Lector de Feeds

revert perl-Test-LeakTrace was already listed in previous section

← Older revision Revision as of 12:08, 26 July 2025 (One intermediate revision by the same user not shown)(No difference) Tv

Publication date: 25 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-52886 Description poppler uses std::atomic_int for reference counting. Because it is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. References

• https://bugs.mageia.org/show_bug.cgi?id=34485
• https://www.openwall.com/lists/oss-security/2025/07/11/5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52886

SRPMS 9/core

• poppler-23.02.0-1.7.mga9

Publication date: 25 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32462 , CVE-2025-32463 Description CVE-2025-32462 - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines CVE-2025-32463 - Sudo before 1.9.17p1 allows local users to obtain root access because "/etc/nsswitch.conf" from a user-controlled directory is used with the --chroot option. References

• https://bugs.mageia.org/show_bug.cgi?id=34409
• https://www.openwall.com/lists/oss-security/2025/06/30/2
• https://www.openwall.com/lists/oss-security/2025/06/30/3
• https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32462
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32463

SRPMS 9/core

• sudo-1.9.15p5-1.1.mga9