Lector de Feeds
MGASA-2025-0194 - Updated yarnpkg packages fix security vulnerabilities
Publication date: 25 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2020-7677 , CVE-2021-43138 , CVE-2022-3517 , CVE-2024-37890 , CVE-2024-48949 , CVE-2022-37599 , CVE-2023-26136 , CVE-2023-46234 , CVE-2024-12905 , CVE-2024-4067 , CVE-2025-48387 Description CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers. CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification. CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file And other vulnerabilities in the yarn's bundled nodejs components are fixed too, see the references. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2020-7677 , CVE-2021-43138 , CVE-2022-3517 , CVE-2024-37890 , CVE-2024-48949 , CVE-2022-37599 , CVE-2023-26136 , CVE-2023-46234 , CVE-2024-12905 , CVE-2024-4067 , CVE-2025-48387 Description CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers. CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification. CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file And other vulnerabilities in the yarn's bundled nodejs components are fixed too, see the references. References
- https://bugs.mageia.org/show_bug.cgi?id=33674
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UGLXZO6VIHGIITQTEUY5Q5YCAP2A4ZP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEDIJM7VQF4Q2L2KKQ6KJ2WZNR7AXYQD/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7677
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3517
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37890
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48949
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37599
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26136
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46234
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12905
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4067
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48387
- yarnpkg-1.22.22-0.10.9.2.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0193 - Updated python-django packages fix security vulnerability
Publication date: 25 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48432 Description Potential log injection via unescaped request path. (CVE-2025-48432) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48432 Description Potential log injection via unescaped request path. (CVE-2025-48432) References
- https://bugs.mageia.org/show_bug.cgi?id=34348
- https://www.openwall.com/lists/oss-security/2025/06/04/5
- https://www.openwall.com/lists/oss-security/2025/06/10/2
- https://ubuntu.com/security/notices/USN-7555-1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVFOPDCA45B4XTMYRHQUSJ7JCA56453W/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48432
- python-django-4.1.13-1.5.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0192 - Updated apache-mod_security packages fix security vulnerabilities
Publication date: 25 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47947 , CVE-2025-48866 Description ModSecurity Has Possible DoS Vulnerability. (CVE-2025-47947) ModSecurity has possible DoS vulnerability in sanitiseArg action. (CVE-2025-48866) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47947 , CVE-2025-48866 Description ModSecurity Has Possible DoS Vulnerability. (CVE-2025-47947) ModSecurity has possible DoS vulnerability in sanitiseArg action. (CVE-2025-48866) References
- https://bugs.mageia.org/show_bug.cgi?id=34362
- https://lists.debian.org/debian-security-announce/2025/msg00104.html
- https://ubuntu.com/security/notices/USN-7567-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47947
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48866
- apache-mod_security-2.9.7-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0191 - Updated tomcat packages fix security vulnerabilities
Publication date: 25 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48988 , CVE-2025-49125 Description FileUpload large number of parts with headers DoS. (CVE-2025-48988) Security constraint bypass for pre/post-resources. (CVE-2025-49125) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48988 , CVE-2025-49125 Description FileUpload large number of parts with headers DoS. (CVE-2025-48988) Security constraint bypass for pre/post-resources. (CVE-2025-49125) References
- https://bugs.mageia.org/show_bug.cgi?id=34376
- https://www.openwall.com/lists/oss-security/2025/06/16/1
- https://www.openwall.com/lists/oss-security/2025/06/16/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125
- tomcat-9.0.106-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0190 - Updated clamav packages fix security vulnerability
Publication date: 25 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-20260 Description Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution. (CVE-2025-20260) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-20260 Description Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution. (CVE-2025-20260) References
- https://bugs.mageia.org/show_bug.cgi?id=34387
- https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20260
- clamav-1.0.9-1.mga9
Categorías: Actualizaciones de Seguridad
