[CLSA-2026:1784193045] Fix CVE(s): CVE-2026-8927
Type:
security
Severity:
Important
Release date:
2026-07-16 09:11:08 UTC
Description:
* SECURITY UPDATE: env-set cross-proxy Digest auth state leak (libcurl) - debian/patches/CVE-2026-8927.patch: detect env-proxy changes and flush state.proxydigest to prevent stale Digest auth replay across handle reuses in lib/url.c, lib/urldata.h. - debian/patches/CVE-2026-8927-tests.patch: add test1647 exercising env-set cross-proxy Digest auth state leak. - CVE-2026-8927
CVEs fixed:
Updated packages:
  • curl_7.68.0-1ubuntu2.25+tuxcare.els3_amd64.deb
    sha:19b89bf1f74825828a105e774088160515609709
  • libcurl3-gnutls_7.68.0-1ubuntu2.25+tuxcare.els3_amd64.deb
    sha:84b0156fd4133cf5f16b19ce46d21a2f4f766623
  • libcurl3-nss_7.68.0-1ubuntu2.25+tuxcare.els3_amd64.deb
    sha:622076442836833630d2aff2c7b84e0ab326970a
  • libcurl4_7.68.0-1ubuntu2.25+tuxcare.els3_amd64.deb
    sha:3aa95bd2d24cf36e84458cdeb05b705f1d01f2c8
  • libcurl4-doc_7.68.0-1ubuntu2.25+tuxcare.els3_all.deb
    sha:66181038ebfa91d417dfe635910f5948770a0e97
  • libcurl4-gnutls-dev_7.68.0-1ubuntu2.25+tuxcare.els3_amd64.deb
    sha:ca18a55336c52c662c94d7916a047602a42fe439
  • libcurl4-nss-dev_7.68.0-1ubuntu2.25+tuxcare.els3_amd64.deb
    sha:57e922a8c3da29b41e710d127b1a9f324cec98fc
  • libcurl4-openssl-dev_7.68.0-1ubuntu2.25+tuxcare.els3_amd64.deb
    sha:21513d39d55dcecb63750e773172b4f116399d87
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.