Mageia Security

Mageia Advisories

URL: https://advisories.mageia.org

Updated: hace 20 horas 5 minutos

MGASA-2025-0247 - Updated thunderbird packgaes fix security vulnerabilities

23 Octubre, 2025 - 20:37

Publication date: 23 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-10527 , CVE-2025-10528 , CVE-2025-10529 , CVE-2025-10532 , CVE-2025-10533 , CVE-2025-10536 , CVE-2025-10537 , CVE-2025-11708 , CVE-2025-11709 , CVE-2025-11710 , CVE-2025-11711 , CVE-2025-11712 , CVE-2025-11713 , CVE-2025-11714 , CVE-2025-11715 Description CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could be modified CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other security fixes; please see the links. References

SRPMS 9/core

thunderbird-140.4.0-1.2.mga9
thunderbird-l10n-140.4.0-1.mga9

Categorías: Actualizaciones de Seguridad

MGASA-2025-0246 - Updated firefox, nss & rootcerts fix security vulnerabilities

23 Octubre, 2025 - 20:37

Publication date: 23 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-10527 , CVE-2025-10528 , CVE-2025-10529 , CVE-2025-10532 , CVE-2025-10533 , CVE-2025-10536 , CVE-2025-10537 , CVE-2025-11708 , CVE-2025-11709 , CVE-2025-11710 , CVE-2025-11711 , CVE-2025-11712 , CVE-2025-11713 , CVE-2025-11714 , CVE-2025-11715 Description CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could be modified CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other security fixes; please see the links. References

SRPMS 9/core

nss-3.117.0-1.mga9
rootcerts-20251003.00-1.mga9
firefox-140.4.0-1.2.mga9
firefox-l10n-140.4.0-1.mga9

Categorías: Actualizaciones de Seguridad

MGASA-2025-0245 - Updated nginx package fixes security vulnerability

22 Octubre, 2025 - 21:07

Publication date: 22 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53859 Description It was discovered that nginx contains a security issue in the ngx_mail_smtp_module which might allow an attacker to cause buffer over-read potentially resulting in sensitive information leak in a HTTP request to the authentication server (CVE-2025-53859). References

SRPMS 9/core

nginx-1.26.3-1.1.mga9

Categorías: Actualizaciones de Seguridad

MGASA-2025-0244 - Updated openssl packages fix a security vulnerability

22 Octubre, 2025 - 21:07

Publication date: 22 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9230 Description Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230) References

SRPMS 9/core

openssl-3.0.18-1.mga9

Categorías: Actualizaciones de Seguridad

MGASA-2025-0243 - Updated python-django packages fix a security vulnerability

22 Octubre, 2025 - 21:07

Publication date: 22 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-59681 , CVE-2025-59682 Description An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB). (CVE-2025-59681) An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory. (CVE-2025-59682) References

SRPMS 9/core

python-django-4.1.13-1.7.mga9

Categorías: Actualizaciones de Seguridad

MGASA-2025-0242 - Updated haproxy packages fix security vulnerability & bugs

22 Octubre, 2025 - 21:07

Publication date: 22 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-11230 Description Haproxy has a critical, a major, few medium and few minor bugs fixed in the last upstream version 2.8.16 of branch 2.8. Fixed critical bug list: - mjson: fix possible DoS when parsing numbers Fixed major bug list: - listeners: transfer connection accounting when switching listeners Fixed medium bugs list: - check: Requeue healthchecks on I/O events to handle check timeout - check: Set SOCKERR by default when a connection error is reported - checks: fix ALPN inheritance from server - dns: Reset reconnect tempo when connection is finally established - fd: Use the provided tgid in fd_insert() to get tgroup_info - h1: Allow reception if we have early data - h1/h2/h3: reject forbidden chars in the Host header field - h2/h3: reject some forbidden chars in :authority before reassembly - hlua: Add function to change the body length of an HTTP Message - hlua: Forbid any L6/L7 sample fetche functions from lua services - hlua: Report to SC when data were consumed on a lua socket - hlua: Report to SC when output data are blocked on a lua socket - http-client: Ask for more room when request data cannot be xferred - http-client: Don't wake http-client applet if nothing was xferred - http-client: Drain the request if an early response is received - http-client: Notify applet has more data to deliver until the EOM - http-client: Properly inc input data when HTX blocks are xferred - http-client: Test HTX_FL_EOM flag before commiting the HTX buffer - httpclient: Throw an error if an lua httpclient instance is reused - mux-h2: Properly handle connection error during preface sending - server: Duplicate healthcheck's alpn inherited from default server - ssl: ca-file directory mode must read every certificates of a file - ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers - ssl: create the mux immediately on early data - ssl: Fix 0rtt to the server - ssl: fix build with AWS-LC - threads: Disable the workaround to load libgcc_s on macOS References

SRPMS 9/core

haproxy-2.8.16-1.mga9

Categorías: Actualizaciones de Seguridad

MGASA-2025-0241 - Updated quictls packages with two security issues and bug fixes

20 Octubre, 2025 - 20:51

Publication date: 20 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9230 , CVE-2025-9232 Description Two security issues and miscellaneous minor bug fixes. Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230) Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232) References

SRPMS 9/core

quictls-3.0.18-1.mga9

Categorías: Actualizaciones de Seguridad

MGAA-2025-0086 - Updated rust packages fix bug

20 Octubre, 2025 - 20:51

Publication date: 20 Oct 2025
Type: bugfix
Affected Mageia releases : 9
Description The current version of rust in mga9 is not new enough to keep building Mozilla's applications. This update fixes the reported issue. References

https://bugs.mageia.org/show_bug.cgi?id=34500

SRPMS 9/core

rust-1.82.0-1.mga9

Categorías: Actualizaciones de Seguridad

MGAA-2025-0085 - Updated phpmyadmin packages fix bug

20 Octubre, 2025 - 20:51

Publication date: 20 Oct 2025
Type: bugfix
Affected Mageia releases : 9
Description Fixed "Delete" button not asking for confirmation when deleting a row. Fix error 500 when simulating a SET statement. Fixed PHP 8.4 deprecations in thecodingmachine/safe. References

SRPMS 9/core

phpmyadmin-5.2.3-1.mga9

Categorías: Actualizaciones de Seguridad

MGASA-2025-0240 - Updated expat packages fix security vulnerabilities

18 Octubre, 2025 - 17:49

Publication date: 18 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8176 , CVE-2025-59375 Description Improper restriction of xml entity expansion depth in libexpat. (CVE-2024-8176) This is an extension of the fix published in MGASA-2025-0109 that was determined by upstream to be incomplete. Libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. (CVE-2025-59375) References

SRPMS 9/core

expat-2.7.3-1.mga9

Categorías: Actualizaciones de Seguridad

MGASA-2025-0239 - Updated varnish & lighttpd packages fix security vulnerability

17 Octubre, 2025 - 02:40

Publication date: 17 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8671 Description It was discovered that a denial of service attack can be performed on cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the session, causing the server to consume unnecessary resources processing requests for which the response will not be delivered (CVE-2025-8671). References

SRPMS 9/core

varnish-7.7.3-1.mga9
lighttpd-1.4.80-1.3.mga9

Categorías: Actualizaciones de Seguridad

MGASA-2025-0238 - Updated fetchmail package fixes security vulnerability

14 Octubre, 2025 - 18:45

Publication date: 14 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-61962 Description It was discovered that fetchmail's SMTP client, when configured to authenticate, is susceptible to a protocol violation where, when a trusted but malicious or malfunctioning SMTP server responds to an authentication request with a "334" code but without a following blank on the line, it will attempt to start reading from memory address 0x1 to parse the server's SASL challenge. This event will usually cause a crash of fetchmail (CVE-2025-61962). References

SRPMS 9/core

fetchmail-6.5.6-1.mga9

Categorías: Actualizaciones de Seguridad

MGAA-2025-0084 - Updated viking package fix bug

14 Octubre, 2025 - 18:45

Publication date: 14 Oct 2025
Type: bugfix
Affected Mageia releases : 9
Description Viking no longer downloads Open Street Maps map tiles. This update fixes the reported issue. References

SRPMS 9/core

viking-1.10-2.1.mga9

Categorías: Actualizaciones de Seguridad

MGASA-2025-0237 - Updated open-vm-tools package fixes security vulnerability

11 Octubre, 2025 - 07:18

Publication date: 11 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-41244 Description It was discovered that open-vm-tools contains a local privilege escalation vulnerability. A malicious actor with non-administrative privileges on a guest VM may exploit this vulnerability to escalate privileges to root on the same VM (CVE-2025-41244). References

SRPMS 9/core

open-vm-tools-12.3.5-2.2.mga9

Categorías: Actualizaciones de Seguridad

MGAA-2025-0083 - Updated qarte package fixes bug

11 Octubre, 2025 - 07:18

Publication date: 11 Oct 2025
Type: bugfix
Affected Mageia releases : 9
Description When Qarte is started, the Arte TV window is blank. This update fixes the reported issue. References

SRPMS 9/core

qarte-5.13.0-1.mga9

Categorías: Actualizaciones de Seguridad

MGASA-2025-0236 - Updated microcode packages fix security vulnerabilities

10 Octubre, 2025 - 04:12

Publication date: 10 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-20109 , CVE-2025-22840 , CVE-2025-22839 , CVE-2025-20053 , CVE-2025-24305 , CVE-2025-21090 , CVE-2025-26403 , CVE-2025-32086 Description The updated package updates AMD cpu microcode for processor family 19h, adds AMD cpu microcode for processor family 1ah and fixes security vulnerabilities for Intel processors: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel® Processors may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2025-20109) Sequence of processor instructions leads to unexpected behavior for some Intel® Xeon® 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2025-22840) Insufficient granularity of access control in the OOB-MSM for some Intel® Xeon® 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. (CVE-2025-22839) Improper handling of overlap between protected memory ranges for some Intel® Xeon® 6 processor with Intel® TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-22889) Improper buffer restrictions for some Intel® Xeon® Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-20053) Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel® Xeon® processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-24305) Missing reference to active allocated resource for some Intel® Xeon® processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-21090) Out-of-bounds write in the memory subsystem for some Intel® Xeon® 6 processors when using Intel® SGX or Intel® TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-26403) Improperly implemented security check for standard in the DDRIO configuration for some Intel® Xeon® 6 Processors when using Intel® SGX or Intel® TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2025-32086) References

SRPMS 9/nonfree

microcode-0.20250812-1.mga9.nonfree

Categorías: Actualizaciones de Seguridad

MGASA-2025-0235 - Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

10 Octubre, 2025 - 04:12

Publication date: 10 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-38501 , CVE-2025-38553 , CVE-2025-38555 , CVE-2025-38560 , CVE-2025-38561 , CVE-2025-38562 , CVE-2025-38563 , CVE-2025-38565 , CVE-2025-38566 , CVE-2025-38568 , CVE-2025-38569 , CVE-2025-38571 , CVE-2025-38572 , CVE-2025-38574 , CVE-2025-38576 , CVE-2025-38577 , CVE-2025-38578 , CVE-2025-38579 , CVE-2025-38581 , CVE-2025-38583 , CVE-2025-38587 , CVE-2025-38588 , CVE-2025-38590 , CVE-2025-38601 , CVE-2025-38602 , CVE-2025-38604 , CVE-2025-38608 , CVE-2025-38609 , CVE-2025-38610 , CVE-2025-38611 , CVE-2025-38612 , CVE-2025-38615 , CVE-2025-38617 , CVE-2025-38618 , CVE-2025-38622 , CVE-2025-38623 , CVE-2025-38624 , CVE-2025-38625 , CVE-2025-38626 , CVE-2025-38630 , CVE-2025-38632 , CVE-2025-38634 , CVE-2025-38635 , CVE-2025-38639 , CVE-2025-38640 , CVE-2025-38644 , CVE-2025-38645 , CVE-2025-38646 , CVE-2025-38648 , CVE-2025-38650 , CVE-2025-38652 , CVE-2025-38653 , CVE-2025-38656 , CVE-2025-38659 , CVE-2025-38677 , CVE-2025-38679 , CVE-2025-38680 , CVE-2025-38681 , CVE-2025-38683 , CVE-2025-38684 , CVE-2025-38685 , CVE-2025-38687 , CVE-2025-38688 , CVE-2025-38691 , CVE-2025-38692 , CVE-2025-38693 , CVE-2025-38694 , CVE-2025-38695 , CVE-2025-38696 , CVE-2025-38697 , CVE-2025-38698 , CVE-2025-38699 , CVE-2025-38700 , CVE-2025-38701 , CVE-2025-38702 , CVE-2025-38706 , CVE-2025-38707 , CVE-2025-38708 , CVE-2025-38709 , CVE-2025-38711 , CVE-2025-38712 , CVE-2025-38713 , CVE-2025-38714 , CVE-2025-38715 , CVE-2025-38716 , CVE-2025-38718 , CVE-2025-38721 , CVE-2025-38723 , CVE-2025-38724 , CVE-2025-38725 , CVE-2025-38727 , CVE-2025-38728 , CVE-2025-38729 , CVE-2025-38730 , CVE-2025-38732 , CVE-2025-38734 , CVE-2025-38735 , CVE-2025-39673 , CVE-2025-39675 , CVE-2025-39676 , CVE-2025-39679 , CVE-2025-39681 , CVE-2025-39682 , CVE-2025-39683 , CVE-2025-39684 , CVE-2025-39685 , CVE-2025-39686 , CVE-2025-39687 , CVE-2025-39689 , CVE-2025-39691 , CVE-2025-39692 , CVE-2025-39693 , CVE-2025-39694 , CVE-2025-39701 , CVE-2025-39702 , CVE-2025-39703 , CVE-2025-39706 , CVE-2025-39709 , CVE-2025-39710 , CVE-2025-39711 , CVE-2025-39713 , CVE-2025-39714 , CVE-2025-39715 , CVE-2025-39716 , CVE-2025-39718 , CVE-2025-39719 , CVE-2025-39720 , CVE-2025-39721 , CVE-2025-39724 , CVE-2025-39730 , CVE-2025-39731 , CVE-2025-39734 Description Upstream kernel version 6.6.105 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel. The newer meta-task and mageia-repos packages are required to simplify the correct installation of the kernel-stable-userspace-headers (for backport kernel-stable) and back to kernel-userspace-headers (for 6.6 kernels) packages see https://bugs.mageia.org/show_bug.cgi?id=34545. For information about the vulnerabilities see the links. References

SRPMS 9/core

kernel-6.6.105-1.mga9
kmod-virtualbox-7.1.10-10.mga9
kmod-xtables-addons-3.24-86.mga9
mageia-repos-9-4.mga9
meta-task-9-4.mga9

Categorías: Actualizaciones de Seguridad

MGASA-2025-0234 - Updated kernel-linus packages fix security vulnerabilities

9 Octubre, 2025 - 21:24

Publication date: 09 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-38501 , CVE-2025-38553 , CVE-2025-38555 , CVE-2025-38560 , CVE-2025-38561 , CVE-2025-38562 , CVE-2025-38563 , CVE-2025-38565 , CVE-2025-38566 , CVE-2025-38568 , CVE-2025-38569 , CVE-2025-38571 , CVE-2025-38572 , CVE-2025-38574 , CVE-2025-38576 , CVE-2025-38577 , CVE-2025-38578 , CVE-2025-38579 , CVE-2025-38581 , CVE-2025-38583 , CVE-2025-38587 , CVE-2025-38588 , CVE-2025-38590 , CVE-2025-38601 , CVE-2025-38602 , CVE-2025-38604 , CVE-2025-38608 , CVE-2025-38609 , CVE-2025-38610 , CVE-2025-38611 , CVE-2025-38612 , CVE-2025-38615 , CVE-2025-38617 , CVE-2025-38618 , CVE-2025-38622 , CVE-2025-38623 , CVE-2025-38624 , CVE-2025-38625 , CVE-2025-38626 , CVE-2025-38630 , CVE-2025-38632 , CVE-2025-38634 , CVE-2025-38635 , CVE-2025-38639 , CVE-2025-38640 , CVE-2025-38644 , CVE-2025-38645 , CVE-2025-38646 , CVE-2025-38648 , CVE-2025-38650 , CVE-2025-38652 , CVE-2025-38653 , CVE-2025-38656 , CVE-2025-38659 , CVE-2025-38677 , CVE-2025-38679 , CVE-2025-38680 , CVE-2025-38681 , CVE-2025-38683 , CVE-2025-38684 , CVE-2025-38685 , CVE-2025-38687 , CVE-2025-38688 , CVE-2025-38691 , CVE-2025-38692 , CVE-2025-38693 , CVE-2025-38694 , CVE-2025-38695 , CVE-2025-38696 , CVE-2025-38697 , CVE-2025-38698 , CVE-2025-38699 , CVE-2025-38700 , CVE-2025-38701 , CVE-2025-38702 , CVE-2025-38706 , CVE-2025-38707 , CVE-2025-38708 , CVE-2025-38709 , CVE-2025-38711 , CVE-2025-38712 , CVE-2025-38713 , CVE-2025-38714 , CVE-2025-38715 , CVE-2025-38716 , CVE-2025-38718 , CVE-2025-38721 , CVE-2025-38723 , CVE-2025-38724 , CVE-2025-38725 , CVE-2025-38727 , CVE-2025-38728 , CVE-2025-38729 , CVE-2025-38730 , CVE-2025-38732 , CVE-2025-38734 , CVE-2025-38735 , CVE-2025-39673 , CVE-2025-39675 , CVE-2025-39676 , CVE-2025-39679 , CVE-2025-39681 , CVE-2025-39682 , CVE-2025-39683 , CVE-2025-39684 , CVE-2025-39685 , CVE-2025-39686 , CVE-2025-39687 , CVE-2025-39689 , CVE-2025-39691 , CVE-2025-39692 , CVE-2025-39693 , CVE-2025-39694 , CVE-2025-39701 , CVE-2025-39702 , CVE-2025-39703 , CVE-2025-39706 , CVE-2025-39709 , CVE-2025-39710 , CVE-2025-39711 , CVE-2025-39713 , CVE-2025-39714 , CVE-2025-39715 , CVE-2025-39716 , CVE-2025-39718 , CVE-2025-39719 , CVE-2025-39720 , CVE-2025-39721 , CVE-2025-39724 , CVE-2025-39730 , CVE-2025-39731 , CVE-2025-39734 Description Vanilla upstream kernel version 6.6.105 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References

SRPMS 9/core

kernel-linus-6.6.105-1.mga9

Categorías: Actualizaciones de Seguridad

MGASA-2025-0233 - Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerabilities

16 Septiembre, 2025 - 17:34

Publication date: 16 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-30749 , CVE-2025-30754 , CVE-2025-30761 , CVE-2025-50059 , CVE-2025-50106 Description Better Glyph drawing. (CVE-2025-30749) Enhance TLS protocol support. (CVE-2025-30754) Improve scripting supports. (CVE-2025-30761) Improve HTTP client header handling. (CVE-2025-50059) Better Glyph drawing redux. (CVE-2025-50106) References

SRPMS 9/core

java-1.8.0-openjdk-1.8.0.462.b08-1.mga9
java-11-openjdk-11.0.28.0.6-1.mga9
java-17-openjdk-17.0.16.0.8-1.mga9
java-latest-openjdk-24.0.2.0.12-1.rolling.1.mga9

Categorías: Actualizaciones de Seguridad

MGASA-2025-0232 - Updated curl packages fix security vulnerability

11 Septiembre, 2025 - 18:02

Publication date: 11 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9086 Description curl is susceptible to an out-of-bounds read in the cookie handler that could either cause a crash or potentially make allow a clear-text site to override the contents of a secure cookie. This release also fixes a rare memory leak in HTTP trailers. References

SRPMS 9/core

curl-7.88.1-4.8.mga9

Categorías: Actualizaciones de Seguridad