Release date:
2026-03-23 10:03:44 UTC
Description:
* SECURITY UPDATE: reuse of connections using HTTP Negotiate
- debian/patches/CVE-2026-1965.patch: fix reuse of connections using
HTTP Negotiate and fix copy and paste url_match_auth_nego mistake.
- CVE-2026-1965
* Bearer token sent without checking auth is allowed
- debian/patches/CVE-2026-3783.patch: only send bearer if auth is
allowed.
- CVE-2026-3783
* Proxy credential reuse across different credentials
- debian/patches/CVE-2026-3784.patch: compare proxy credentials in
proxy_info_matches to prevent connection reuse with wrong auth.
- CVE-2026-3784
Updated packages:
-
curl_7.64.0-4+deb10u9+tuxcare.els3_amd64.deb
sha:97c75240669e95d5c51397a76d3e6c94446cb506
-
libcurl3-gnutls_7.64.0-4+deb10u9+tuxcare.els3_amd64.deb
sha:480f4c99d18b018ccae7546164152c4167a7b02c
-
libcurl3-nss_7.64.0-4+deb10u9+tuxcare.els3_amd64.deb
sha:65f8c5835c5ae77542093f1641d180a1c1edf650
-
libcurl4_7.64.0-4+deb10u9+tuxcare.els3_amd64.deb
sha:908a61c5f54078a4905f70aaf1627064de4905fc
-
libcurl4-doc_7.64.0-4+deb10u9+tuxcare.els3_all.deb
sha:d6df046b2689cef25595212e1fadfde9a5a3d519
-
libcurl4-gnutls-dev_7.64.0-4+deb10u9+tuxcare.els3_amd64.deb
sha:65c397f3bed0fafae637fd0c486770817ce0102a
-
libcurl4-nss-dev_7.64.0-4+deb10u9+tuxcare.els3_amd64.deb
sha:1f9a0532ca196e0e6eb7e09fdee0f7333b4d2172
-
libcurl4-openssl-dev_7.64.0-4+deb10u9+tuxcare.els3_amd64.deb
sha:c37f1956b8bf623c4b9110ebc2876562e523bfd2
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
