{"id":"MGASA-2026-0003","summary":"Updated curl packages fix security vulnerabilities","details":"curl is susceptible to a number of low severity security\nvulnerabilities:\nCVE-2025-14524: bearer token leak on cross-protocol redirect\nCVE-2025-14819: OpenSSL partial chain store policy bypass\nCVE-2025-15079: libssh knownhosts file vulnerability\nCVE-2025-15224: libssh key passphrase bypass vulnerability\nThis release fixes these issues.\n","modified":"2026-01-30T01:51:55.663499Z","published":"2026-01-10T05:07:52Z","related":["CVE-2025-13034","CVE-2025-14017","CVE-2025-14524","CVE-2025-14819","CVE-2025-15079","CVE-2025-15224"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0003.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34944"},{"type":"REPORT","url":"https://curl.se/docs/vuln-7.88.1.html"}],"affected":[{"package":{"name":"curl","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/curl?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.88.1-4.9.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0003.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}