Lector de Feeds

Publication date: 21 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49091 Description KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code. (CVE-2025-49091) References

• https://bugs.mageia.org/show_bug.cgi?id=34364
• https://www.openwall.com/lists/oss-security/2025/06/10/5
• https://lists.debian.org/debian-security-announce/2025/msg00109.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49091

SRPMS 9/core

• konsole-23.04.3-1.2.mga9

Publication date: 21 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49844 , CVE-2025-46817 , CVE-2025-46818 , CVE-2025-46819 Description A Lua script may lead to remote code execution. (CVE-2025-49844) A Lua script may lead to integer overflow and potential RCE. (CVE-2025-46817) A Lua script can be executed in the context of another user. (CVE-2025-46818) LUA out-of-bound read. (CVE-2025-46819) References

• https://bugs.mageia.org/show_bug.cgi?id=34650
• https://www.openwall.com/lists/oss-security/2025/10/07/2
• https://github.com/redis/redis/releases/tag/7.2.11
• https://github.com/redis/redis/releases/tag/7.2.12
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49844
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46817
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46818
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46819

SRPMS 9/core

• redis-7.2.12-1.mga9