CLSA-2026-1773316266

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1773316266.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1773316266
Upstream
Published
2026-03-12T11:51:10Z
Modified
2026-06-04T09:47:31.472433566Z
Summary
Fix CVE(s): CVE-2025-14524, CVE-2025-15079, CVE-2025-15224
Details
  • SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect
    • debian/patches/CVE-2025-14524.patch: do not use bearer when following redirect unless allowauthtootherhosts is set
    • CVE-2025-14524
  • SECURITY UPDATE: libssh global knownhosts override
    • debian/patches/CVE-2025-15079-CVE-2025-15224.patch: set SSHOPTIONSGLOBALKNOWNHOSTS to same path as SSHOPTIONSKNOWNHOSTS
    • CVE-2025-15079
  • SECURITY UPDATE: libssh key passphrase bypass without agent set
    • debian/patches/CVE-2025-15079-CVE-2025-15224.patch: require private key or CURLSSHAUTHAGENT for public key auth
    • CVE-2025-15224
References

Affected packages

TuxCare:Ubuntu:20.04
curl

Package

Name
curl
Purl
pkg:deb/tuxcare/curl?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.68.0-1ubuntu2.25+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1773316266.json"
libcurl3-gnutls

Package

Name
libcurl3-gnutls
Purl
pkg:deb/tuxcare/libcurl3-gnutls?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.68.0-1ubuntu2.25+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1773316266.json"
libcurl3-nss

Package

Name
libcurl3-nss
Purl
pkg:deb/tuxcare/libcurl3-nss?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.68.0-1ubuntu2.25+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1773316266.json"
libcurl4

Package

Name
libcurl4
Purl
pkg:deb/tuxcare/libcurl4?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.68.0-1ubuntu2.25+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1773316266.json"
libcurl4-doc

Package

Name
libcurl4-doc
Purl
pkg:deb/tuxcare/libcurl4-doc?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.68.0-1ubuntu2.25+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1773316266.json"
libcurl4-gnutls-dev

Package

Name
libcurl4-gnutls-dev
Purl
pkg:deb/tuxcare/libcurl4-gnutls-dev?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.68.0-1ubuntu2.25+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1773316266.json"
libcurl4-nss-dev

Package

Name
libcurl4-nss-dev
Purl
pkg:deb/tuxcare/libcurl4-nss-dev?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.68.0-1ubuntu2.25+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1773316266.json"
libcurl4-openssl-dev

Package

Name
libcurl4-openssl-dev
Purl
pkg:deb/tuxcare/libcurl4-openssl-dev?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.68.0-1ubuntu2.25+tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1773316266.json"