Lector de Feeds

Publication date: 25 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-52886 Description poppler uses std::atomic_int for reference counting. Because it is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. References

• https://bugs.mageia.org/show_bug.cgi?id=34485
• https://www.openwall.com/lists/oss-security/2025/07/11/5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52886

SRPMS 9/core

• poppler-23.02.0-1.7.mga9

Publication date: 25 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32462 , CVE-2025-32463 Description CVE-2025-32462 - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines CVE-2025-32463 - Sudo before 1.9.17p1 allows local users to obtain root access because "/etc/nsswitch.conf" from a user-controlled directory is used with the --chroot option. References

• https://bugs.mageia.org/show_bug.cgi?id=34409
• https://www.openwall.com/lists/oss-security/2025/06/30/2
• https://www.openwall.com/lists/oss-security/2025/06/30/3
• https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32462
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32463

SRPMS 9/core

• sudo-1.9.15p5-1.1.mga9

Publication date: 25 Jul 2025
Type: bugfix
Affected Mageia releases : 9
Description This is a bugfix update that sync the driver with the nvidia latest release. References

• https://bugs.mageia.org/show_bug.cgi?id=34499
• https://www.nvidia.com/en-us/drivers/details/249194/

SRPMS 9/core

• ldetect-lst-0.6.61-1.mga9

9/nonfree

• nvidia-current-570.172.08-2.mga9.nonfree