Fedora Account System
Red Hat Associate
Red Hat Customer
CVE-2025-9086: curl: Out of bounds read for cookie path [fedora-43] curl 8.15.0-5.fc43 is affected by CVE-2025-9086. Affected versions: curl 8.13.0 – 8.15.0 Fixed in: curl 8.16.0 Upstream fix: https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 p.s I didn't see a fix for this vulnerability in the package update history. https://bodhi.fedoraproject.org/updates/?packages=curl&release=F43 ref https://curl.se/docs/CVE-2025-9086.html Reproducible: Always
FEDORA-2026-d0bcb866d0 (curl-8.15.0-7.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2026-d0bcb866d0
FEDORA-2026-d0bcb866d0 has been pushed to the Fedora 43 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-d0bcb866d0` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-d0bcb866d0 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2026-d0bcb866d0 (curl-8.15.0-7.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report.