SB2026012375 - openEuler 20.03 LTS SP4 update for curl
Published: January 23, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Insufficiently protected credentials (CVE-ID: CVE-2025-14524)
The vulnerability allows an attacker to obtain bearer token,
The vulnerability exists due to an error when handling cross-protocol redirects. When an oauth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
2) Improper validation of certificate with host mismatch (CVE-ID: CVE-2025-15079)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists during SSH-based transfers due to the library mistakenly accepts connections to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file. A remote attacker can perform a MitM attack.
Note, the vulnerability affects libcurl builds that use libssh backend instead of libssh2.
3) Improper authentication (CVE-ID: CVE-2025-15224)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication. In such case the curl would wrongly still ask and authenticate using a locally running SSH agent.
Note, the vulnerability affects libcurl builds that use libssh backend instead of libssh2.
Remediation
Install update from vendor's website.