcare.els12_all.deb
    sha:b618cf0680594db62ade1ddc6ccd4823a27dc8b1
  • libcurl4-gnutls-dev_7.58.0-2ubuntu3.24+tuxcare.els12_amd64.deb
    sha:cec5f8d0f13e03a42c18052ceaa9431a71bd07f0
  • libcurl4-nss-dev_7.58.0-2ubuntu3.24+tuxcare.els12_amd64.deb
    sha:6e322caa830dff73c8bca0614d4c02cb9adf0d07
  • libcurl4-openssl-dev_7.58.0-2ubuntu3.24+tuxcare.els12_amd64.deb
    sha:0689d4d8cb1889311da9b5e7af96da6158a2bc74
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.