Advisories » MGASA-2025-0232

Updated curl packages fix security vulnerability

Publication date: 11 Sep 2025
Modification date: 11 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9086

Description

curl is susceptible to an out-of-bounds read in the cookie handler that
could either cause a crash or potentially make allow a clear-text site
to override the contents of a secure cookie. This release also fixes a
rare memory leak in HTTP trailers.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34623
• https://curl.se/docs/CVE-2025-9086.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086

SRPMS

9/core

• curl-7.88.1-4.8.mga9