CLSA-2026:1778275511

[CLSA-2026:1778275511] curl: Fix of CVE-2025-0167

Type:

security

Severity:

Low

Release date:

2026-05-08 21:25:16 UTC

Description:

- CVE-2025-0167: .netrc parser leaks 'default' credentials across redirects
  because parsenetrc() returns NETRC_SUCCESS for a 'default' block that
  carries no login/password, letting the caller mark the connection as
  netrc-sourced and reuse stale credentials on follow-ups
- Fix internal testing on i686

Updated packages:

curl-8.3.0-1.amzn2.0.12.tuxcare.els1.x86_64.rpm
sha:e665da84a0cf4dee34cc668df65c3f4eeee1aa05d5781e12cc63616d8a570d33
libcurl-8.3.0-1.amzn2.0.12.tuxcare.els1.i686.rpm
sha:cab30dcbd86c9f167eae9f9a85d2e717bdac01ded6d624aefb653aad5db8ae77
libcurl-8.3.0-1.amzn2.0.12.tuxcare.els1.x86_64.rpm
sha:550809e6b5a17e6213e105ef66f2a9e4ebf90ce264245c7a0f94c73e1919a6a0
libcurl-devel-8.3.0-1.amzn2.0.12.tuxcare.els1.x86_64.rpm
sha:b37547963a5af9709afde9c9e2d4ee05de97c28a0e0cb1747174bd3401f24065

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.