Updated curl packages fix security vulnerabilityPublication date: 05 Jul 2020
Affected Mageia releases : 7
CVE: CVE-2020-8169 , CVE-2020-8177
Updated curl packages fix security vulnerabilities: libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s) (CVE-2020-8169). curl can be tricked by a malicious server to overwrite a local file when using -J (--remote-header-name) and -i (--include) in the same command line (CVE-2020-8177). The curl package has been updated to version 7.71.0, fixing these issues and other bugs.