Security update for curl SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0077-1 Final 1 1 2026-01-08T19:04:00Z current 2026-01-08T19:04:00Z 2026-01-08T19:04:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for curl This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP6-SAP-Azure-LI-BYOS-2026-77,Image SLES15-SP6-SAP-Azure-LI-BYOS-Production-2026-77,Image SLES15-SP6-SAP-Azure-VLI-BYOS-2026-77,Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production-2026-77,SUSE-2026-77,openSUSE-SLE-15.6-2026-77 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260077-1/ Link for SUSE-SU-2026:0077-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023712.html E-Mail link for SUSE-SU-2026:0077-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1256105 SUSE Bug 1256105 https://www.suse.com/security/cve/CVE-2025-14017/ SUSE CVE CVE-2025-14017 page Image SLES15-SP6-SAP-Azure-LI-BYOS Image SLES15-SP6-SAP-Azure-LI-BYOS-Production Image SLES15-SP6-SAP-Azure-VLI-BYOS Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production openSUSE Leap 15.6 curl-8.14.1-150600.4.37.1 libcurl4-8.14.1-150600.4.37.1 curl-fish-completion-8.14.1-150600.4.37.1 curl-zsh-completion-8.14.1-150600.4.37.1 libcurl-devel-8.14.1-150600.4.37.1 libcurl-devel-32bit-8.14.1-150600.4.37.1 libcurl-devel-64bit-8.14.1-150600.4.37.1 libcurl-devel-doc-8.14.1-150600.4.37.1 libcurl-mini4-8.14.1-150600.4.37.1 libcurl4-32bit-8.14.1-150600.4.37.1 libcurl4-64bit-8.14.1-150600.4.37.1 curl-8.14.1-150600.4.37.1 as a component of Image SLES15-SP6-SAP-Azure-LI-BYOS libcurl4-8.14.1-150600.4.37.1 as a component of Image SLES15-SP6-SAP-Azure-LI-BYOS curl-8.14.1-150600.4.37.1 as a component of Image SLES15-SP6-SAP-Azure-LI-BYOS-Production libcurl4-8.14.1-150600.4.37.1 as a component of Image SLES15-SP6-SAP-Azure-LI-BYOS-Production curl-8.14.1-150600.4.37.1 as a component of Image SLES15-SP6-SAP-Azure-VLI-BYOS libcurl4-8.14.1-150600.4.37.1 as a component of Image SLES15-SP6-SAP-Azure-VLI-BYOS curl-8.14.1-150600.4.37.1 as a component of Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production libcurl4-8.14.1-150600.4.37.1 as a component of Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production curl-8.14.1-150600.4.37.1 as a component of openSUSE Leap 15.6 libcurl-devel-8.14.1-150600.4.37.1 as a component of openSUSE Leap 15.6 libcurl-devel-32bit-8.14.1-150600.4.37.1 as a component of openSUSE Leap 15.6 libcurl4-8.14.1-150600.4.37.1 as a component of openSUSE Leap 15.6 libcurl4-32bit-8.14.1-150600.4.37.1 as a component of openSUSE Leap 15.6 When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. CVE-2025-14017 Image SLES15-SP6-SAP-Azure-LI-BYOS-Production:curl-8.14.1-150600.4.37.1 Image SLES15-SP6-SAP-Azure-LI-BYOS-Production:libcurl4-8.14.1-150600.4.37.1 Image SLES15-SP6-SAP-Azure-LI-BYOS:curl-8.14.1-150600.4.37.1 Image SLES15-SP6-SAP-Azure-LI-BYOS:libcurl4-8.14.1-150600.4.37.1 Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production:curl-8.14.1-150600.4.37.1 Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production:libcurl4-8.14.1-150600.4.37.1 Image SLES15-SP6-SAP-Azure-VLI-BYOS:curl-8.14.1-150600.4.37.1 Image SLES15-SP6-SAP-Azure-VLI-BYOS:libcurl4-8.14.1-150600.4.37.1 openSUSE Leap 15.6:curl-8.14.1-150600.4.37.1 openSUSE Leap 15.6:libcurl-devel-32bit-8.14.1-150600.4.37.1 openSUSE Leap 15.6:libcurl-devel-8.14.1-150600.4.37.1 openSUSE Leap 15.6:libcurl4-32bit-8.14.1-150600.4.37.1 openSUSE Leap 15.6:libcurl4-8.14.1-150600.4.37.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260077-1/ https://www.suse.com/security/cve/CVE-2025-14017.html CVE-2025-14017 https://bugzilla.suse.com/1256105 SUSE Bug 1256105