Lector de Feeds

MGASA-2025-0168 - Updated thunderbird packages fix security vulnerabilities

Mageia Security - 27 Mayo, 2025 - 19:46
Publication date: 27 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3875 , CVE-2025-3877 , CVE-2025-3909 , CVE-2025-3932 , CVE-2025-4918 , CVE-2025-4919 Description Sender Spoofing via Malformed From Header in Thunderbird. (CVE-2025-3875) Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. (CVE-2025-3877) JavaScript Execution via Spoofed PDF Attachment and file:/// Link. (CVE-2025-3909) Tracking Links in Attachments Bypassed Remote Content Blocking. (CVE-2025-3932) Out-of-bounds access when resolving Promise objects. (CVE-2025-4918) Out-of-bounds access when optimizing linear sums. (CVE-2025-4919) References SRPMS 9/core
  • thunderbird-128.10.2-1.mga9
  • thunderbird-l10n-128.10.2-1.mga9

MGASA-2025-0167 - Updated sqlite3 packages fix security vulnerability

Mageia Security - 27 Mayo, 2025 - 19:46
Publication date: 27 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-29088 Description In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect. (CVE-2025-29088) References SRPMS 9/core
  • sqlite3-3.40.1-1.2.mga9

MGASA-2025-0166 - Updated open-vm-tools packages fix security vulnerability

Mageia Security - 27 Mayo, 2025 - 19:46
Publication date: 27 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-22247 Description VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. (CVE-2025-22247) References SRPMS 9/core
  • open-vm-tools-12.3.5-2.1.mga9

MGASA-2025-0165 - Updated rootcerts, nss & firefox packages fix security vulnerabilities

Mageia Security - 27 Mayo, 2025 - 19:46
Publication date: 27 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4918 , CVE-2025-4919 Description Out-of-bounds access when resolving Promise objects. (CVE-2025-4918) Out-of-bounds access when optimizing linear sums. (CVE-2025-4919) References SRPMS 9/core
  • rootcerts-20250424.00-1.mga9
  • nss-3.111.0-1.mga9
  • firefox-128.10.1-2.mga9
  • firefox-l10n-128.10.1-1.mga9

Mageia 9 Errata

Wiki Mageia - 27 Mayo, 2025 - 18:53

‎Various software: update aegisub

← Older revision Revision as of 17:53, 27 May 2025 Line 357: Line 357:  {{Bug|32806}} - '''rtorrent''' crash (and gets automatically restarted). Upstream. {{Bug|32806}} - '''rtorrent''' crash (and gets automatically restarted). Upstream.    −{{Bug|33330}} - '''aegisub crashes at start in wayland session. - WORKAROUND:''' Start it from command line this way: {{cmd|<nowiki>env GDK_BACKEND=x11 aegisub</nowiki>}}. +'''FIXED BY [https://advisories.mageia.org/MGAA-2025-0055.html UPDATE]''' {{Bug|33330}} - '''aegisub''' crashes at start in wayland session.     '''FIXED BY UPDATE''' {{Bug|33366}} -  After first run '''neochat''' in light desktops can't start a new session once you quit from application icon in taskbar. It is fixed in the update, but if you already bite by this you note still can't start a new session, I hope you have your account data because you need to remove {{folder|~/.local/share/KDE/neochat}}, {{file|~/.config/neochatrc}}, {{file|~/.config/KDE/neochat.conf}}, {{folder|~/.cache/KDE/neochat}}. '''FIXED BY UPDATE''' {{Bug|33366}} -  After first run '''neochat''' in light desktops can't start a new session once you quit from application icon in taskbar. It is fixed in the update, but if you already bite by this you note still can't start a new session, I hope you have your account data because you need to remove {{folder|~/.local/share/KDE/neochat}}, {{file|~/.config/neochatrc}}, {{file|~/.config/KDE/neochat.conf}}, {{folder|~/.cache/KDE/neochat}}. Katnatek
Categorías: Wiki de Mageia

MGAA-2025-0055 - Updated aegisub packages fix bug

Mageia Security - 26 Mayo, 2025 - 18:52
Publication date: 26 May 2025
Type: bugfix
Affected Mageia releases : 9
Description aegisub crashes when run in a Wayland session. This update fixes the reported issue. References SRPMS 9/core
  • aegisub-3.4.2-1.mga9

MGASA-2025-0164 - Updated glibc packages fix security vulnerability

Mageia Security - 25 Mayo, 2025 - 00:25
Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4802 Description An untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library versions 2.27 to 2.38 allows attacker-controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). (CVE-2025-4802) References SRPMS 9/core
  • glibc-2.36-56.mga9

MGASA-2025-0163 - Updated iputils packages fix security vulnerability

Mageia Security - 25 Mayo, 2025 - 00:25
Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47268 Description ping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication. (CVE-2025-47268 References SRPMS 9/core
  • iputils-20221126-1.1.mga9
Feed