Lector de Feeds
MGASA-2025-0151 - Updated thunderbird packages fix security vulnerabilities
Publication date: 08 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4083 , CVE-2025-4087 , CVE-2025-4091 , CVE-2025-4093 Description Process isolation bypass using "javascript:" URI links in cross-origin frames. (CVE-2025-4083) Unsafe attribute access during XPath parsing. (CVE-2025-4087) Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. (CVE-2025-4091) Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10. (CVE-2025-4093) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4083 , CVE-2025-4087 , CVE-2025-4091 , CVE-2025-4093 Description Process isolation bypass using "javascript:" URI links in cross-origin frames. (CVE-2025-4083) Unsafe attribute access during XPath parsing. (CVE-2025-4087) Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. (CVE-2025-4091) Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10. (CVE-2025-4093) References
- https://bugs.mageia.org/show_bug.cgi?id=34233
- https://www.thunderbird.net/en-US/thunderbird/128.10.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093
- thunderbird-128.10.0-1.mga9
- thunderbird-l10n-128.10.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0150 - Updated firefox packages fix security vulnerabilities
Publication date: 08 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4083 , CVE-2025-4087 , CVE-2025-4091 , CVE-2025-4093 Description A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape, CVE-2025-4083. A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption, CVE-2025-4087. Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code, CVE-2025-4091. Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code, CVE-2025-4093. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4083 , CVE-2025-4087 , CVE-2025-4091 , CVE-2025-4093 Description A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape, CVE-2025-4083. A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption, CVE-2025-4087. Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code, CVE-2025-4091. Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code, CVE-2025-4093. References
- https://bugs.mageia.org/show_bug.cgi?id=34232
- https://www.mozilla.org/en-US/firefox/128.10.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093
- firefox-128.10.0-1.mga9
- firefox-l10n-128.10.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0045 - Updated yt-dlp packages fix bug
Publication date: 08 May 2025
Type: bugfix
Affected Mageia releases : 9
Description Changes in Youtube's API make applications that use yt-dlp fail or even crash. This update fixes the issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Changes in Youtube's API make applications that use yt-dlp fail or even crash. This update fixes the issue. References SRPMS 9/core
- yt-dlp-2025.04.30-1.mga9
Categorías: Actualizaciones de Seguridad
Vendored dependencies
See Also: Add Trustify
← Older revision Revision as of 09:12, 7 May 2025 Line 125: Line 125: * [https://vuln.go.dev/ Go Vulnerability Database] * [https://vuln.go.dev/ Go Vulnerability Database] * [https://guac.sh/ GUAC] SBOM management tool * [https://guac.sh/ GUAC] SBOM management tool +* [https://github.com/trustification/trustify Trustify] SBOM management tool * [https://github.com/anchore/grype grype], tool that can look up security issues from a SPDX SBOM * [https://github.com/anchore/grype grype], tool that can look up security issues from a SPDX SBOM * [https://trivy.dev/ Trivy], tool that can look up security issues from a SPDX SBOM * [https://trivy.dev/ Trivy], tool that can look up security issues from a SPDX SBOM [[Category:Packaging]] [[Category:Packaging]] Danf
Categorías: Wiki de Mageia
MGASA-2025-0149 - Updated pam packages fix security vulnerability
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10041 Description libpam vulnerable to leaking hashed passwords. (CVE-2024-10041) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10041 Description libpam vulnerable to leaking hashed passwords. (CVE-2024-10041) References
- https://bugs.mageia.org/show_bug.cgi?id=34219
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/S3CBZDTRIQZKAUHHWFBJKJ7PYA7BPARL/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10041
- pam-1.5.2-5.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0148 - Updated graphicsmagick packages fix security vulnerabilities
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32460 Description GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. (CVE-2025-32460) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32460 Description GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. (CVE-2025-32460) References
- https://bugs.mageia.org/show_bug.cgi?id=34218
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/6QYCKFE7IU3HOGGUF42EURRWALAXSG4Z/
- https://lists.debian.org/debian-security-announce/2025/msg00067.html
- https://lists.suse.com/pipermail/sle-updates/2025-April/039065.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32460
- graphicsmagick-1.3.40-1.2.mga9
- graphicsmagick-1.3.40-1.2.mga9.tainted
Categorías: Actualizaciones de Seguridad
MGASA-2025-0147 - Updated apache-mod_auth_openidc packages fix security vulnerability
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31492 Description mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data. (CVE-2025-31492) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31492 Description mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data. (CVE-2025-31492) References
- https://bugs.mageia.org/show_bug.cgi?id=34216
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4RNEMKHJH72IHWVOIEQAKSXHOSDXQN3A/
- https://lists.debian.org/debian-security-announce/2025/msg00066.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z7RSITAKS2ICGANCQP2TDUHMS2LZDXR/
- https://ubuntu.com/security/notices/USN-7446-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31492
- apache-mod_auth_openidc-2.4.13.2-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0146 - Updated kernel-linus packages fix security vulnerabilities
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-53034 , CVE-2025-21955 , CVE-2025-21956 , CVE-2025-21957 , CVE-2025-21959 , CVE-2025-21960 , CVE-2025-21962 , CVE-2025-21963 , CVE-2025-21964 , CVE-2025-21966 , CVE-2025-21967 , CVE-2025-21968 , CVE-2025-21969 , CVE-2025-21970 , CVE-2025-21971 , CVE-2025-21975 , CVE-2025-21978 , CVE-2025-21979 , CVE-2025-21980 , CVE-2025-21981 , CVE-2025-21986 , CVE-2025-21991 , CVE-2025-21992 , CVE-2025-21993 , CVE-2025-21994 , CVE-2025-21995 , CVE-2025-21996 , CVE-2025-21997 , CVE-2025-21999 , CVE-2025-22001 , CVE-2025-22003 , CVE-2025-22004 , CVE-2025-22005 , CVE-2025-22007 , CVE-2025-22008 , CVE-2025-22009 , CVE-2025-22010 , CVE-2025-22013 , CVE-2025-22014 , CVE-2025-22015 , CVE-2025-22018 , CVE-2025-22020 , CVE-2025-22021 , CVE-2025-22025 , CVE-2025-22027 , CVE-2025-22029 , CVE-2025-22033 , CVE-2025-22035 , CVE-2025-22038 , CVE-2025-22040 , CVE-2025-22041 , CVE-2025-22042 , CVE-2025-22043 , CVE-2025-22044 , CVE-2025-22045 , CVE-2025-22047 , CVE-2025-22048 , CVE-2025-22049 , CVE-2025-22050 , CVE-2025-22053 , CVE-2025-22054 , CVE-2025-22055 , CVE-2025-22056 , CVE-2025-22057 , CVE-2025-22058 , CVE-2025-22060 , CVE-2025-22063 , CVE-2025-22064 , CVE-2025-22066 , CVE-2025-22071 , CVE-2025-22072 , CVE-2025-22073 , CVE-2025-22074 , CVE-2025-22075 , CVE-2025-22077 , CVE-2025-22079 , CVE-2025-22080 , CVE-2025-22081 , CVE-2025-22083 , CVE-2025-22086 , CVE-2025-22088 , CVE-2025-22089 , CVE-2025-22090 , CVE-2025-22093 , CVE-2025-22095 , CVE-2025-22097 , CVE-2025-22119 , CVE-2025-23136 , CVE-2025-23138 , CVE-2025-37785 , CVE-2025-37893 , CVE-2025-38152 , CVE-2025-38240 , CVE-2025-38575 , CVE-2025-38637 , CVE-2025-39728 , CVE-2025-39735 Description Vanilla upstream kernel version 6.6.88 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-53034 , CVE-2025-21955 , CVE-2025-21956 , CVE-2025-21957 , CVE-2025-21959 , CVE-2025-21960 , CVE-2025-21962 , CVE-2025-21963 , CVE-2025-21964 , CVE-2025-21966 , CVE-2025-21967 , CVE-2025-21968 , CVE-2025-21969 , CVE-2025-21970 , CVE-2025-21971 , CVE-2025-21975 , CVE-2025-21978 , CVE-2025-21979 , CVE-2025-21980 , CVE-2025-21981 , CVE-2025-21986 , CVE-2025-21991 , CVE-2025-21992 , CVE-2025-21993 , CVE-2025-21994 , CVE-2025-21995 , CVE-2025-21996 , CVE-2025-21997 , CVE-2025-21999 , CVE-2025-22001 , CVE-2025-22003 , CVE-2025-22004 , CVE-2025-22005 , CVE-2025-22007 , CVE-2025-22008 , CVE-2025-22009 , CVE-2025-22010 , CVE-2025-22013 , CVE-2025-22014 , CVE-2025-22015 , CVE-2025-22018 , CVE-2025-22020 , CVE-2025-22021 , CVE-2025-22025 , CVE-2025-22027 , CVE-2025-22029 , CVE-2025-22033 , CVE-2025-22035 , CVE-2025-22038 , CVE-2025-22040 , CVE-2025-22041 , CVE-2025-22042 , CVE-2025-22043 , CVE-2025-22044 , CVE-2025-22045 , CVE-2025-22047 , CVE-2025-22048 , CVE-2025-22049 , CVE-2025-22050 , CVE-2025-22053 , CVE-2025-22054 , CVE-2025-22055 , CVE-2025-22056 , CVE-2025-22057 , CVE-2025-22058 , CVE-2025-22060 , CVE-2025-22063 , CVE-2025-22064 , CVE-2025-22066 , CVE-2025-22071 , CVE-2025-22072 , CVE-2025-22073 , CVE-2025-22074 , CVE-2025-22075 , CVE-2025-22077 , CVE-2025-22079 , CVE-2025-22080 , CVE-2025-22081 , CVE-2025-22083 , CVE-2025-22086 , CVE-2025-22088 , CVE-2025-22089 , CVE-2025-22090 , CVE-2025-22093 , CVE-2025-22095 , CVE-2025-22097 , CVE-2025-22119 , CVE-2025-23136 , CVE-2025-23138 , CVE-2025-37785 , CVE-2025-37893 , CVE-2025-38152 , CVE-2025-38240 , CVE-2025-38575 , CVE-2025-38637 , CVE-2025-39728 , CVE-2025-39735 Description Vanilla upstream kernel version 6.6.88 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=34191
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.80
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.81
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.82
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.83
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.84
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.85
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.86
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.87
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.88
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53034
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21955
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21956
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21957
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21959
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21960
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21962
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21963
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21964
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21966
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21967
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21968
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21969
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21970
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21971
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21975
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21978
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21979
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21980
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21981
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21986
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21991
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21992
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21993
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21994
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21995
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21996
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21997
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21999
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22001
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22003
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22004
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22005
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22007
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22008
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22009
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22010
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22014
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22015
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22018
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22020
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22021
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22025
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22027
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22029
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22033
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22035
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22038
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22040
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22041
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22042
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22043
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22044
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22045
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22047
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22048
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22049
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22050
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22053
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22054
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22055
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22057
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22058
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22060
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22063
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22064
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22066
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22071
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22072
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22073
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22074
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22075
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22077
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22079
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22080
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22081
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22083
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22086
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22088
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22089
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22090
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22093
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22095
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22119
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23136
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37785
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37893
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38152
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38240
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38575
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38637
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39728
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39735
- kernel-linus-6.6.88-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0145 - Updated tomcat packages fix security vulnerabilities
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31650 , CVE-2025-31651 Description DoS via malformed HTTP/2 PRIORITY_UPDATE frame. (CVE-2025-31650) Bypass of rules in Rewrite Valve. (CVE-2025-31651) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31650 , CVE-2025-31651 Description DoS via malformed HTTP/2 PRIORITY_UPDATE frame. (CVE-2025-31650) Bypass of rules in Rewrite Valve. (CVE-2025-31651) References
- https://bugs.mageia.org/show_bug.cgi?id=34231
- https://www.openwall.com/lists/oss-security/2025/04/28/2
- https://www.openwall.com/lists/oss-security/2025/04/28/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31650
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651
- tomcat-9.0.104-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0144 - Updated fcgi packages fix security vulnerability
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23016 Description FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. (CVE-2025-23016) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23016 Description FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. (CVE-2025-23016) References
- https://bugs.mageia.org/show_bug.cgi?id=34222
- https://www.openwall.com/lists/oss-security/2025/04/23/4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23016
- fcgi-2.4.0-22.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0143 - Updated poppler packages fix security vulnerabilitiy
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43903 Description NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. (CVE-2025-43903) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43903 Description NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. (CVE-2025-43903) References
- https://bugs.mageia.org/show_bug.cgi?id=34238
- https://ubuntu.com/security/notices/USN-7471-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43903
- poppler-23.02.0-1.6.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0044 - Updated mariadb packages fix bug
Publication date: 05 May 2025
Type: bugfix
Affected Mageia releases : 9
Description Due to an script error introduced in the previous update mariadb server was not able to start on a clean install. Updated installations were not affected. However, this update makes mariadb work on clean and updated installations. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Due to an script error introduced in the previous update mariadb server was not able to start on a clean install. Updated installations were not affected. However, this update makes mariadb work on clean and updated installations. References SRPMS 9/core
- mariadb-11.4.5-3.mga9
Categorías: Actualizaciones de Seguridad
