Lector de Feeds

Publication date: 04 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48174 , CVE-2025-48175 Description In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. (CVE-2025-48174) In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. (CVE-2025-48175) References

• https://bugs.mageia.org/show_bug.cgi?id=34336
• https://lists.debian.org/debian-security-announce/2025/msg00094.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48174
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48175

SRPMS 9/core

• libavif-0.11.1-1.1.mga9

Publication date: 04 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47912 , CVE-2025-58183 , CVE-2025-58185 , CVE-2025-58186 , CVE-2025-58187 , CVE-2025-58188 , CVE-2025-58189 , CVE-2025-61723 , CVE-2025-61724 , CVE-2025-61725 Description Insufficient validation of bracketed IPv6 hostnames in net/url. (CVE-2025-47912) Unbounded allocation when parsing GNU sparse map in archive/tar. (CVE-2025-58183) Parsing DER payload can cause memory exhaustion in encoding/asn1. (CVE-2025-58185) Lack of limit when parsing cookies can cause memory exhaustion in net/http. (CVE-2025-58186) Quadratic complexity when checking name constraints in crypto/x509. (CVE-2025-58187) Panic when validating certificates with DSA public keys in crypto/x509. (CVE-2025-58188) ALPN negotiation error contains attacker controlled information in crypto/tls. (CVE-2025-58189) Quadratic complexity when parsing some invalid inputs in encoding/pem. (CVE-2025-61723) Excessive CPU consumption in Reader.ReadResponse in net/textproto. (CVE-2025-61724) Excessive CPU consumption in ParseAddress in net/mail. (CVE-2025-61725) These packages fix the issues for the compiler only; applications using the functions still need to be rebuilt. References

• https://bugs.mageia.org/show_bug.cgi?id=34651
• https://www.openwall.com/lists/oss-security/2025/10/08/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47912
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58185
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58186
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58187
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58188
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58189
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61723
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61724
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61725

SRPMS 9/core

• golang-1.24.9-1.mga9

Publication date: 31 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53603 Description It was discovered that sope, the set of Objective-C frameworks powering SOGo, contains a DoS bug which could cause a crash (CVE-2025-53603). References

• https://bugs.mageia.org/show_bug.cgi?id=34416
• https://www.openwall.com/lists/oss-security/2025/07/02/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53603

SRPMS 9/core

• sope-5.6.0-2.1.mga9

Publication date: 31 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8677 , CVE-2025-40778 , CVE-2025-40780 Description Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677). Cache poisoning attacks with unsolicited RRs (CVE-2025-40778). Cache poisoning due to weak PRNG (CVE-2025-40780). References

• https://bugs.mageia.org/show_bug.cgi?id=34696
• https://www.openwall.com/lists/oss-security/2025/10/22/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8677
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40778
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40780

SRPMS 9/core

• bind-9.18.39-1.1.mga9

Publication date: 31 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46397 , CVE-2025-46398 , CVE-2025-46399 , CVE-2025-46400 Description fig2dev stack-overflow. (CVE-2025-46397) fig2dev stack-overflow via read_objects. (CVE-2025-46398) fig2dev segmentation fault vulnerability. (CVE-2025-46399) fig2dev segmentation fault in read_arcobject. (CVE-2025-46400) References

• https://bugs.mageia.org/show_bug.cgi?id=34309
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/ZDNSWLCQENGSN2O2GVDL64VL52AR7HAU/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46397
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46398
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46399
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46400

SRPMS 9/core

• transfig-3.2.9a-1.1.mga9

Publication date: 31 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-13978 , CVE-2025-8176 , CVE-2025-8177 , CVE-2025-8534 , CVE-2025-8961 , CVE-2025-9165 , CVE-2025-9900 Description LibTIFF fax2ps tiff2pdf.c t2p_read_tiff_init null pointer dereference. (CVE-2024-13978) LibTIFF tiffmedian.c get_histogram use after free. (CVE-2025-8176) LibTIFF thumbnail.c setrow buffer overflow. (CVE-2025-8177) libtiff tiff2ps tiff2ps.c PS_Lvl2page null pointer dereference. (CVE-2025-8534) LibTIFF tiffcrop tiffcrop.c main memory corruption. (CVE-2025-8961) LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak. (CVE-2025-9165) Libtiff: libtiff write-what-where. (CVE-2025-9900) References

• https://bugs.mageia.org/show_bug.cgi?id=34704
• https://lists.debian.org/debian-security-announce/2025/msg00189.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13978
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8176
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8177
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8534
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8961
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9165
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9900

SRPMS 9/core

• libtiff-4.5.1-1.6.mga9