Updated curl packages fix security vulnerabilities
Publication date: 03 Apr 2025Modification date: 03 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0167 , CVE-2025-0665 , CVE-2025-0725
Description
When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. The fix was included previously as part of MGAA-2025-0004.
References
- https://bugs.mageia.org/show_bug.cgi?id=33992
- https://bugs.mageia.org/show_bug.cgi?id=33893
- https://curl.se/docs/CVE-2025-0167.html
- https://advisories.mageia.org/MGAA-2025-0004.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0167
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0665
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725
SRPMS
9/core
- curl-7.88.1-4.6.mga9