Lector de Feeds
MGASA-2025-0164 - Updated glibc packages fix security vulnerability
Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4802 Description An untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library versions 2.27 to 2.38 allows attacker-controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). (CVE-2025-4802) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4802 Description An untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library versions 2.27 to 2.38 allows attacker-controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). (CVE-2025-4802) References
- https://bugs.mageia.org/show_bug.cgi?id=34286
- https://www.openwall.com/lists/oss-security/2025/05/16/7
- https://www.openwall.com/lists/oss-security/2025/05/17/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802
- glibc-2.36-56.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0163 - Updated iputils packages fix security vulnerability
Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47268 Description ping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication. (CVE-2025-47268 References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47268 Description ping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication. (CVE-2025-47268 References
- https://bugs.mageia.org/show_bug.cgi?id=34297
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LHFUD3TRXO7AHOVSFWLKP2MKB77PEQBK/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47268
- iputils-20221126-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0162 - Updated zsync packages fix security vulnerabilities
Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4638 Description Improper Pointer Arithmetic in pcl. (CVE-2025-4638) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4638 Description Improper Pointer Arithmetic in pcl. (CVE-2025-4638) References
- https://bugs.mageia.org/show_bug.cgi?id=34301
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPTP7IW7Z54KXHWHH6JSVJ75RDCVQ4Z7/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4638
- zsync-0.6.2-11.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0161 - Updated nodejs packages fix security vulnerabilities
Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23165 , CVE-2025-23166 , CVE-2025-23167 Description Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo& args) when args[0] is a string. (CVE-2025-23165) Improper error handling in async cryptographic operations crashes process. (CVE-2025-23166) Improper HTTP header block termination in llhttp. (CVE-2025-23167) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23165 , CVE-2025-23166 , CVE-2025-23167 Description Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo& args) when args[0] is a string. (CVE-2025-23165) Improper error handling in async cryptographic operations crashes process. (CVE-2025-23166) Improper HTTP header block termination in llhttp. (CVE-2025-23167) References
- https://bugs.mageia.org/show_bug.cgi?id=34278
- https://nodejs.org/en/blog/vulnerability/may-2025-security-releases
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23165
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23166
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23167
- nodejs-22.16.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0160 - Updated microcode packages fix security vulnerabilities
Publication date: 23 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-28956 , CVE-2025-20103 , CVE-2025-20054 , CVE-2024-43420 , CVE-2025-20623 , CVE-2024-45332 , CVE-2025-24495 , CVE-2025-20012 Description Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-28956) Insufficient resource pool in the core management mechanism for some Intel® Processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-20103) Uncaught exception in the core management mechanism for some Intel® Processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-20054) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom® processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-43420) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel® Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2025-20623) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-45332) Incorrect initialization of resource in the branch prediction unit for some Intel® Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2025-24495) Incorrect behavior order for some Intel® Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. (CVE-2025-20012) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-28956 , CVE-2025-20103 , CVE-2025-20054 , CVE-2024-43420 , CVE-2025-20623 , CVE-2024-45332 , CVE-2025-24495 , CVE-2025-20012 Description Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-28956) Insufficient resource pool in the core management mechanism for some Intel® Processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-20103) Uncaught exception in the core management mechanism for some Intel® Processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-20054) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom® processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-43420) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel® Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2025-20623) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-45332) Incorrect initialization of resource in the branch prediction unit for some Intel® Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2025-24495) Incorrect behavior order for some Intel® Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. (CVE-2025-20012) References
- https://bugs.mageia.org/show_bug.cgi?id=34279
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28956
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20103
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20054
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43420
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20623
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45332
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24495
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20012
- microcode-0.20250512-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGASA-2025-0159 - Updated chromium-browser-stable packages fix security vulnerabilities
Publication date: 23 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4096 , CVE-2025-4050 , CVE-2025-4051 , CVE-2025-4052 , CVE-2025-4372 , CVE-2025-4664 , CVE-2025-4609 Description Heap buffer overflow in HTML. (CVE-2025-4096) Out of bounds memory access in DevTools. (CVE-2025-4050) Insufficient data validation in DevTools. (CVE-2025-4051) Inappropriate implementation in DevTools. (CVE-2025-4052) Use after free in WebAudio. (CVE-2025-4372) Insufficient policy enforcement in Loader. (CVE-2025-4664) Incorrect handle provided in unspecified circumstances in Mojo. (CVE-2025-4609) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4096 , CVE-2025-4050 , CVE-2025-4051 , CVE-2025-4052 , CVE-2025-4372 , CVE-2025-4664 , CVE-2025-4609 Description Heap buffer overflow in HTML. (CVE-2025-4096) Out of bounds memory access in DevTools. (CVE-2025-4050) Insufficient data validation in DevTools. (CVE-2025-4051) Inappropriate implementation in DevTools. (CVE-2025-4052) Use after free in WebAudio. (CVE-2025-4372) Insufficient policy enforcement in Loader. (CVE-2025-4664) Incorrect handle provided in unspecified circumstances in Mojo. (CVE-2025-4609) References
- https://bugs.mageia.org/show_bug.cgi?id=34235
- https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html
- https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4096
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4050
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4051
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4052
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4372
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4664
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4609
- chromium-browser-stable-136.0.7103.113-1.mga9.tainted
Categorías: Actualizaciones de Seguridad
MGAA-2025-0054 - Updated elisa packages fix bug
Publication date: 23 May 2025
Type: bugfix
Affected Mageia releases : 9
Description A missing runtime requirement meant that elisa couldn't play web radio stations. This update fixes the issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description A missing runtime requirement meant that elisa couldn't play web radio stations. This update fixes the issue. References SRPMS 9/core
- elisa-23.04.3-1.1.mga9
Categorías: Actualizaciones de Seguridad
