Fedora has recently announced two important security updates for its operating systems: one for curl in Fedora Linux 42 and another for libssh in the Fedora 43 beta version. The updates are aimed at addressing identified vulnerabilities to enhance system security.
The curl update pertains to version 8.11.1-6.fc42, which resolves two security issues:
- CVE-2025-9086: An out-of-bounds read vulnerability related to cookie paths.
- CVE-2025-10148: A predictable WebSocket mask vulnerability.
The update can be installed via the command line using the dnf package manager, ensuring that users can maintain a secure environment.
The libssh update, on the other hand, concerns version 0.11.3-1.fc43, which fixes two weaknesses:
- CVE-2025-8114: A NULL pointer dereference following an allocation failure.
- CVE-2025-8277: A memory leak issue related to ephemeral key pairs during repeated incorrect key exchange attempts.
Similar to the curl update, users can execute the update for libssh through the dnf command line.
Both updates underscore Fedora's commitment to security by ensuring software vulnerabilities are addressed promptly. Users are encouraged to perform these upgrades to protect their systems from potential exploits.
Moreover, users should consider implementing additional layers of security, such as firewalls, intrusion detection systems, and regular backups, to complement the software updates. By adopting a proactive approach to security, Fedora users can better safeguard their systems and data integrity against evolving cyber threats
The curl update pertains to version 8.11.1-6.fc42, which resolves two security issues:
- CVE-2025-9086: An out-of-bounds read vulnerability related to cookie paths.
- CVE-2025-10148: A predictable WebSocket mask vulnerability.
The update can be installed via the command line using the dnf package manager, ensuring that users can maintain a secure environment.
The libssh update, on the other hand, concerns version 0.11.3-1.fc43, which fixes two weaknesses:
- CVE-2025-8114: A NULL pointer dereference following an allocation failure.
- CVE-2025-8277: A memory leak issue related to ephemeral key pairs during repeated incorrect key exchange attempts.
Similar to the curl update, users can execute the update for libssh through the dnf command line.
Both updates underscore Fedora's commitment to security by ensuring software vulnerabilities are addressed promptly. Users are encouraged to perform these upgrades to protect their systems from potential exploits.
Extension
In addition to these updates, users should regularly check for other security patches and updates as part of their system maintenance routine. It's also beneficial for developers and system administrators to stay informed about emerging vulnerabilities and security best practices. Utilizing tools like Fedora's built-in security advisories and engaging with the Fedora community can further enhance awareness and preparedness against security threats.Moreover, users should consider implementing additional layers of security, such as firewalls, intrusion detection systems, and regular backups, to complement the software updates. By adopting a proactive approach to security, Fedora users can better safeguard their systems and data integrity against evolving cyber threats
Curl and LibSSH updates for Fedora
Two security updates have been released for Fedora: one for curl version 8.11.1-6.fc42 in Fedora Linux 42 and another for libssh version 0.11.3-1.fc43 in Fedora Linux 43 beta. The curl update fixes two vulnerabilities, CVE-2025-9086 (out-of-bounds read) and CVE-2025-10148 (predictable WebSocket mask), while the libssh update addresses two security weaknesses, CVE-2025-8114 (NULL pointer dereference) and CVE-2025-8277 (memory leak).
Fedora 42 Update: curl-8.11.1-6.fc42
Fedora 43 Update: libssh-0.11.3-1.fc43
