Lector de Feeds

Publication date: 12 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31344 Description The giflib open-source component has a buffer overflow vulnerability. (CVE-2025-31344) References

• https://bugs.mageia.org/show_bug.cgi?id=34178
• https://www.openwall.com/lists/oss-security/2025/04/07/3
• https://lists.suse.com/pipermail/sle-updates/2025-April/038931.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31344

SRPMS 9/core

• giflib-5.2.1-7.2.mga9

Publication date: 12 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32364 , CVE-2025-32365 Description A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. (CVE-2025-32364) Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. (CVE-2025-32365) References

• https://bugs.mageia.org/show_bug.cgi?id=34182
• https://ubuntu.com/security/notices/USN-7426-1
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/7MHRTVNCUQHLCEUDCYX24NK4ID3BMFG5/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32364
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32365

SRPMS 9/core

• poppler-23.02.0-1.5.mga9

Publication date: 12 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-30258 Description In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS". (CVE-2025-30258) References

• https://bugs.mageia.org/show_bug.cgi?id=34165
• https://ubuntu.com/security/notices/USN-7412-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258

SRPMS 9/core

• gnupg2-2.3.8-1.3.mga9

Publication date: 12 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-27795 Description ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. (CVE-2025-27795) References

• https://bugs.mageia.org/show_bug.cgi?id=34163
• https://lwn.net/Articles/1016352/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27795

SRPMS 9/core

• graphicsmagick-1.3.40-1.1.mga9

9/tainted

• graphicsmagick-1.3.40-1.1.mga9.tainted

Publication date: 12 Apr 2025
Type: bugfix
Affected Mageia releases : 9
Description Writer crashes in some circumstances when trying to edit or insert a TOC. This update fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34174
• https://bugs.documentfoundation.org/show_bug.cgi?id=163325

SRPMS 9/core

• libreoffice-24.2.7.2-1.2.mga9