Package "libcurl4t64"
| Name: |
libcurl4t64
|
Description: |
easy-to-use client-side URL transfer library (OpenSSL flavour)
|
| Latest version: |
8.14.1-2ubuntu1.2 |
| Release: |
questing (25.10) |
| Level: |
security |
| Repository: |
main |
| Head package: |
curl |
| Homepage: |
https://curl.se/ |
Links
Download "libcurl4t64"
Other versions of "libcurl4t64" in Questing
Changelog
|
curl (8.14.1-2ubuntu1.2) questing-security; urgency=medium
* SECURITY UPDATE: bad reuse of HTTP Negotiate connection
- debian/patches/CVE-2026-1965-1.patch: fix reuse of connections using
HTTP Negotiate in lib/url.c.
- debian/patches/CVE-2026-1965-2.patch: fix copy and paste
url_match_auth_nego mistake in lib/url.c.
- CVE-2026-1965
* SECURITY UPDATE: token leak with redirect and netrc
- debian/patches/CVE-2026-3783.patch: only send bearer if auth is
allowed in lib/http.c, tests/data/Makefile.am, tests/data/test2006.
- CVE-2026-3783
* SECURITY UPDATE: wrong proxy connection reuse with credentials
- debian/patches/CVE-2026-3784.patch: add additional tests in
lib/url.c, tests/http/test_13_proxy_auth.py,
tests/http/testenv/curl.py.
- CVE-2026-3784
* SECURITY UPDATE: use after free in SMB connection reuse
- debian/patches/CVE-2026-3805.patch: free the path in the request
struct properly in lib/smb.c.
- CVE-2026-3805
-- Marc Deslauriers <email address hidden> Mon, 09 Mar 2026 09:15:00 -0400
|
| Source diff to previous version |
|
curl (8.14.1-2ubuntu1.1) questing-security; urgency=medium
* SECURITY UPDATE: cookie path out-of-bounds read
- debian/patches/CVE-2025-9086.patch: don't treat the
leading slash as trailing in lib/cookie.c
- CVE-2025-9086
* SECURITY UPDATE: predictable websocket frame mask
- debian/patches/CVE-2025-10148.patch: get a new mask for each
new outgoing frame in lib/ws.c
- CVE-2025-10148
* SECURITY UPDATE: wcurl output file directory escape
- debian/patches/CVE-2025-11563.patch: dont percent-decode
'/' or '\' in output file name in scripts/wcurl.c
- CVE-2025-11563
* SECURITY UPDATE: No QUIC certificate pinning with GnuTLS
- debian/patches/CVE-2025-13034.patch: call Curl_gtls_verifyserver
unconditionally in lib/vquic/vquic-tls.c.
- CVE-2025-13034
* SECURITY UPDATE: multi-threaded TSL options leak
- debian/patches/CVE-2025-14017.patch: call ldap_init() before
setting the options in lib/ldap.c
- CVE-2025-14017
* SECURITY UPDATE: bearer token leak on cross-protocol redirect
- debian/patches/CVE-2025-14524.patch: if redirected,
require permission to use bearer in lib/curl_sasl.c
- CVE-2025-14524
* SECURITY UPDATE: OpenSSL partial chain store policy bypass
- debian/patches/CVE-2025-14819.patch: toggling
CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache in
lib/vtls/openssl.c.
- CVE-2025-14819
-- Elise Hlady <email address hidden> Tue, 17 Feb 2026 15:07:06 -0800
|
| CVE-2025-9086 |
1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same |
| CVE-2025-10148 |
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask tha |
| CVE-2025-13034 |
When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certif |
| CVE-2025-14017 |
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally a |
| CVE-2025-14524 |
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, |
| CVE-2025-14819 |
When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally |
|
About
-
Send Feedback to @ubuntu_updates
