Updated curl packages fix security vulnerabilities
Publication date: 10 Jan 2026Modification date: 10 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13034 , CVE-2025-14017 , CVE-2025-14524 , CVE-2025-14819 , CVE-2025-15079 , CVE-2025-15224
Description
curl is susceptible to a number of low severity security
vulnerabilities:
CVE-2025-14524: bearer token leak on cross-protocol redirect
CVE-2025-14819: OpenSSL partial chain store policy bypass
CVE-2025-15079: libssh knownhosts file vulnerability
CVE-2025-15224: libssh key passphrase bypass vulnerability
This release fixes these issues.
References
- https://bugs.mageia.org/show_bug.cgi?id=34944
- https://curl.se/docs/vuln-7.88.1.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13034
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224
SRPMS
9/core
- curl-7.88.1-4.9.mga9