Security update for curl SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:20347-1 Final 1 1 2026-02-12T14:05:28Z current 2026-02-12T14:05:28Z 2026-02-12T14:05:28Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for curl This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-569 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-202620347-1/ Link for SUSE-SU-2026:20347-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024282.html E-Mail link for SUSE-SU-2026:20347-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1256105 SUSE Bug 1256105 https://www.suse.com/security/cve/CVE-2025-14017/ SUSE CVE CVE-2025-14017 page SUSE Linux Micro 6.0 curl-8.14.1-4.1 libcurl4-8.14.1-4.1 curl-8.14.1-4.1 as a component of SUSE Linux Micro 6.0 libcurl4-8.14.1-4.1 as a component of SUSE Linux Micro 6.0 When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. CVE-2025-14017 SUSE Linux Micro 6.0:curl-8.14.1-4.1 SUSE Linux Micro 6.0:libcurl4-8.14.1-4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620347-1/ https://www.suse.com/security/cve/CVE-2025-14017.html CVE-2025-14017 https://bugzilla.suse.com/1256105 SUSE Bug 1256105