CLSA-2026-1774260216

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774260216.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1774260216
Upstream
Published
2026-03-23T10:03:44Z
Modified
2026-06-04T09:45:23.240856829Z
Summary
Fix CVE(s): CVE-2026-1965, CVE-2026-3783, CVE-2026-3784
Details
  • SECURITY UPDATE: reuse of connections using HTTP Negotiate
    • debian/patches/CVE-2026-1965.patch: fix reuse of connections using HTTP Negotiate and fix copy and paste urlmatchauth_nego mistake.
    • CVE-2026-1965
  • Bearer token sent without checking auth is allowed
    • debian/patches/CVE-2026-3783.patch: only send bearer if auth is allowed.
    • CVE-2026-3783
  • Proxy credential reuse across different credentials
    • debian/patches/CVE-2026-3784.patch: compare proxy credentials in proxyinfomatches to prevent connection reuse with wrong auth.
    • CVE-2026-3784
References

Affected packages

TuxCare:Debian:10
curl

Package

Name
curl
Purl
pkg:deb/tuxcare/curl?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.64.0-4+deb10u9+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774260216.json"
libcurl3-gnutls

Package

Name
libcurl3-gnutls
Purl
pkg:deb/tuxcare/libcurl3-gnutls?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.64.0-4+deb10u9+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774260216.json"
libcurl3-nss

Package

Name
libcurl3-nss
Purl
pkg:deb/tuxcare/libcurl3-nss?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.64.0-4+deb10u9+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774260216.json"
libcurl4

Package

Name
libcurl4
Purl
pkg:deb/tuxcare/libcurl4?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.64.0-4+deb10u9+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774260216.json"
libcurl4-doc

Package

Name
libcurl4-doc
Purl
pkg:deb/tuxcare/libcurl4-doc?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.64.0-4+deb10u9+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774260216.json"
libcurl4-gnutls-dev

Package

Name
libcurl4-gnutls-dev
Purl
pkg:deb/tuxcare/libcurl4-gnutls-dev?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.64.0-4+deb10u9+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774260216.json"
libcurl4-nss-dev

Package

Name
libcurl4-nss-dev
Purl
pkg:deb/tuxcare/libcurl4-nss-dev?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.64.0-4+deb10u9+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774260216.json"
libcurl4-openssl-dev

Package

Name
libcurl4-openssl-dev
Purl
pkg:deb/tuxcare/libcurl4-openssl-dev?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.64.0-4+deb10u9+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774260216.json"