Lector de Feeds
MGASA-2025-0145 - Updated tomcat packages fix security vulnerabilities
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31650 , CVE-2025-31651 Description DoS via malformed HTTP/2 PRIORITY_UPDATE frame. (CVE-2025-31650) Bypass of rules in Rewrite Valve. (CVE-2025-31651) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31650 , CVE-2025-31651 Description DoS via malformed HTTP/2 PRIORITY_UPDATE frame. (CVE-2025-31650) Bypass of rules in Rewrite Valve. (CVE-2025-31651) References
- https://bugs.mageia.org/show_bug.cgi?id=34231
- https://www.openwall.com/lists/oss-security/2025/04/28/2
- https://www.openwall.com/lists/oss-security/2025/04/28/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31650
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651
- tomcat-9.0.104-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0144 - Updated fcgi packages fix security vulnerability
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23016 Description FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. (CVE-2025-23016) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23016 Description FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. (CVE-2025-23016) References
- https://bugs.mageia.org/show_bug.cgi?id=34222
- https://www.openwall.com/lists/oss-security/2025/04/23/4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23016
- fcgi-2.4.0-22.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0143 - Updated poppler packages fix security vulnerabilitiy
Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43903 Description NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. (CVE-2025-43903) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43903 Description NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. (CVE-2025-43903) References
- https://bugs.mageia.org/show_bug.cgi?id=34238
- https://ubuntu.com/security/notices/USN-7471-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43903
- poppler-23.02.0-1.6.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0044 - Updated mariadb packages fix bug
Publication date: 05 May 2025
Type: bugfix
Affected Mageia releases : 9
Description Due to an script error introduced in the previous update mariadb server was not able to start on a clean install. Updated installations were not affected. However, this update makes mariadb work on clean and updated installations. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Due to an script error introduced in the previous update mariadb server was not able to start on a clean install. Updated installations were not affected. However, this update makes mariadb work on clean and updated installations. References SRPMS 9/core
- mariadb-11.4.5-3.mga9
Categorías: Actualizaciones de Seguridad
