Lector de Feeds
MGASA-2025-0164 - Updated glibc packages fix security vulnerability
Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4802 Description An untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library versions 2.27 to 2.38 allows attacker-controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). (CVE-2025-4802) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4802 Description An untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library versions 2.27 to 2.38 allows attacker-controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). (CVE-2025-4802) References
- https://bugs.mageia.org/show_bug.cgi?id=34286
- https://www.openwall.com/lists/oss-security/2025/05/16/7
- https://www.openwall.com/lists/oss-security/2025/05/17/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802
- glibc-2.36-56.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0163 - Updated iputils packages fix security vulnerability
Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47268 Description ping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication. (CVE-2025-47268 References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47268 Description ping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication. (CVE-2025-47268 References
- https://bugs.mageia.org/show_bug.cgi?id=34297
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LHFUD3TRXO7AHOVSFWLKP2MKB77PEQBK/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47268
- iputils-20221126-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0162 - Updated zsync packages fix security vulnerabilities
Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4638 Description Improper Pointer Arithmetic in pcl. (CVE-2025-4638) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4638 Description Improper Pointer Arithmetic in pcl. (CVE-2025-4638) References
- https://bugs.mageia.org/show_bug.cgi?id=34301
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPTP7IW7Z54KXHWHH6JSVJ75RDCVQ4Z7/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4638
- zsync-0.6.2-11.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0161 - Updated nodejs packages fix security vulnerabilities
Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23165 , CVE-2025-23166 , CVE-2025-23167 Description Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo& args) when args[0] is a string. (CVE-2025-23165) Improper error handling in async cryptographic operations crashes process. (CVE-2025-23166) Improper HTTP header block termination in llhttp. (CVE-2025-23167) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23165 , CVE-2025-23166 , CVE-2025-23167 Description Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo& args) when args[0] is a string. (CVE-2025-23165) Improper error handling in async cryptographic operations crashes process. (CVE-2025-23166) Improper HTTP header block termination in llhttp. (CVE-2025-23167) References
- https://bugs.mageia.org/show_bug.cgi?id=34278
- https://nodejs.org/en/blog/vulnerability/may-2025-security-releases
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23165
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23166
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23167
- nodejs-22.16.0-1.mga9
Categorías: Actualizaciones de Seguridad
