Lector de Feeds
MGASA-2025-0149 - Updated pam packages fix security vulnerability
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10041 Description libpam vulnerable to leaking hashed passwords. (CVE-2024-10041) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10041 Description libpam vulnerable to leaking hashed passwords. (CVE-2024-10041) References
- https://bugs.mageia.org/show_bug.cgi?id=34219
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/S3CBZDTRIQZKAUHHWFBJKJ7PYA7BPARL/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10041
- pam-1.5.2-5.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0148 - Updated graphicsmagick packages fix security vulnerabilities
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32460 Description GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. (CVE-2025-32460) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32460 Description GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. (CVE-2025-32460) References
- https://bugs.mageia.org/show_bug.cgi?id=34218
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/6QYCKFE7IU3HOGGUF42EURRWALAXSG4Z/
- https://lists.debian.org/debian-security-announce/2025/msg00067.html
- https://lists.suse.com/pipermail/sle-updates/2025-April/039065.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32460
- graphicsmagick-1.3.40-1.2.mga9
- graphicsmagick-1.3.40-1.2.mga9.tainted
Categorías: Actualizaciones de Seguridad
MGASA-2025-0147 - Updated apache-mod_auth_openidc packages fix security vulnerability
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31492 Description mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data. (CVE-2025-31492) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31492 Description mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data. (CVE-2025-31492) References
- https://bugs.mageia.org/show_bug.cgi?id=34216
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4RNEMKHJH72IHWVOIEQAKSXHOSDXQN3A/
- https://lists.debian.org/debian-security-announce/2025/msg00066.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z7RSITAKS2ICGANCQP2TDUHMS2LZDXR/
- https://ubuntu.com/security/notices/USN-7446-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31492
- apache-mod_auth_openidc-2.4.13.2-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0146 - Updated kernel-linus packages fix security vulnerabilities
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-53034 , CVE-2025-21955 , CVE-2025-21956 , CVE-2025-21957 , CVE-2025-21959 , CVE-2025-21960 , CVE-2025-21962 , CVE-2025-21963 , CVE-2025-21964 , CVE-2025-21966 , CVE-2025-21967 , CVE-2025-21968 , CVE-2025-21969 , CVE-2025-21970 , CVE-2025-21971 , CVE-2025-21975 , CVE-2025-21978 , CVE-2025-21979 , CVE-2025-21980 , CVE-2025-21981 , CVE-2025-21986 , CVE-2025-21991 , CVE-2025-21992 , CVE-2025-21993 , CVE-2025-21994 , CVE-2025-21995 , CVE-2025-21996 , CVE-2025-21997 , CVE-2025-21999 , CVE-2025-22001 , CVE-2025-22003 , CVE-2025-22004 , CVE-2025-22005 , CVE-2025-22007 , CVE-2025-22008 , CVE-2025-22009 , CVE-2025-22010 , CVE-2025-22013 , CVE-2025-22014 , CVE-2025-22015 , CVE-2025-22018 , CVE-2025-22020 , CVE-2025-22021 , CVE-2025-22025 , CVE-2025-22027 , CVE-2025-22029 , CVE-2025-22033 , CVE-2025-22035 , CVE-2025-22038 , CVE-2025-22040 , CVE-2025-22041 , CVE-2025-22042 , CVE-2025-22043 , CVE-2025-22044 , CVE-2025-22045 , CVE-2025-22047 , CVE-2025-22048 , CVE-2025-22049 , CVE-2025-22050 , CVE-2025-22053 , CVE-2025-22054 , CVE-2025-22055 , CVE-2025-22056 , CVE-2025-22057 , CVE-2025-22058 , CVE-2025-22060 , CVE-2025-22063 , CVE-2025-22064 , CVE-2025-22066 , CVE-2025-22071 , CVE-2025-22072 , CVE-2025-22073 , CVE-2025-22074 , CVE-2025-22075 , CVE-2025-22077 , CVE-2025-22079 , CVE-2025-22080 , CVE-2025-22081 , CVE-2025-22083 , CVE-2025-22086 , CVE-2025-22088 , CVE-2025-22089 , CVE-2025-22090 , CVE-2025-22093 , CVE-2025-22095 , CVE-2025-22097 , CVE-2025-22119 , CVE-2025-23136 , CVE-2025-23138 , CVE-2025-37785 , CVE-2025-37893 , CVE-2025-38152 , CVE-2025-38240 , CVE-2025-38575 , CVE-2025-38637 , CVE-2025-39728 , CVE-2025-39735 Description Vanilla upstream kernel version 6.6.88 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-53034 , CVE-2025-21955 , CVE-2025-21956 , CVE-2025-21957 , CVE-2025-21959 , CVE-2025-21960 , CVE-2025-21962 , CVE-2025-21963 , CVE-2025-21964 , CVE-2025-21966 , CVE-2025-21967 , CVE-2025-21968 , CVE-2025-21969 , CVE-2025-21970 , CVE-2025-21971 , CVE-2025-21975 , CVE-2025-21978 , CVE-2025-21979 , CVE-2025-21980 , CVE-2025-21981 , CVE-2025-21986 , CVE-2025-21991 , CVE-2025-21992 , CVE-2025-21993 , CVE-2025-21994 , CVE-2025-21995 , CVE-2025-21996 , CVE-2025-21997 , CVE-2025-21999 , CVE-2025-22001 , CVE-2025-22003 , CVE-2025-22004 , CVE-2025-22005 , CVE-2025-22007 , CVE-2025-22008 , CVE-2025-22009 , CVE-2025-22010 , CVE-2025-22013 , CVE-2025-22014 , CVE-2025-22015 , CVE-2025-22018 , CVE-2025-22020 , CVE-2025-22021 , CVE-2025-22025 , CVE-2025-22027 , CVE-2025-22029 , CVE-2025-22033 , CVE-2025-22035 , CVE-2025-22038 , CVE-2025-22040 , CVE-2025-22041 , CVE-2025-22042 , CVE-2025-22043 , CVE-2025-22044 , CVE-2025-22045 , CVE-2025-22047 , CVE-2025-22048 , CVE-2025-22049 , CVE-2025-22050 , CVE-2025-22053 , CVE-2025-22054 , CVE-2025-22055 , CVE-2025-22056 , CVE-2025-22057 , CVE-2025-22058 , CVE-2025-22060 , CVE-2025-22063 , CVE-2025-22064 , CVE-2025-22066 , CVE-2025-22071 , CVE-2025-22072 , CVE-2025-22073 , CVE-2025-22074 , CVE-2025-22075 , CVE-2025-22077 , CVE-2025-22079 , CVE-2025-22080 , CVE-2025-22081 , CVE-2025-22083 , CVE-2025-22086 , CVE-2025-22088 , CVE-2025-22089 , CVE-2025-22090 , CVE-2025-22093 , CVE-2025-22095 , CVE-2025-22097 , CVE-2025-22119 , CVE-2025-23136 , CVE-2025-23138 , CVE-2025-37785 , CVE-2025-37893 , CVE-2025-38152 , CVE-2025-38240 , CVE-2025-38575 , CVE-2025-38637 , CVE-2025-39728 , CVE-2025-39735 Description Vanilla upstream kernel version 6.6.88 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=34191
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.80
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.81
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.82
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.83
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.84
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.85
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.86
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.87
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.88
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53034
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21955
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21956
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21957
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21959
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21960
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21962
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21963
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21964
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21966
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21967
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21968
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21969
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21970
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21971
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21975
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21978
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21979
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21980
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21981
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21986
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21991
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21992
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21993
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21994
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21995
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21996
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21997
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21999
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22001
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22003
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22004
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22005
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22007
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22008
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22009
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22010
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22014
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22015
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22018
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22020
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22021
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22025
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22027
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22029
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22033
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22035
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22038
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22040
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22041
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22042
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22043
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22044
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22045
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22047
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22048
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22049
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22050
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22053
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22054
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22055
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22057
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22058
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22060
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22063
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22064
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22066
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22071
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22072
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22073
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22074
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22075
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22077
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22079
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22080
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22081
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22083
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22086
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22088
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22089
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22090
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22093
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22095
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22119
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23136
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37785
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37893
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38152
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38240
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38575
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38637
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39728
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39735
- kernel-linus-6.6.88-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0145 - Updated tomcat packages fix security vulnerabilities
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31650 , CVE-2025-31651 Description DoS via malformed HTTP/2 PRIORITY_UPDATE frame. (CVE-2025-31650) Bypass of rules in Rewrite Valve. (CVE-2025-31651) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31650 , CVE-2025-31651 Description DoS via malformed HTTP/2 PRIORITY_UPDATE frame. (CVE-2025-31650) Bypass of rules in Rewrite Valve. (CVE-2025-31651) References
- https://bugs.mageia.org/show_bug.cgi?id=34231
- https://www.openwall.com/lists/oss-security/2025/04/28/2
- https://www.openwall.com/lists/oss-security/2025/04/28/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31650
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651
- tomcat-9.0.104-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0144 - Updated fcgi packages fix security vulnerability
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23016 Description FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. (CVE-2025-23016) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23016 Description FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. (CVE-2025-23016) References
- https://bugs.mageia.org/show_bug.cgi?id=34222
- https://www.openwall.com/lists/oss-security/2025/04/23/4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23016
- fcgi-2.4.0-22.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0143 - Updated poppler packages fix security vulnerabilitiy
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43903 Description NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. (CVE-2025-43903) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43903 Description NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. (CVE-2025-43903) References
- https://bugs.mageia.org/show_bug.cgi?id=34238
- https://ubuntu.com/security/notices/USN-7471-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43903
- poppler-23.02.0-1.6.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0044 - Updated mariadb packages fix bug
Publication date: 05 May 2025
Type: bugfix
Affected Mageia releases : 9
Description Due to an script error introduced in the previous update mariadb server was not able to start on a clean install. Updated installations were not affected. However, this update makes mariadb work on clean and updated installations. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Due to an script error introduced in the previous update mariadb server was not able to start on a clean install. Updated installations were not affected. However, this update makes mariadb work on clean and updated installations. References SRPMS 9/core
- mariadb-11.4.5-3.mga9
Categorías: Actualizaciones de Seguridad
