Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2025:03267-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2025:03267-1

UNKNOWN

Security update for curl

Published Sep 18, 2025

Modified 3 months ago

Fix available

Details

This update for curl fixes the following issues:

Security issues fixed:

CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191).
CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).

Other issues fixed:

Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
- tool_getparam: fix --ftp-pasv [5f805ee]
Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
- TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
- websocket: add option to disable auto-pong reply.
- huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.

Affected Packages

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOScurl

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOSlibcurl-devel

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOSlibcurl4

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOSlibcurl4-32bit

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSScurl

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSSlibcurl-devel

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSSlibcurl4

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSSlibcurl4-32bit

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOScurl

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOSlibcurl-devel

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOSlibcurl4

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOSlibcurl4-32bit

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSScurl

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSSlibcurl-devel

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSSlibcurl4

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSSlibcurl4-32bit

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Installer Updates 15 SP4curl

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Installer Updates 15 SP4libcurl4

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Installer Updates 15 SP5curl

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Installer Updates 15 SP5libcurl4

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Micro 5.3curl

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Micro 5.3libcurl4

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Micro 5.4curl

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Micro 5.4libcurl4

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Micro 5.5curl

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Micro 5.5libcurl4

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Server 15 SP4-LTSScurl

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Server 15 SP4-LTSSlibcurl-devel

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Server 15 SP4-LTSSlibcurl4

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Server 15 SP4-LTSSlibcurl4-32bit

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Server 15 SP5-LTSScurl

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Server 15 SP5-LTSSlibcurl-devel

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Server 15 SP5-LTSSlibcurl4

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Server 15 SP5-LTSSlibcurl4-32bit

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP4curl

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP4libcurl-devel

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP4libcurl4

Fixed in:

8.14.1-150400.5.69.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP4libcurl4-32bit

Fixed in:

8.14.1-150400.5.69.1

SUSE:Manager Proxy LTS 4.3curl

Fixed in:

8.14.1-150400.5.69.1

SUSE:Manager Proxy LTS 4.3libcurl-devel

Fixed in:

8.14.1-150400.5.69.1

SUSE:Manager Proxy LTS 4.3libcurl4

Fixed in:

8.14.1-150400.5.69.1

SUSE:Manager Proxy LTS 4.3libcurl4-32bit

Fixed in:

8.14.1-150400.5.69.1

SUSE:Manager Server LTS 4.3curl

Fixed in:

8.14.1-150400.5.69.1

SUSE:Manager Server LTS 4.3libcurl-devel

Fixed in:

8.14.1-150400.5.69.1

SUSE:Manager Server LTS 4.3libcurl4

Fixed in:

8.14.1-150400.5.69.1

SUSE:Manager Server LTS 4.3libcurl4-32bit

Fixed in:

8.14.1-150400.5.69.1

References

REPORThttps://bugzilla.suse.com/1246197 REPORThttps://bugzilla.suse.com/1249191 REPORThttps://bugzilla.suse.com/1249348 REPORThttps://bugzilla.suse.com/1249367 WEBhttps://www.suse.com/security/cve/CVE-2025-10148 WEBhttps://www.suse.com/security/cve/CVE-2025-9086 ADVISORYhttps://www.suse.com/support/update/announcement/2025/suse-su-202503267-1/

Upstream

CVE-2025-10148 CVE-2025-9086

Related

CVE-2025-10148 CVE-2025-9086

Ecosystems

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Installer Updates 15 SP4 SUSE Linux Enterprise Installer Updates 15 SP5 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Manager Proxy LTS 4.3 SUSE Manager Server LTS 4.3

Timeline

PublishedSep 18, 2025

ModifiedSep 18, 2025