MGASA-2026-0003

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2026-0003.html

Import Source

https://advisories.mageia.org/MGASA-2026-0003.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2026-0003

Related

Published

2026-01-10T05:07:52Z

Modified

2026-02-04T04:22:36.139887Z

Summary

Updated curl packages fix security vulnerabilities

Details

curl is susceptible to a number of low severity security vulnerabilities: CVE-2025-14524: bearer token leak on cross-protocol redirect CVE-2025-14819: OpenSSL partial chain store policy bypass CVE-2025-15079: libssh knownhosts file vulnerability CVE-2025-15224: libssh key passphrase bypass vulnerability This release fixes these issues.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / curl

Package

Name: curl
Purl: pkg:rpm/mageia/curl?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.88.1-4.9.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0003.json"