ALSA-2026:1825

[ALSA-2026:1825] Moderate: curl security update

Type:

security

Severity:

moderate

Release date:

2026-02-05

Description:

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.  

Security Fix(es):  

  * curl: libcurl: Curl out of bounds read for cookie path (CVE-2025-9086)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libcurl-minimal-8.12.1-2.el10_1.2.aarch64.rpm	980ff9711cb365bf5fb6bab86dd89af039a383f8ad6d884966c029bd7d7b50ff
aarch64	libcurl-8.12.1-2.el10_1.2.aarch64.rpm	ca383caba7290c8170423e7f26813dea2ee8b2f82cc15e1d7a71ca8b9dcf4bc6
aarch64	curl-8.12.1-2.el10_1.2.aarch64.rpm	d8e04377679518295a2026abe951818ec7df37dc7309edb0983faee1bee9d911
aarch64	libcurl-devel-8.12.1-2.el10_1.2.aarch64.rpm	dff0ad82628380a9f089693963f39ae03214eb69d3e7a1defc9f010e8d8ab121
ppc64le	curl-8.12.1-2.el10_1.2.ppc64le.rpm	0d55860d1a79e21e12a8d59a9d9f0a34fa725e3898a171d37566941067decefa
ppc64le	libcurl-devel-8.12.1-2.el10_1.2.ppc64le.rpm	3e613b64c4eaa0e44fcbf995e307a9beceaf4092ad910825cf83a6f7f086cdad
ppc64le	libcurl-minimal-8.12.1-2.el10_1.2.ppc64le.rpm	d5f342371b371189cbbb3fa90f857f0d3ab2df56e899aba71b254d6df51d2a98
ppc64le	libcurl-8.12.1-2.el10_1.2.ppc64le.rpm	ddb6ca69b50048b87c3ae2d30b4c33f52fba1f9f8a4c8c92cdfd2d62f12257f2
s390x	curl-8.12.1-2.el10_1.2.s390x.rpm	4b3607defed84da5d2d52c80fe4e0fbd7f397a0e2f53479dc67c3c251987b72f
s390x	libcurl-8.12.1-2.el10_1.2.s390x.rpm	5114a7401a8e245e9a4b41ea50321bd20747bfa586fcf90284a869fd30957b2c
s390x	libcurl-minimal-8.12.1-2.el10_1.2.s390x.rpm	bea38a430128791bab6efd4aca41f8170ce77168296b80def25f5a708d7b1616
s390x	libcurl-devel-8.12.1-2.el10_1.2.s390x.rpm	f54ebab41c50772c3da69499a8606f23c3f2a9dfacd8847f9f997a5fd0cffe6e
x86_64	libcurl-devel-8.12.1-2.el10_1.2.x86_64.rpm	445c739c1f656c305aa6ae786cea4a84c31a2c7be2681d8720ceab7399e98983
x86_64	curl-8.12.1-2.el10_1.2.x86_64.rpm	9ef622b828bf9aa879a35394c89ad23e70af4028ab30669cd711753ff2276fe8
x86_64	libcurl-minimal-8.12.1-2.el10_1.2.x86_64.rpm	bb49cae8f17fcf8e585068a84c9aed5d6254eee3fab1954c5962686a63026fbf
x86_64	libcurl-8.12.1-2.el10_1.2.x86_64.rpm	f16b39bda24969741a754f5127ffbb877c16664cd24a120f200c1402e5fb038e
x86_64_v2	curl-8.12.1-2.el10_1.2.x86_64_v2.rpm	57d6e6c346937ecf12b03b11125c3ecb137f2f6b32b2151fbb6fd3600cffc844
x86_64_v2	libcurl-minimal-8.12.1-2.el10_1.2.x86_64_v2.rpm	aa783e14bee053230b09c9a1a41c0dcf4d00110acc61cbf8586cb895d39a3feb
x86_64_v2	libcurl-8.12.1-2.el10_1.2.x86_64_v2.rpm	dafd5064fc08becb4cfb580f7791891ad24edc494d9742039188687fad21bbc3
x86_64_v2	libcurl-devel-8.12.1-2.el10_1.2.x86_64_v2.rpm	e5eb96e1467e1a3eaf964edac1351028f70324ef2046d47154c898b81e6cb674

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.