Lector de Feeds
MGASA-2025-0292 - Updated python-django packages fix security vulnerability
Publication date: 15 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-64459 Description Potential SQL injection via ``_connector`` keyword argument in ``QuerySet`` and ``Q`` objects. (CVE-2025-64459) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-64459 Description Potential SQL injection via ``_connector`` keyword argument in ``QuerySet`` and ``Q`` objects. (CVE-2025-64459) References
- https://bugs.mageia.org/show_bug.cgi?id=34727
- https://www.openwall.com/lists/oss-security/2025/11/05/12
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64459
- python-django-4.1.13-1.8.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0096 - Updated mariadb packages fix bugs
Publication date: 15 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description This release brings many fixes in storage engines InnoDB and Aria It also has many fixes in replication and optimizer. For more details, see the long list in release notes. References
Type: bugfix
Affected Mageia releases : 9
Description This release brings many fixes in storage engines InnoDB and Aria It also has many fixes in replication and optimizer. For more details, see the long list in release notes. References
- https://bugs.mageia.org/show_bug.cgi?id=34744
- https://mariadb.com/docs/release-notes/community-server/11.4/11.4.9
- https://mariadb.com/docs/release-notes/community-server/11.4/11.4.8
- mariadb-11.4.9-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0291 - Updated webkit2 packages fix security vulnerabilities
Publication date: 14 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-27838 , CVE-2024-27851 , CVE-2024-40776 , CVE-2024-40779 , CVE-2024-40780 , CVE-2024-40782 , CVE-2024-40789 , CVE-2024-4558 Description CVE-2024-27838 A maliciously crafted webpage may be able to fingerprint the user. Description: The issue was addressed by adding additional logic. CVE-2024-27851 Processing maliciously crafted web content may lead to arbitrary code execution. Description: The issue was addressed with improved bounds checks. CVE-2024-40776 Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management. CVE-2024-40779 / CVE-2024-40780 Processing maliciously crafted web content may lead to an unexpected process crash. Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2024-40782 Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management. CVE-2024-40789 Processing maliciously crafted web content may lead to an unexpected process crash. Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2024-4558 Processing maliciously crafted web content may lead to an unexpected process crash. Description: Use after free in ANGLE allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-27838 , CVE-2024-27851 , CVE-2024-40776 , CVE-2024-40779 , CVE-2024-40780 , CVE-2024-40782 , CVE-2024-40789 , CVE-2024-4558 Description CVE-2024-27838 A maliciously crafted webpage may be able to fingerprint the user. Description: The issue was addressed by adding additional logic. CVE-2024-27851 Processing maliciously crafted web content may lead to arbitrary code execution. Description: The issue was addressed with improved bounds checks. CVE-2024-40776 Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management. CVE-2024-40779 / CVE-2024-40780 Processing maliciously crafted web content may lead to an unexpected process crash. Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2024-40782 Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management. CVE-2024-40789 Processing maliciously crafted web content may lead to an unexpected process crash. Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2024-4558 Processing maliciously crafted web content may lead to an unexpected process crash. Description: Use after free in ANGLE allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. References
- https://bugs.mageia.org/show_bug.cgi?id=33513
- https://webkitgtk.org/release/webkitgtk-2.44.4.html
- https://webkitgtk.org/2024/08/13/webkitgtk2.44.3-released.html
- https://webkitgtk.org/security/WSA-2024-0004.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27838
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27851
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40776
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40779
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40780
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40782
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40789
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4558
- webkit2-2.44.4-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0095 - Updated wine packages fix bugs
Publication date: 14 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description When installed or upgraded, "Wine" does not load all of the libraries it depends on. This update upgrades "Wine" to the bug release version 8.0.2 and fixes loading libraries that "Wine" requires. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description When installed or upgraded, "Wine" does not load all of the libraries it depends on. This update upgrades "Wine" to the bug release version 8.0.2 and fixes loading libraries that "Wine" requires. References SRPMS 9/core
- wine-8.0.2-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0290 - Updated ruby packages fix security vulnerabilities
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-25186 , CVE-2025-27219 , CVE-2025-27220 , CVE-2025-27221 Description Net::IMAP vulnerable to possible DoS by memory exhaustion. (CVE-2025-25186) In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies. (CVE-2025-27219) In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method. (CVE-2025-27220) In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. (CVE-2025-27221) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-25186 , CVE-2025-27219 , CVE-2025-27220 , CVE-2025-27221 Description Net::IMAP vulnerable to possible DoS by memory exhaustion. (CVE-2025-25186) In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies. (CVE-2025-27219) In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method. (CVE-2025-27220) In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. (CVE-2025-27221) References
- https://bugs.mageia.org/show_bug.cgi?id=34179
- https://ubuntu.com/security/notices/USN-7418-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25186
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27219
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27220
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27221
- ruby-3.1.5-47.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0289 - Updated python-py packages fix security vulnerability
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2022-42969 Description The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. (CVE-2022-42969) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2022-42969 Description The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. (CVE-2022-42969) References
- https://bugs.mageia.org/show_bug.cgi?id=31458
- https://lists.suse.com/pipermail/sle-security-updates/2023-January/013536.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ELXQR2N4BOTGP4YQAZGZJDQMETKR6DWY/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42969
- python-py-1.11.0-2.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0288 - Updated python-setuptools packages fix security vulnerability
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47273 Description Setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write. (CVE-2025-47273) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47273 Description Setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write. (CVE-2025-47273) References
- https://bugs.mageia.org/show_bug.cgi?id=34390
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ375SF7FQYZCXBVGMYYQXBL5RK5ORGD/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47273
- python-setuptools-65.5.0-3.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0287 - Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-2467 Description Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack). (CVE-2024-2467) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-2467 Description Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack). (CVE-2024-2467) References
- https://bugs.mageia.org/show_bug.cgi?id=34406
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5ZZGII2VWUPCN72PQNW3EQIGG3EPVBL/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2467
- perl-Crypt-OpenSSL-RSA-0.330.0-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0286 - Updated python-flask-cors packages fix security vulnerabilities
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-1681 , CVE-2024-6221 , CVE-2024-6839 , CVE-2024-6844 , CVE-2024-6866 Description Log Injection Vulnerability in corydolphin/flask-cors. (CVE-2024-1681) Improper Access Control in corydolphin/flask-cors. (CVE-2024-6221) Improper Regex Path Matching in corydolphin/flask-cors. (CVE-2024-6839) Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors. (CVE-2024-6844) Case-Insensitive Path Matching in corydolphin/flask-cors. (CVE-2024-6866) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-1681 , CVE-2024-6221 , CVE-2024-6839 , CVE-2024-6844 , CVE-2024-6866 Description Log Injection Vulnerability in corydolphin/flask-cors. (CVE-2024-1681) Improper Access Control in corydolphin/flask-cors. (CVE-2024-6221) Improper Regex Path Matching in corydolphin/flask-cors. (CVE-2024-6839) Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors. (CVE-2024-6844) Case-Insensitive Path Matching in corydolphin/flask-cors. (CVE-2024-6866) References
- https://bugs.mageia.org/show_bug.cgi?id=34424
- https://ubuntu.com/security/notices/USN-7612-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1681
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6221
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6839
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6844
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6866
- python-flask-cors-3.0.10-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0285 - Updated perl-Authen-SASL packages fix security vulnerability
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40918 Description Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. (CVE-2025-40918) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40918 Description Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. (CVE-2025-40918) References
- https://bugs.mageia.org/show_bug.cgi?id=34489
- https://www.openwall.com/lists/oss-security/2025/07/16/5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40918
- perl-Authen-SASL-2.160.0-13.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0284 - Updated perl-Cpanel-JSON-XS packages fix security vulnerability
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40929 Description Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. (CVE-2025-40929) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40929 Description Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. (CVE-2025-40929) References
- https://bugs.mageia.org/show_bug.cgi?id=34627
- https://www.openwall.com/lists/oss-security/2025/09/08/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40929
- perl-Cpanel-JSON-XS-4.350.0-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0283 - Updated perl-JSON-XS packages fix security vulnerability
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40928 Description JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. (CVE-2025-40928) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40928 Description JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. (CVE-2025-40928) References
- https://bugs.mageia.org/show_bug.cgi?id=34628
- https://www.openwall.com/lists/oss-security/2025/09/08/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40928
- perl-JSON-XS-4.30.0-5.1.mga9
Categorías: Actualizaciones de Seguridad
