Release date:
2026-05-18 18:53:06 UTC
Description:
- CVE-2026-6276: when a libcurl easy handle is reused, a stale custom
Host: cookiehost survives into the next request and leaks cookies
meant for the spoofed host to the real peer; Curl_http_host() now
Curl_safefree()s aptr->cookiehost on every entry under the existing
!CURL_DISABLE_COOKIES guard
Updated packages:
-
curl-8.3.0-1.amzn2.0.12.tuxcare.els2.x86_64.rpm
sha:4513d751c7c1ac4d0a8b04a5b06bbc21c123dcd6413d4a51cad67a5a4f8fb042
-
libcurl-8.3.0-1.amzn2.0.12.tuxcare.els2.i686.rpm
sha:264678e928ccb3f3ef54aa127d79425e8daf57f4854d629afff13f6f0e48f227
-
libcurl-8.3.0-1.amzn2.0.12.tuxcare.els2.x86_64.rpm
sha:fc51dfdac6328372a42729f25fcacc61306303355d8990a31cf69d3a21f29d7e
-
libcurl-devel-8.3.0-1.amzn2.0.12.tuxcare.els2.x86_64.rpm
sha:0003ded0a7142f3447b42dadc1f2eeecef405d631b99580df916b672857348d7
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
