Lector de Feeds

Ulri

Wiki Mageia - 18 Octubre, 2025 - 19:55

Redirect to iurt

New page

#REDIRECT [[Iurt]] Danf
Categorías: Wiki de Mageia

MGASA-2025-0240 - Updated expat packages fix security vulnerabilities

Mageia Security - 18 Octubre, 2025 - 17:49
Publication date: 18 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8176 , CVE-2025-59375 Description Improper restriction of xml entity expansion depth in libexpat. (CVE-2024-8176) This is an extension of the fix published in MGASA-2025-0109 that was determined by upstream to be incomplete. Libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. (CVE-2025-59375) References SRPMS 9/core
  • expat-2.7.3-1.mga9

MGASA-2025-0239 - Updated varnish & lighttpd packages fix security vulnerability

Mageia Security - 17 Octubre, 2025 - 02:40
Publication date: 17 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8671 Description It was discovered that a denial of service attack can be performed on cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the session, causing the server to consume unnecessary resources processing requests for which the response will not be delivered (CVE-2025-8671). References SRPMS 9/core
  • varnish-7.7.3-1.mga9
  • lighttpd-1.4.80-1.3.mga9

MGASA-2025-0238 - Updated fetchmail package fixes security vulnerability

Mageia Security - 14 Octubre, 2025 - 18:45
Publication date: 14 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-61962 Description It was discovered that fetchmail's SMTP client, when configured to authenticate, is susceptible to a protocol violation where, when a trusted but malicious or malfunctioning SMTP server responds to an authentication request with a "334" code but without a following blank on the line, it will attempt to start reading from memory address 0x1 to parse the server's SASL challenge. This event will usually cause a crash of fetchmail (CVE-2025-61962). References SRPMS 9/core
  • fetchmail-6.5.6-1.mga9
Feed