Security update for curl SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0078-1 Final 1 1 2026-01-09T07:07:10Z current 2026-01-09T07:07:10Z 2026-01-09T07:07:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for curl This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sle-micro-rancher/5.2:latest-2026-78,Container suse/sle-micro/5.2/toolbox:latest-2026-78,SUSE-2026-78,SUSE-SUSE-MicroOS-5.2-2026-78 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260078-1/ Link for SUSE-SU-2026:0078-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023713.html E-Mail link for SUSE-SU-2026:0078-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1256105 SUSE Bug 1256105 https://www.suse.com/security/cve/CVE-2025-14017/ SUSE CVE CVE-2025-14017 page Container suse/sle-micro-rancher/5.2:latest Container suse/sle-micro/5.2/toolbox:latest SUSE Linux Enterprise Micro 5.2 curl-8.14.1-150200.4.100.1 libcurl4-8.14.1-150200.4.100.1 curl-fish-completion-8.14.1-150200.4.100.1 curl-zsh-completion-8.14.1-150200.4.100.1 libcurl-devel-8.14.1-150200.4.100.1 libcurl-devel-32bit-8.14.1-150200.4.100.1 libcurl-devel-64bit-8.14.1-150200.4.100.1 libcurl-devel-doc-8.14.1-150200.4.100.1 libcurl-mini4-8.14.1-150200.4.100.1 libcurl4-32bit-8.14.1-150200.4.100.1 libcurl4-64bit-8.14.1-150200.4.100.1 curl-8.14.1-150200.4.100.1 as a component of Container suse/sle-micro-rancher/5.2:latest libcurl4-8.14.1-150200.4.100.1 as a component of Container suse/sle-micro-rancher/5.2:latest curl-8.14.1-150200.4.100.1 as a component of Container suse/sle-micro/5.2/toolbox:latest libcurl4-8.14.1-150200.4.100.1 as a component of Container suse/sle-micro/5.2/toolbox:latest curl-8.14.1-150200.4.100.1 as a component of SUSE Linux Enterprise Micro 5.2 libcurl4-8.14.1-150200.4.100.1 as a component of SUSE Linux Enterprise Micro 5.2 When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. CVE-2025-14017 Container suse/sle-micro-rancher/5.2:latest:curl-8.14.1-150200.4.100.1 Container suse/sle-micro-rancher/5.2:latest:libcurl4-8.14.1-150200.4.100.1 Container suse/sle-micro/5.2/toolbox:latest:curl-8.14.1-150200.4.100.1 Container suse/sle-micro/5.2/toolbox:latest:libcurl4-8.14.1-150200.4.100.1 SUSE Linux Enterprise Micro 5.2:curl-8.14.1-150200.4.100.1 SUSE Linux Enterprise Micro 5.2:libcurl4-8.14.1-150200.4.100.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260078-1/ https://www.suse.com/security/cve/CVE-2025-14017.html CVE-2025-14017 https://bugzilla.suse.com/1256105 SUSE Bug 1256105