Lector de Feeds
MGASA-2025-0321 - Updated xkbcomp packages fix security vulnerabilities
Publication date: 04 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2018-15853 , CVE-2018-15859 , CVE-2018-15861 , CVE-2018-15863 Description Endless recursion in xkbcomp/expr.c resulting in a crash. (CVE-2018-15853) NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash. (CVE-2018-15859) NULL pointer dereference in ExprResolveLhs resulting in a crash. (CVE-2018-15861) NULL pointer dereference in ResolveStateAndPredicate resulting in a crash. (CVE-2018-15863) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2018-15853 , CVE-2018-15859 , CVE-2018-15861 , CVE-2018-15863 Description Endless recursion in xkbcomp/expr.c resulting in a crash. (CVE-2018-15853) NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash. (CVE-2018-15859) NULL pointer dereference in ExprResolveLhs resulting in a crash. (CVE-2018-15861) NULL pointer dereference in ResolveStateAndPredicate resulting in a crash. (CVE-2018-15863) References
- https://bugs.mageia.org/show_bug.cgi?id=34796
- https://www.openwall.com/lists/oss-security/2025/12/03/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15853
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15859
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15861
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15863
- xkbcomp-1.4.6-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0320 - Updated python-django packages fix security vulnerabilities
Publication date: 04 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13372 , CVE-2025-64460 Description Potential SQL injection in FilteredRelation column aliases on PostgreSQL. (CVE-2025-13372) Potential denial-of-service vulnerability in XML serializer text extraction. (CVE-2025-64460) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13372 , CVE-2025-64460 Description Potential SQL injection in FilteredRelation column aliases on PostgreSQL. (CVE-2025-13372) Potential denial-of-service vulnerability in XML serializer text extraction. (CVE-2025-64460) References
- https://bugs.mageia.org/show_bug.cgi?id=34795
- https://www.openwall.com/lists/oss-security/2025/12/02/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
- python-django-4.1.13-1.9.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0319 - Updated webkit2 packages fix security vulnerabilities
Publication date: 04 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43392 , CVE-2025-43419 , CVE-2025-43425 , CVE-2025-43427 , CVE-2025-43429 , CVE-2025-43430 , CVE-2025-43431 , CVE-2025-43432 , CVE-2025-43434 , CVE-2025-43440 , CVE-2025-43443 , CVE-2025-43421 Description The updated packages fix security vulnerabilities: CVE-2025-43392, CVE-2025-43419, CVE-2025-43425, CVE-2025-43427, CVE-2025-43429, CVE-2025-43430, CVE-2025-43431, CVE-2025-43432, CVE-2025-43434, CVE-2025-43440, CVE-2025-43443, CVE-2025-43421. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43392 , CVE-2025-43419 , CVE-2025-43425 , CVE-2025-43427 , CVE-2025-43429 , CVE-2025-43430 , CVE-2025-43431 , CVE-2025-43432 , CVE-2025-43434 , CVE-2025-43440 , CVE-2025-43443 , CVE-2025-43421 Description The updated packages fix security vulnerabilities: CVE-2025-43392, CVE-2025-43419, CVE-2025-43425, CVE-2025-43427, CVE-2025-43429, CVE-2025-43430, CVE-2025-43431, CVE-2025-43432, CVE-2025-43434, CVE-2025-43440, CVE-2025-43443, CVE-2025-43421. References
- https://bugs.mageia.org/show_bug.cgi?id=34792
- https://webkitgtk.org/security/WSA-2025-0008.html
- https://webkitgtk.org/2025/11/19/webkitgtk2.50.2-released.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43392
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43419
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43425
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43427
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43429
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43430
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43431
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43432
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43434
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43440
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43443
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43421
- webkit2-2.50.2-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0318 - Updated unbound packages fix security vulnerabilities
Publication date: 04 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-11411 Description Possible domain hijacking via promiscuous records in the authority section. (CVE-2025-11411). Previous fixes for CVE-2025-11411 released with Unbound 1.24.1 were not complete. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-11411 Description Possible domain hijacking via promiscuous records in the authority section. (CVE-2025-11411). Previous fixes for CVE-2025-11411 released with Unbound 1.24.1 were not complete. References
- https://bugs.mageia.org/show_bug.cgi?id=34785
- https://advisories.mageia.org/MGASA-2025-0273.html
- https://www.openwall.com/lists/oss-security/2025/11/26/4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11411
- unbound-1.24.2-1.mga9
Categorías: Actualizaciones de Seguridad
