Lector de Feeds
MGASA-2025-0308 - Updated konsole packages fix security vulnerability
Publication date: 21 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49091 Description KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code. (CVE-2025-49091) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49091 Description KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code. (CVE-2025-49091) References
- https://bugs.mageia.org/show_bug.cgi?id=34364
- https://www.openwall.com/lists/oss-security/2025/06/10/5
- https://lists.debian.org/debian-security-announce/2025/msg00109.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49091
- konsole-23.04.3-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0307 - Updated redis packages fix security vulnerabilities
Publication date: 21 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49844 , CVE-2025-46817 , CVE-2025-46818 , CVE-2025-46819 Description A Lua script may lead to remote code execution. (CVE-2025-49844) A Lua script may lead to integer overflow and potential RCE. (CVE-2025-46817) A Lua script can be executed in the context of another user. (CVE-2025-46818) LUA out-of-bound read. (CVE-2025-46819) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49844 , CVE-2025-46817 , CVE-2025-46818 , CVE-2025-46819 Description A Lua script may lead to remote code execution. (CVE-2025-49844) A Lua script may lead to integer overflow and potential RCE. (CVE-2025-46817) A Lua script can be executed in the context of another user. (CVE-2025-46818) LUA out-of-bound read. (CVE-2025-46819) References
- https://bugs.mageia.org/show_bug.cgi?id=34650
- https://www.openwall.com/lists/oss-security/2025/10/07/2
- https://github.com/redis/redis/releases/tag/7.2.11
- https://github.com/redis/redis/releases/tag/7.2.12
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49844
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46817
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46818
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46819
- redis-7.2.12-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0306 - Updated ffmpeg packages fix security vulnerabilities
Publication date: 21 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-50007 , CVE-2023-50008 , CVE-2023-6602 , CVE-2023-6604 , CVE-2023-6605 , CVE-2024-31582 , CVE-2024-35367 , CVE-2025-59728 , CVE-2025-59731 , CVE-2025-59732 , CVE-2025-59733 , CVE-2025-7700 Description FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. (CVE-2023-50007) FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component. (CVE-2023-50008) Improper handling of input format in tty demuxer of ffmpeg. (CVE-2023-6602) Hls xbin demuxer dos amplification in ffmpeg. (CVE-2023-6604) Dash playlist ssrf vulnerability in ffmpeg. (CVE-2023-6605) FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. (CVE-2024-31582) FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer. (CVE-2024-35367) Heap-buffer-overflow write in FFmpeg MDASH resolve_content_path. (CVE-2025-59728) Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress. (CVE-2025-59731, CVE-2025-59732, CVE-2025-59733) Null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c). (CVE-2025-7700) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-50007 , CVE-2023-50008 , CVE-2023-6602 , CVE-2023-6604 , CVE-2023-6605 , CVE-2024-31582 , CVE-2024-35367 , CVE-2025-59728 , CVE-2025-59731 , CVE-2025-59732 , CVE-2025-59733 , CVE-2025-7700 Description FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. (CVE-2023-50007) FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component. (CVE-2023-50008) Improper handling of input format in tty demuxer of ffmpeg. (CVE-2023-6602) Hls xbin demuxer dos amplification in ffmpeg. (CVE-2023-6604) Dash playlist ssrf vulnerability in ffmpeg. (CVE-2023-6605) FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. (CVE-2024-31582) FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer. (CVE-2024-35367) Heap-buffer-overflow write in FFmpeg MDASH resolve_content_path. (CVE-2025-59728) Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress. (CVE-2025-59731, CVE-2025-59732, CVE-2025-59733) Null pointer dereference in ffmpeg als decoder (libavcodec/alsdec.c). (CVE-2025-7700) References
- https://bugs.mageia.org/show_bug.cgi?id=34757
- https://ffmpeg.org/security.html
- https://lists.debian.org/debian-security-announce/2025/msg00149.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50007
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50008
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6602
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6604
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6605
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31582
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35367
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59728
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59731
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59732
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59733
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7700
- ffmpeg-5.1.7-1.mga9
- ffmpeg-5.1.7-1.mga9.tainted
Categorías: Actualizaciones de Seguridad
MGASA-2025-0305 - Updated thunderbird packages fix security vulnerabilities
Publication date: 19 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13012 , CVE-2025-13013 , CVE-2025-13014 , CVE-2025-13015 , CVE-2025-13016 , CVE-2025-13017 , CVE-2025-13018 , CVE-2025-13019 , CVE-2025-13020 Description Race condition in the Graphics component. (CVE-2025-13012) Mitigation bypass in the DOM: Core & HTML component. (CVE-2025-13013) CVE-2025-13014: Use-after-free in the Audio/Video component. (CVE-2025-13014) Spoofing issue in Firefox. (CVE-2025-13015) Incorrect boundary conditions in the JavaScript: WebAssembly component. (CVE-2025-13016) Same-origin policy bypass in the DOM: Notifications component. (CVE-2025-13017) Mitigation bypass in the DOM: Security component. (CVE-2025-13018) Same-origin policy bypass in the DOM: Workers component. (CVE-2025-13019) Use-after-free in the WebRTC: Audio/Video component. (CVE-2025-13020) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13012 , CVE-2025-13013 , CVE-2025-13014 , CVE-2025-13015 , CVE-2025-13016 , CVE-2025-13017 , CVE-2025-13018 , CVE-2025-13019 , CVE-2025-13020 Description Race condition in the Graphics component. (CVE-2025-13012) Mitigation bypass in the DOM: Core & HTML component. (CVE-2025-13013) CVE-2025-13014: Use-after-free in the Audio/Video component. (CVE-2025-13014) Spoofing issue in Firefox. (CVE-2025-13015) Incorrect boundary conditions in the JavaScript: WebAssembly component. (CVE-2025-13016) Same-origin policy bypass in the DOM: Notifications component. (CVE-2025-13017) Mitigation bypass in the DOM: Security component. (CVE-2025-13018) Same-origin policy bypass in the DOM: Workers component. (CVE-2025-13019) Use-after-free in the WebRTC: Audio/Video component. (CVE-2025-13020) References
- https://bugs.mageia.org/show_bug.cgi?id=34743
- https://www.thunderbird.net/en-US/thunderbird/140.5.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13012
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13014
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13015
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13016
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13017
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13018
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13019
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13020
- thunderbird-140.5.0-1.mga9
- thunderbird-l10n-140.5.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0304 - Updated cups-filters packages fix security vulnerabilities
Publication date: 19 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-57812 , CVE-2025-64503 Description CUPS-Filters has heap-buffer-overflow write in `cfImageLut()`. (CVE-2025-57812) cups-filters 1.x: out of bounds write in pdftoraster. (CVE-2025-64503) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-57812 , CVE-2025-64503 Description CUPS-Filters has heap-buffer-overflow write in `cfImageLut()`. (CVE-2025-57812) cups-filters 1.x: out of bounds write in pdftoraster. (CVE-2025-64503) References
- https://bugs.mageia.org/show_bug.cgi?id=34746
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57812
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64503
- cups-filters-1.28.16-6.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0303 - Updated flatpak & bubblewrap packages fix security vulnerability
Publication date: 19 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-42472 Description Flatpak may allow access to files outside sandbox for certain apps. (CVE-2024-42472). References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-42472 Description Flatpak may allow access to files outside sandbox for certain apps. (CVE-2024-42472). References
- https://bugs.mageia.org/show_bug.cgi?id=33510
- https://openwall.com/lists/oss-security/2024/08/14/6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42472
- flatpak-1.14.10-1.mga9
- bubblewrap-0.7.0-1.1.mga9
Categorías: Actualizaciones de Seguridad
