Advisories ยป MGASA-2025-0123

Updated curl packages fix security vulnerabilities

Publication date: 03 Apr 2025
Modification date: 03 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0167 , CVE-2025-0665 , CVE-2025-0725

Description

When asked to use a .netrc file for credentials and to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances. The fix was included
previously as part of MGAA-2025-0004.
                

References

SRPMS

9/core