MGASA-2023-0345 Updated curl packages fix security vulnerabilities

The updated Curl Mageia 8 and 9 packages contain a patch to fix CVE-2023-46218 The Mageia 9 packages als contain a patch to fix CVE-2023-46219. Curl in Mageia 8 does not need that patch because it is not affected by that issue...

MGASA-2022-0483 Updated curl packages fix security vulnerability

Another HSTS bypass via IDN. CVE-2022-43551 HTTP Proxy deny use-after-free. CVE-2022-43552...

MGASA-2021-0438 Updated curl packages fix security vulnerability

UAF and double-free in MQTT sending. CVE-2021-22945 Protocol downgrade required TLS bypassed. CVE-2021-22946 STARTTLS protocol injection via MITM. CVE-2021-22947...

MGASA-2015-0179 Updated curl packages fix security vulnerabilities

Updated curl packages fix security vulnerabilities: NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user CVE-2015-3143. When parsing HTTP cookies, if the parsed...

MGASA-2014-0444 Updated curl packages fix CVE-2014-3707

Updated curl packages fix security vulnerability: Symeon Paraschoudis discovered that the curleasyduphandle function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires...