CLSA-2026-1772443907

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1772443907.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1772443907

Upstream

CVE-2025-14524

Published

2026-03-02T09:31:51Z

Modified

2026-06-04T09:45:16.899538198Z

Summary

Fix CVE(s): CVE-2025-14524

Details

SECURITY UPDATE: bearer token leakage to IMAP/LDAP/POP3/SMTP hosts via cross-protocol redirects
- debian/patches/CVE-2025-14524.patch: Require permission when redirected for bearer use and prevent sending bearer token to other hosts; fix unconditional reuse of oauth bearer during redirects.
- CVE-2025-14524

References

https://errata.tuxcare.com/els_os/debian10els/CLSA-2026-1772443907.html

Affected packages

TuxCare:Debian:10

curl

Package

Name: curl
Purl: pkg:deb/tuxcare/curl?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.64.0-4+deb10u9+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1772443907.json"

libcurl3-gnutls

Package

Name: libcurl3-gnutls
Purl: pkg:deb/tuxcare/libcurl3-gnutls?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.64.0-4+deb10u9+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1772443907.json"

libcurl3-nss

Package

Name: libcurl3-nss
Purl: pkg:deb/tuxcare/libcurl3-nss?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.64.0-4+deb10u9+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1772443907.json"

libcurl4

Package

Name: libcurl4
Purl: pkg:deb/tuxcare/libcurl4?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.64.0-4+deb10u9+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1772443907.json"

libcurl4-doc

Package

Name: libcurl4-doc
Purl: pkg:deb/tuxcare/libcurl4-doc?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.64.0-4+deb10u9+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1772443907.json"

libcurl4-gnutls-dev

Package

Name: libcurl4-gnutls-dev
Purl: pkg:deb/tuxcare/libcurl4-gnutls-dev?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.64.0-4+deb10u9+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1772443907.json"

libcurl4-nss-dev

Package

Name: libcurl4-nss-dev
Purl: pkg:deb/tuxcare/libcurl4-nss-dev?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.64.0-4+deb10u9+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1772443907.json"

libcurl4-openssl-dev

Package

Name: libcurl4-openssl-dev
Purl: pkg:deb/tuxcare/libcurl4-openssl-dev?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.64.0-4+deb10u9+tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1772443907.json"