SUSE-SU-2026:1940-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-20261940-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1940-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2026:1940-1
Upstream
  • CVE-2026-4873
  • CVE-2026-5545
  • CVE-2026-6253
  • CVE-2026-6276
  • CVE-2026-6429
Related
  • CVE-2026-1965
  • CVE-2026-4873
  • CVE-2026-5545
  • CVE-2026-6253
  • CVE-2026-6276
  • CVE-2026-6429
Published
2026-05-18T07:44:20Z
Modified
2026-05-19T08:45:08.261772469Z
Summary
Security update for curl
Details

This update for curl fixes the following issues:

Security issues fixed:

  • CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631).
  • CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632).
  • CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635).
  • CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636).
  • CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638).

Other updates and bugfixes:

  • sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362).
References

Affected packages