Lector de Feeds
MGAA-2026-0018 - Updated opencpn-s63-plugin & opencpn-o-charts-plugin packages fix bugs
Publication date: 17 Mar 2026
Type: bugfix
Affected Mageia releases : 9
Description OpenCPN plugins have seen lots of improvement since the versions already present in Mageia 9. They have been updated for Cauldron but sailors can't wait for Mageia 10 being published since these updates are necessary for their safety as early as this spring time. These two updates concern plugins containing non free binaries necessary to use encrypted paid nautical charts from countries which don't provide them freely ! References SRPMS 9/nonfree
Type: bugfix
Affected Mageia releases : 9
Description OpenCPN plugins have seen lots of improvement since the versions already present in Mageia 9. They have been updated for Cauldron but sailors can't wait for Mageia 10 being published since these updates are necessary for their safety as early as this spring time. These two updates concern plugins containing non free binaries necessary to use encrypted paid nautical charts from countries which don't provide them freely ! References SRPMS 9/nonfree
- opencpn-s63-plugin-1.30.9.1-1.mga9.nonfree
- opencpn-o-charts-plugin-2.1.9-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGAA-2026-0017 - Updated marnav packages fix bug
Publication date: 17 Mar 2026
Type: bugfix
Affected Mageia releases : 9
Description This update brings the last commits of this C++ library for MARitime NAVigation purposes. It may be needed to build or use programs for maritime navigation References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description This update brings the last commits of this C++ library for MARitime NAVigation purposes. It may be needed to build or use programs for maritime navigation References SRPMS 9/core
- marnav-0.14.0-8.git20230504.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0057 - Updated python-nltk packages fix security vulnerability
Publication date: 14 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-0847 Description Path Traversal in nltk/nltk. (CVE-2026-0847) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-0847 Description Path Traversal in nltk/nltk. (CVE-2026-0847) References
- https://bugs.mageia.org/show_bug.cgi?id=35188
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UERV2PU6W5DFFKA4ORZASCPJ2ZDGYTBX/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0847
- python-nltk-3.9.3-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0056 - Updated tomcat packages fix security vulnerabilities
Publication date: 14 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-66614 , CVE-2026-24733 , CVE-2026-24734 Description Client certificate verification bypass due to virtual host mapping. (CVE-2025-66614) Security constraint bypass with HTTP/0.9. (CVE-2026-24733) OCSP revocation bypass. (CVE-2026-24734) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-66614 , CVE-2026-24733 , CVE-2026-24734 Description Client certificate verification bypass due to virtual host mapping. (CVE-2025-66614) Security constraint bypass with HTTP/0.9. (CVE-2026-24733) OCSP revocation bypass. (CVE-2026-24734) References
- https://bugs.mageia.org/show_bug.cgi?id=35192
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/G27HXAIMRCGPRM6GBYQX7NUKNQS4RLJ4/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66614
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24733
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734
- tomcat-9.0.115-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0055 - Updated vim packages fix security vulnerability
Publication date: 14 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-32249 Description NFA regex engine NULL pointer dereference affects Vim < 9.2.0137. (CVE-2026-32249) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-32249 Description NFA regex engine NULL pointer dereference affects Vim < 9.2.0137. (CVE-2026-32249) References
- https://bugs.mageia.org/show_bug.cgi?id=35197
- https://www.openwall.com/lists/oss-security/2026/03/11/6
- https://github.com/vim/vim/security/advisories/GHSA-9phh-423r-778r
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32249
- vim-9.2.140-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0054 - Updated yt-dlp packages fix security vulnerability
Publication date: 10 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-26331 Description When yt-dlp's --netrc-cmd command-line option (or netrc_cmd Python API parameter) is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-26331 Description When yt-dlp's --netrc-cmd command-line option (or netrc_cmd Python API parameter) is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. References
- https://bugs.mageia.org/show_bug.cgi?id=35183
- https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-g3gw-q23r-pgqm
- https://github.com/yt-dlp/yt-dlp/compare/2026.02.04...2026.03.03
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26331
- yt-dlp-2026.03.03-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0053 - Updated thunderbird packages fix security vulnerabilities
Publication date: 09 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2757 , CVE-2026-2758 , CVE-2026-2759 , CVE-2026-2760 , CVE-2026-2761 , CVE-2026-2762 , CVE-2026-2763 , CVE-2026-2764 , CVE-2026-2765 , CVE-2026-2766 , CVE-2026-2767 , CVE-2026-2768 , CVE-2026-2769 , CVE-2026-2770 , CVE-2026-2771 , CVE-2026-2772 , CVE-2026-2773 , CVE-2026-2774 , CVE-2026-2775 , CVE-2026-2776 , CVE-2026-2777 , CVE-2026-2778 , CVE-2026-2779 , CVE-2026-2780 , CVE-2026-2782 , CVE-2026-2783 , CVE-2026-2784 , CVE-2026-2785 , CVE-2026-2786 , CVE-2026-2787 , CVE-2026-2788 , CVE-2026-2789 , CVE-2026-2790 , CVE-2026-2791 , CVE-2026-2792 , CVE-2026-2793 Description Incorrect boundary conditions in the WebRTC: Audio/Video component. (CVE-2026-2757) Use-after-free in the JavaScript: GC component. (CVE-2026-2758) Incorrect boundary conditions in the Graphics: ImageLib component. (CVE-2026-2759) Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. (CVE-2026-2760) Sandbox escape in the Graphics: WebRender component. (CVE-2026-2761) Integer overflow in the JavaScript: Standard Library component. (CVE-2026-2762) Use-after-free in the JavaScript Engine component. (CVE-2026-2763) JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. (CVE-2026-2764) Use-after-free in the JavaScript Engine component. (CVE-2026-2765) Use-after-free in the JavaScript Engine: JIT component. (CVE-2026-2766) Use-after-free in the JavaScript: WebAssembly component. (CVE-2026-2767) Sandbox escape in the Storage: IndexedDB component. (CVE-2026-2768) Use-after-free in the Storage: IndexedDB component. (CVE-2026-2769) Use-after-free in the DOM: Bindings (WebIDL) component. (CVE-2026-2770) Undefined behavior in the DOM: Core & HTML component. (CVE-2026-2771) Use-after-free in the Audio/Video: Playback component. (CVE-2026-2772) Incorrect boundary conditions in the Web Audio component. (CVE-2026-2773) Integer overflow in the Audio/Video component. (CVE-2026-2774) Mitigation bypass in the DOM: HTML Parser component. (CVE-2026-2775) Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. (CVE-2026-2776) Privilege escalation in the Messaging System component. (CVE-2026-2777) Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. (CVE-2026-2778) Incorrect boundary conditions in the Networking: JAR component. (CVE-2026-2779) Privilege escalation in the Netmonitor component. (CVE-2026-2780) Privilege escalation in the Netmonitor component. (CVE-2026-2782) Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. (CVE-2026-2783) Mitigation bypass in the DOM: Security component. (CVE-2026-2784) Invalid pointer in the JavaScript Engine component. (CVE-2026-2785) Use-after-free in the JavaScript Engine component. (CVE-2026-2786) Use-after-free in the DOM: Window and Location component. (CVE-2026-2787) Incorrect boundary conditions in the Audio/Video: GMP component. (CVE-2026-2788) Use-after-free in the Graphics: ImageLib component. (CVE-2026-2789) Same-origin policy bypass in the Networking: JAR component. (CVE-2026-2790) Mitigation bypass in the Networking: Cache component. (CVE-2026-2791) Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. (CVE-2026-2792) Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. (CVE-2026-2793) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2757 , CVE-2026-2758 , CVE-2026-2759 , CVE-2026-2760 , CVE-2026-2761 , CVE-2026-2762 , CVE-2026-2763 , CVE-2026-2764 , CVE-2026-2765 , CVE-2026-2766 , CVE-2026-2767 , CVE-2026-2768 , CVE-2026-2769 , CVE-2026-2770 , CVE-2026-2771 , CVE-2026-2772 , CVE-2026-2773 , CVE-2026-2774 , CVE-2026-2775 , CVE-2026-2776 , CVE-2026-2777 , CVE-2026-2778 , CVE-2026-2779 , CVE-2026-2780 , CVE-2026-2782 , CVE-2026-2783 , CVE-2026-2784 , CVE-2026-2785 , CVE-2026-2786 , CVE-2026-2787 , CVE-2026-2788 , CVE-2026-2789 , CVE-2026-2790 , CVE-2026-2791 , CVE-2026-2792 , CVE-2026-2793 Description Incorrect boundary conditions in the WebRTC: Audio/Video component. (CVE-2026-2757) Use-after-free in the JavaScript: GC component. (CVE-2026-2758) Incorrect boundary conditions in the Graphics: ImageLib component. (CVE-2026-2759) Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. (CVE-2026-2760) Sandbox escape in the Graphics: WebRender component. (CVE-2026-2761) Integer overflow in the JavaScript: Standard Library component. (CVE-2026-2762) Use-after-free in the JavaScript Engine component. (CVE-2026-2763) JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. (CVE-2026-2764) Use-after-free in the JavaScript Engine component. (CVE-2026-2765) Use-after-free in the JavaScript Engine: JIT component. (CVE-2026-2766) Use-after-free in the JavaScript: WebAssembly component. (CVE-2026-2767) Sandbox escape in the Storage: IndexedDB component. (CVE-2026-2768) Use-after-free in the Storage: IndexedDB component. (CVE-2026-2769) Use-after-free in the DOM: Bindings (WebIDL) component. (CVE-2026-2770) Undefined behavior in the DOM: Core & HTML component. (CVE-2026-2771) Use-after-free in the Audio/Video: Playback component. (CVE-2026-2772) Incorrect boundary conditions in the Web Audio component. (CVE-2026-2773) Integer overflow in the Audio/Video component. (CVE-2026-2774) Mitigation bypass in the DOM: HTML Parser component. (CVE-2026-2775) Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. (CVE-2026-2776) Privilege escalation in the Messaging System component. (CVE-2026-2777) Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. (CVE-2026-2778) Incorrect boundary conditions in the Networking: JAR component. (CVE-2026-2779) Privilege escalation in the Netmonitor component. (CVE-2026-2780) Privilege escalation in the Netmonitor component. (CVE-2026-2782) Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. (CVE-2026-2783) Mitigation bypass in the DOM: Security component. (CVE-2026-2784) Invalid pointer in the JavaScript Engine component. (CVE-2026-2785) Use-after-free in the JavaScript Engine component. (CVE-2026-2786) Use-after-free in the DOM: Window and Location component. (CVE-2026-2787) Incorrect boundary conditions in the Audio/Video: GMP component. (CVE-2026-2788) Use-after-free in the Graphics: ImageLib component. (CVE-2026-2789) Same-origin policy bypass in the Networking: JAR component. (CVE-2026-2790) Mitigation bypass in the Networking: Cache component. (CVE-2026-2791) Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. (CVE-2026-2792) Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. (CVE-2026-2793) References
- https://bugs.mageia.org/show_bug.cgi?id=35166
- https://www.thunderbird.net/en-US/thunderbird/140.8.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2757
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2758
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2759
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2760
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2761
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2762
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2763
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2764
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2765
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2766
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2767
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2768
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2769
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2770
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2771
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2772
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2773
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2774
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2775
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2776
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2777
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2778
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2779
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2780
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2782
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2783
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2784
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2785
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2786
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2787
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2788
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2789
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2790
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2791
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2792
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2793
- thunderbird-140.8.0-1.mga9
- thunderbird-l10n-140.8.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0052 - Updated rootcerts, nss & firefox packages fix security vulnerabilities
Publication date: 09 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2757 , CVE-2026-2758 , CVE-2026-2759 , CVE-2026-2760 , CVE-2026-2761 , CVE-2026-2762 , CVE-2026-2763 , CVE-2026-2764 , CVE-2026-2765 , CVE-2026-2766 , CVE-2026-2767 , CVE-2026-2768 , CVE-2026-2769 , CVE-2026-2770 , CVE-2026-2771 , CVE-2026-2772 , CVE-2026-2773 , CVE-2026-2774 , CVE-2026-2775 , CVE-2026-2776 , CVE-2026-2777 , CVE-2026-2778 , CVE-2026-2779 , CVE-2026-2780 , CVE-2026-2781 , CVE-2026-2782 , CVE-2026-2783 , CVE-2026-2784 , CVE-2026-2785 , CVE-2026-2786 , CVE-2026-2787 , CVE-2026-2788 , CVE-2026-2789 , CVE-2026-2790 , CVE-2026-2791 , CVE-2026-2792 , CVE-2026-2793 Description Incorrect boundary conditions in the WebRTC: Audio/Video component. (CVE-2026-2757) Use-after-free in the JavaScript: GC component. (CVE-2026-2758) Incorrect boundary conditions in the Graphics: ImageLib component. (CVE-2026-2759) Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. (CVE-2026-2760) Sandbox escape in the Graphics: WebRender component. (CVE-2026-2761) Integer overflow in the JavaScript: Standard Library component. (CVE-2026-2762) Use-after-free in the JavaScript Engine component. (CVE-2026-2763) JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. (CVE-2026-2764) Use-after-free in the JavaScript Engine component. (CVE-2026-2765) Use-after-free in the JavaScript Engine: JIT component. (CVE-2026-2766) Use-after-free in the JavaScript: WebAssembly component. (CVE-2026-2767) Sandbox escape in the Storage: IndexedDB component. (CVE-2026-2768) Use-after-free in the Storage: IndexedDB component. (CVE-2026-2769) Use-after-free in the DOM: Bindings (WebIDL) component. (CVE-2026-2770) Undefined behavior in the DOM: Core & HTML component. (CVE-2026-2771) Use-after-free in the Audio/Video: Playback component. (CVE-2026-2772) Incorrect boundary conditions in the Web Audio component. (CVE-2026-2773) Integer overflow in the Audio/Video component. (CVE-2026-2774) Mitigation bypass in the DOM: HTML Parser component. (CVE-2026-2775) Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. (CVE-2026-2776) Privilege escalation in the Messaging System component. (CVE-2026-2777) Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. (CVE-2026-2778) Incorrect boundary conditions in the Networking: JAR component. (CVE-2026-2779) Privilege escalation in the Netmonitor component. (CVE-2026-2780) Integer overflow in the Libraries component in NSS. (CVE-2026-2781) Privilege escalation in the Netmonitor component. (CVE-2026-2782) Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. (CVE-2026-2783) Mitigation bypass in the DOM: Security component. (CVE-2026-2784) Invalid pointer in the JavaScript Engine component. (CVE-2026-2785) Use-after-free in the JavaScript Engine component. (CVE-2026-2786) Use-after-free in the DOM: Window and Location component. (CVE-2026-2787) Incorrect boundary conditions in the Audio/Video: GMP component. (CVE-2026-2788) Use-after-free in the Graphics: ImageLib component. (CVE-2026-2789) Same-origin policy bypass in the Networking: JAR component. (CVE-2026-2790) Mitigation bypass in the Networking: Cache component. (CVE-2026-2791) Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. (CVE-2026-2792) Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. (CVE-2026-2793) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2757 , CVE-2026-2758 , CVE-2026-2759 , CVE-2026-2760 , CVE-2026-2761 , CVE-2026-2762 , CVE-2026-2763 , CVE-2026-2764 , CVE-2026-2765 , CVE-2026-2766 , CVE-2026-2767 , CVE-2026-2768 , CVE-2026-2769 , CVE-2026-2770 , CVE-2026-2771 , CVE-2026-2772 , CVE-2026-2773 , CVE-2026-2774 , CVE-2026-2775 , CVE-2026-2776 , CVE-2026-2777 , CVE-2026-2778 , CVE-2026-2779 , CVE-2026-2780 , CVE-2026-2781 , CVE-2026-2782 , CVE-2026-2783 , CVE-2026-2784 , CVE-2026-2785 , CVE-2026-2786 , CVE-2026-2787 , CVE-2026-2788 , CVE-2026-2789 , CVE-2026-2790 , CVE-2026-2791 , CVE-2026-2792 , CVE-2026-2793 Description Incorrect boundary conditions in the WebRTC: Audio/Video component. (CVE-2026-2757) Use-after-free in the JavaScript: GC component. (CVE-2026-2758) Incorrect boundary conditions in the Graphics: ImageLib component. (CVE-2026-2759) Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. (CVE-2026-2760) Sandbox escape in the Graphics: WebRender component. (CVE-2026-2761) Integer overflow in the JavaScript: Standard Library component. (CVE-2026-2762) Use-after-free in the JavaScript Engine component. (CVE-2026-2763) JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. (CVE-2026-2764) Use-after-free in the JavaScript Engine component. (CVE-2026-2765) Use-after-free in the JavaScript Engine: JIT component. (CVE-2026-2766) Use-after-free in the JavaScript: WebAssembly component. (CVE-2026-2767) Sandbox escape in the Storage: IndexedDB component. (CVE-2026-2768) Use-after-free in the Storage: IndexedDB component. (CVE-2026-2769) Use-after-free in the DOM: Bindings (WebIDL) component. (CVE-2026-2770) Undefined behavior in the DOM: Core & HTML component. (CVE-2026-2771) Use-after-free in the Audio/Video: Playback component. (CVE-2026-2772) Incorrect boundary conditions in the Web Audio component. (CVE-2026-2773) Integer overflow in the Audio/Video component. (CVE-2026-2774) Mitigation bypass in the DOM: HTML Parser component. (CVE-2026-2775) Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. (CVE-2026-2776) Privilege escalation in the Messaging System component. (CVE-2026-2777) Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. (CVE-2026-2778) Incorrect boundary conditions in the Networking: JAR component. (CVE-2026-2779) Privilege escalation in the Netmonitor component. (CVE-2026-2780) Integer overflow in the Libraries component in NSS. (CVE-2026-2781) Privilege escalation in the Netmonitor component. (CVE-2026-2782) Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. (CVE-2026-2783) Mitigation bypass in the DOM: Security component. (CVE-2026-2784) Invalid pointer in the JavaScript Engine component. (CVE-2026-2785) Use-after-free in the JavaScript Engine component. (CVE-2026-2786) Use-after-free in the DOM: Window and Location component. (CVE-2026-2787) Incorrect boundary conditions in the Audio/Video: GMP component. (CVE-2026-2788) Use-after-free in the Graphics: ImageLib component. (CVE-2026-2789) Same-origin policy bypass in the Networking: JAR component. (CVE-2026-2790) Mitigation bypass in the Networking: Cache component. (CVE-2026-2791) Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. (CVE-2026-2792) Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. (CVE-2026-2793) References
- https://bugs.mageia.org/show_bug.cgi?id=35165
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_121.html
- https://www.firefox.com/en-US/firefox/140.8.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2757
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2758
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2759
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2760
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2761
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2762
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2763
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2764
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2765
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2766
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2767
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2768
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2769
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2770
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2771
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2772
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2773
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2774
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2775
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2776
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2777
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2778
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2779
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2780
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2782
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2783
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2784
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2785
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2786
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2787
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2788
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2789
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2790
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2791
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2792
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2793
- rootcerts-20260206.00-1.mga9
- nss-3.121.0-1.mga9
- firefox-140.8.0-1.mga9
- firefox-l10n-140.8.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0051 - Updated coturn packages fix security vulnerability
Publication date: 09 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-27624 Description IPv4-mapped IPv6 (::ffff:0:0/96) bypasses denied-peer-ip ACL. (CVE-2026-27624) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-27624 Description IPv4-mapped IPv6 (::ffff:0:0/96) bypasses denied-peer-ip ACL. (CVE-2026-27624) References
- https://bugs.mageia.org/show_bug.cgi?id=35179
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37LHFMZ3OPUJRL3DZ3WVCJ7FO62HMVUT/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27624
- coturn-4.6.2-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0050 - Updated python-django packages fix security vulnerability
Publication date: 06 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-25674 Description Potential incorrect permissions on newly created file system objects. (CVE-2026-25674) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-25674 Description Potential incorrect permissions on newly created file system objects. (CVE-2026-25674) References
- https://bugs.mageia.org/show_bug.cgi?id=35176
- https://www.openwall.com/lists/oss-security/2026/03/03/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25674
- python-django-4.1.13-1.11.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0049 - Updated vim packages fix security vulnerabilities
Publication date: 06 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-28417 , CVE-2026-28418 , CVE-2026-28419 , CVE-2026-28420 , CVE-2026-28421 , CVE-2026-28422 Description OS Command Injection in netrw affects Vim < 9.2.0073. (CVE-2026-28417) Heap-based Buffer Overflow in Emacs tags parsing affects Vim < 9.2.0074. (CVE-2026-28418) Heap-based Buffer Underflow in Emacs tags parsing affects Vim < 9.2.0075. (CVE-2026-28419) Heap-based Buffer Overflow and OOB Read in :terminal affects Vim < 9.2.0076. (CVE-2026-28420) Multiple Vulnerabilities in Swap File Recovery affect Vim < 9.2.0077. (CVE-2026-28421) Stack-buffer-overflow in build_stl_str_hl() affects Vim < 9.2.0078. (CVE-2026-28422) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-28417 , CVE-2026-28418 , CVE-2026-28419 , CVE-2026-28420 , CVE-2026-28421 , CVE-2026-28422 Description OS Command Injection in netrw affects Vim < 9.2.0073. (CVE-2026-28417) Heap-based Buffer Overflow in Emacs tags parsing affects Vim < 9.2.0074. (CVE-2026-28418) Heap-based Buffer Underflow in Emacs tags parsing affects Vim < 9.2.0075. (CVE-2026-28419) Heap-based Buffer Overflow and OOB Read in :terminal affects Vim < 9.2.0076. (CVE-2026-28420) Multiple Vulnerabilities in Swap File Recovery affect Vim < 9.2.0077. (CVE-2026-28421) Stack-buffer-overflow in build_stl_str_hl() affects Vim < 9.2.0078. (CVE-2026-28422) References
- https://bugs.mageia.org/show_bug.cgi?id=35167
- https://www.openwall.com/lists/oss-security/2026/02/27/6
- https://www.openwall.com/lists/oss-security/2026/02/27/7
- https://www.openwall.com/lists/oss-security/2026/02/27/8
- https://www.openwall.com/lists/oss-security/2026/02/27/9
- https://www.openwall.com/lists/oss-security/2026/02/27/10
- https://www.openwall.com/lists/oss-security/2026/02/27/11
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28417
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28418
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28419
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28420
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28421
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28422
- vim-9.2.106-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0048 - Updated rsync packages fix security vulnerability
Publication date: 06 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-10158 Description Out of bounds array access via negative index. (CVE-2025-10158) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-10158 Description Out of bounds array access via negative index. (CVE-2025-10158) References
- https://bugs.mageia.org/show_bug.cgi?id=35177
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QZOPBIA4TYYH7HBPKXO4XFIWVXML27HR/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10158
- rsync-3.2.7-1.3.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2026-0016 - Updated libsolv packages fix bug
Publication date: 26 Feb 2026
Type: bugfix
Affected Mageia releases : 9
Description The update includes a patch from Fedora which allows the production of metadata for python3-libsolv. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description The update includes a patch from Fedora which allows the production of metadata for python3-libsolv. References SRPMS 9/core
- libsolv-0.7.35-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0047 - Updated gegl packages fix security vulnerabilities
Publication date: 23 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2049 , CVE-2026-2050 Description ZDI-CAN-28618: New Vulnerability Report at rgbe.c. (CVE-2026-2049) ZDI-CAN-28266: New Vulnerability Report at rgbe.c. (CVE-2026-2050) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2049 , CVE-2026-2050 Description ZDI-CAN-28618: New Vulnerability Report at rgbe.c. (CVE-2026-2049) ZDI-CAN-28266: New Vulnerability Report at rgbe.c. (CVE-2026-2050) References
- https://bugs.mageia.org/show_bug.cgi?id=35147
- https://lists.debian.org/debian-security-announce/2026/msg00051.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2049
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2050
- gegl-0.4.42-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0046 - Updated freerdp packages fix security vulnerabilities
Publication date: 22 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-23530 , CVE-2026-23531 , CVE-2026-23532 , CVE-2026-23533 , CVE-2026-23534 , CVE-2026-23948 , CVE-2026-24491 , CVE-2026-24675 , CVE-2026-24676 , CVE-2026-24677 , CVE-2026-24678 , CVE-2026-24679 , CVE-2026-24680 , CVE-2026-24681 , CVE-2026-24682 , CVE-2026-24683 , CVE-2026-24684 Description FreeRDP has heap-buffer-overflow in planar_decompress_plane_rle. (CVE-2026-23530) FreeRDP has heap-buffer-overflow in clear_decompress. (CVE-2026-23531) FreeRDP has heap-buffer-overflow in gdi_SurfaceToSurface. (CVE-2026-23532) FreeRDP has heap-buffer-overflow in clear_decompress_residual_data. (CVE-2026-23533) FreeRDP has heap-buffer-overflow in clear_decompress_bands_data. (CVE-2026-23534) FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2(). (CVE-2026-23948) FreeRDP has a heap-use-after-free in video_timer. (CVE-2026-24491) FreeRDP has a Heap-use-after-free in urb_select_interface. (CVE-2026-24675) FreeRDP has a heap-use-after-free in audio_format_compatible. (CVE-2026-24676) FreeRDP has a heap-buffer-overflow in ecam_encoder_compress_h264. (CVE-2026-24677) FreeRDP has a Heap-use-after-free in cam_v4l_stream_capture_thread. (CVE-2026-24678) FreeRDP has a heap-buffer-overflow in urb_select_interface. (CVE-2026-24679) FreeRDP has a heap-use-after-free in update_pointer_new(SDL). (CVE-2026-24680) FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb. (CVE-2026-24681) FreeRDP has a Heap-buffer-overflow in audio_formats_free. (CVE-2026-24682) FreeRDP has a heap-use-after-free in ainput_send_input_event. (CVE-2026-24683) FreeRDP has a Heap-use-after-free in play_thread. (CVE-2026-24684) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-23530 , CVE-2026-23531 , CVE-2026-23532 , CVE-2026-23533 , CVE-2026-23534 , CVE-2026-23948 , CVE-2026-24491 , CVE-2026-24675 , CVE-2026-24676 , CVE-2026-24677 , CVE-2026-24678 , CVE-2026-24679 , CVE-2026-24680 , CVE-2026-24681 , CVE-2026-24682 , CVE-2026-24683 , CVE-2026-24684 Description FreeRDP has heap-buffer-overflow in planar_decompress_plane_rle. (CVE-2026-23530) FreeRDP has heap-buffer-overflow in clear_decompress. (CVE-2026-23531) FreeRDP has heap-buffer-overflow in gdi_SurfaceToSurface. (CVE-2026-23532) FreeRDP has heap-buffer-overflow in clear_decompress_residual_data. (CVE-2026-23533) FreeRDP has heap-buffer-overflow in clear_decompress_bands_data. (CVE-2026-23534) FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2(). (CVE-2026-23948) FreeRDP has a heap-use-after-free in video_timer. (CVE-2026-24491) FreeRDP has a Heap-use-after-free in urb_select_interface. (CVE-2026-24675) FreeRDP has a heap-use-after-free in audio_format_compatible. (CVE-2026-24676) FreeRDP has a heap-buffer-overflow in ecam_encoder_compress_h264. (CVE-2026-24677) FreeRDP has a Heap-use-after-free in cam_v4l_stream_capture_thread. (CVE-2026-24678) FreeRDP has a heap-buffer-overflow in urb_select_interface. (CVE-2026-24679) FreeRDP has a heap-use-after-free in update_pointer_new(SDL). (CVE-2026-24680) FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb. (CVE-2026-24681) FreeRDP has a Heap-buffer-overflow in audio_formats_free. (CVE-2026-24682) FreeRDP has a heap-use-after-free in ainput_send_input_event. (CVE-2026-24683) FreeRDP has a Heap-use-after-free in play_thread. (CVE-2026-24684) References
- https://bugs.mageia.org/show_bug.cgi?id=35038
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3PECP75D65BGMOXX4VA6VFZW5A365UOB/
- https://www.openwall.com/lists/oss-security/2026/02/09/8
- https://www.openwall.com/lists/oss-security/2026/02/10/1
- https://ubuntu.com/security/notices/USN-8004-1
- https://ubuntu.com/security/notices/USN-8042-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23530
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23531
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23532
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23533
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23534
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23948
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24491
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24675
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24676
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24677
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24678
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24679
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24680
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24681
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24682
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24683
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24684
- freerdp-2.11.7-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2026-0015 - Updated webkit2 packages fix bug
Publication date: 22 Feb 2026
Type: bugfix
Affected Mageia releases : 9
Description The updated packages fix several crashes and rendering issues. References
Type: bugfix
Affected Mageia releases : 9
Description The updated packages fix several crashes and rendering issues. References
- https://bugs.mageia.org/show_bug.cgi?id=35144
- https://webkitgtk.org/2026/02/09/webkitgtk2.50.5-released.html
- webkit2-2.50.5-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0045 - Updated gnutls packages fix security vulnerability
Publication date: 20 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14831 Description Denial of service via excessive resource consumption during certificate verification. (CVE-2025-14831) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14831 Description Denial of service via excessive resource consumption during certificate verification. (CVE-2025-14831) References
- https://bugs.mageia.org/show_bug.cgi?id=35114
- https://www.openwall.com/lists/oss-security/2026/02/09/6
- https://lists.debian.org/debian-security-announce/2026/msg00049.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831
- gnutls-3.8.4-1.4.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0044 - Updated libvpx packages fix security vulnerability
Publication date: 20 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2447 Description Heap buffer overflow in libvpx. (CVE-2026-2447) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2447 Description Heap buffer overflow in libvpx. (CVE-2026-2447) References
- https://bugs.mageia.org/show_bug.cgi?id=35137
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-10/
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-11/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447
- libvpx-1.12.0-1.5.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2026-0014 - Updated mariadb packages fix bug
Publication date: 20 Feb 2026
Type: bugfix
Affected Mageia releases : 9
Description Updated mariadb package fix crashes when not using grant tables. The latest update introduced a bug which makes mariadb crash in case it was started with skip-grant-tables. E.g. akonadi uses mariadb as a backend and does not use the rights management. This update fixes the issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Updated mariadb package fix crashes when not using grant tables. The latest update introduced a bug which makes mariadb crash in case it was started with skip-grant-tables. E.g. akonadi uses mariadb as a backend and does not use the rights management. This update fixes the issue. References SRPMS 9/core
- mariadb-11.4.10-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2026-0013 - Updated sddm-theme-coffee-ng packages fix bug
Publication date: 20 Feb 2026
Type: bugfix
Affected Mageia releases : 9
Description Minor fixes to our alternative sddm theme. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Minor fixes to our alternative sddm theme. References SRPMS 9/core
- sddm-theme-coffee-ng-2.0-1.2.mga9
Categorías: Actualizaciones de Seguridad
