All supported repos (r15101[468], bloody) now have updated cURL packages with a patch for the aforementioned CVE. Please update at your convenience. A reboot is not required, but some services may need to be restarted that don't have proper SMF restart dependencies in them. Dan