CLSA-2026-1779358008

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1779358008.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1779358008
Upstream
  • CVE-2026-5773
Published
2026-05-21T10:06:53Z
Modified
2026-06-04T09:47:04.653917611Z
Summary
Fix CVE(s): CVE-2026-5773
Details
  • SECURITY UPDATE: libcurl may reuse the wrong connection for SMB(S) transfers, leading to access of an unintended SMB share with the same credentials.
    • debian/patches/CVE-2026-5773.patch: disable connection reuse for SMB(S) in lib/url.c by returning early from ConnectionExists() when the requested protocol is SMB or SMBS.
    • CVE-2026-5773
  • test46-bump-cookie-expiry.patch: bump the hard-coded cookie expiry timestamp in tests/data/test46 from 2025-02-10 to 2099-01-01 so the cookie-jar test no longer fails on systems whose wall clock has advanced past February 2025.
References

Affected packages

TuxCare:Ubuntu:16.04
curl

Package

Name
curl
Purl
pkg:deb/tuxcare/curl?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.47.0-1ubuntu2.23+tuxcare.els14

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1779358008.json"
libcurl3

Package

Name
libcurl3
Purl
pkg:deb/tuxcare/libcurl3?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.47.0-1ubuntu2.23+tuxcare.els14

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1779358008.json"
libcurl3-gnutls

Package

Name
libcurl3-gnutls
Purl
pkg:deb/tuxcare/libcurl3-gnutls?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.47.0-1ubuntu2.23+tuxcare.els14

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1779358008.json"
libcurl3-nss

Package

Name
libcurl3-nss
Purl
pkg:deb/tuxcare/libcurl3-nss?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.47.0-1ubuntu2.23+tuxcare.els14

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1779358008.json"
libcurl4-doc

Package

Name
libcurl4-doc
Purl
pkg:deb/tuxcare/libcurl4-doc?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.47.0-1ubuntu2.23+tuxcare.els14

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1779358008.json"
libcurl4-gnutls-dev

Package

Name
libcurl4-gnutls-dev
Purl
pkg:deb/tuxcare/libcurl4-gnutls-dev?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.47.0-1ubuntu2.23+tuxcare.els14

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1779358008.json"
libcurl4-nss-dev

Package

Name
libcurl4-nss-dev
Purl
pkg:deb/tuxcare/libcurl4-nss-dev?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.47.0-1ubuntu2.23+tuxcare.els14

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1779358008.json"
libcurl4-openssl-dev

Package

Name
libcurl4-openssl-dev
Purl
pkg:deb/tuxcare/libcurl4-openssl-dev?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.47.0-1ubuntu2.23+tuxcare.els14

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1779358008.json"