Lector de Feeds

Publication date: 17 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8671 Description It was discovered that a denial of service attack can be performed on cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the session, causing the server to consume unnecessary resources processing requests for which the response will not be delivered (CVE-2025-8671). References

• https://bugs.mageia.org/show_bug.cgi?id=34587
• https://www.openwall.com/lists/oss-security/2025/08/13/6
• https://www.openwall.com/lists/oss-security/2025/08/16/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8671

SRPMS 9/core

• varnish-7.7.3-1.mga9
• lighttpd-1.4.80-1.3.mga9

Publication date: 14 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-61962 Description It was discovered that fetchmail's SMTP client, when configured to authenticate, is susceptible to a protocol violation where, when a trusted but malicious or malfunctioning SMTP server responds to an authentication request with a "334" code but without a following blank on the line, it will attempt to start reading from memory address 0x1 to parse the server's SASL challenge. This event will usually cause a crash of fetchmail (CVE-2025-61962). References

• https://bugs.mageia.org/show_bug.cgi?id=34644
• https://www.openwall.com/lists/oss-security/2025/10/03/2
• https://www.openwall.com/lists/oss-security/2025/10/04/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61962

SRPMS 9/core

• fetchmail-6.5.6-1.mga9

Publication date: 14 Oct 2025
Type: bugfix
Affected Mageia releases : 9
Description Viking no longer downloads Open Street Maps map tiles. This update fixes the reported issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34660
• https://github.com/viking-gps/viking/issues/339

SRPMS 9/core

• viking-1.10-2.1.mga9