Bugs fixes in "curl"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2025-0167 | When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the follo | 2026-03-11 |
| CVE | CVE-2026-3784 | curl would wrongly reuse an existing HTTP proxy connection doing CONNE ... | 2026-03-11 |
| CVE | CVE-2026-3783 | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that ... | 2026-03-11 |
| CVE | CVE-2026-1965 | libcurl can in some circumstances reuse the wrong connection when aske ... | 2026-03-11 |
| CVE | CVE-2025-0167 | When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the follo | 2026-03-11 |
| CVE | CVE-2026-3784 | curl would wrongly reuse an existing HTTP proxy connection doing CONNE ... | 2026-03-11 |
| CVE | CVE-2026-3783 | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that ... | 2026-03-11 |
| CVE | CVE-2026-1965 | libcurl can in some circumstances reuse the wrong connection when aske ... | 2026-03-11 |
| CVE | CVE-2026-3805 | When doing a second SMB request to the same host again, curl would wro ... | 2026-03-11 |
| CVE | CVE-2026-3784 | curl would wrongly reuse an existing HTTP proxy connection doing CONNE ... | 2026-03-11 |
| CVE | CVE-2026-3783 | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that ... | 2026-03-11 |
| CVE | CVE-2026-1965 | libcurl can in some circumstances reuse the wrong connection when aske ... | 2026-03-11 |
| CVE | CVE-2025-0167 | When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the follo | 2026-03-11 |
| CVE | CVE-2025-0167 | When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the follo | 2026-03-11 |
| CVE | CVE-2025-15224 | When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate usi | 2026-02-25 |
| CVE | CVE-2025-15079 | When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts | 2026-02-25 |
| CVE | CVE-2025-14524 | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, | 2026-02-25 |
| CVE | CVE-2025-14017 | When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally a | 2026-02-25 |
| CVE | CVE-2025-15224 | When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate usi | 2026-02-25 |
| CVE | CVE-2025-15079 | When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts | 2026-02-25 |
About
-
Send Feedback to @ubuntu_updates
