Lector de Feeds
MGASA-2026-0010 - Updated libpng packages fix security vulnerabilities
Publication date: 17 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-22695 , CVE-2026-22801 Description LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix). (CVE-2026-22695) LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*. (CVE-2026-22801) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-22695 , CVE-2026-22801 Description LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix). (CVE-2026-22695) LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*. (CVE-2026-22801) References
- https://bugs.mageia.org/show_bug.cgi?id=34986
- https://www.openwall.com/lists/oss-security/2026/01/12/7
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801
- libpng-1.6.38-1.3.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0009 - Updated nodejs packages fix security vulnerabilities
Publication date: 17 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-59465 , CVE-2025-59466 , CVE-2025-55130 , CVE-2025-55131 , CVE-2025-55132 , CVE-2026-21637 Description Node.js HTTP/2 server crashes with unhandled error when receiving malformed HEADERS frame. (CVE-2025-59465) Uncatchable "Maximum call stack size exceeded" error on Node.js via async_hooks leads to process crashes bypassing error handlers. (CVE-2025-59466) Bypass File System Permissions using crafted symlinks. (CVE-2025-55130) Timeout-based race conditions make Uint8Array/Buffer.alloc non-zerofilled. (CVE-2025-55131) fs.futimes() Bypasses Read-Only Permission Model. (CVE-2025-55132) TLS PSK/ALPN Callback Exceptions Bypass Error Handlers, Causing DoS and FD Leak. (CVE-2026-21637) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-59465 , CVE-2025-59466 , CVE-2025-55130 , CVE-2025-55131 , CVE-2025-55132 , CVE-2026-21637 Description Node.js HTTP/2 server crashes with unhandled error when receiving malformed HEADERS frame. (CVE-2025-59465) Uncatchable "Maximum call stack size exceeded" error on Node.js via async_hooks leads to process crashes bypassing error handlers. (CVE-2025-59466) Bypass File System Permissions using crafted symlinks. (CVE-2025-55130) Timeout-based race conditions make Uint8Array/Buffer.alloc non-zerofilled. (CVE-2025-55131) fs.futimes() Bypasses Read-Only Permission Model. (CVE-2025-55132) TLS PSK/ALPN Callback Exceptions Bypass Error Handlers, Causing DoS and FD Leak. (CVE-2026-21637) References
- https://bugs.mageia.org/show_bug.cgi?id=34995
- https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
- https://nodejs.org/en/blog/release/v22.22.0
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59465
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59466
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55130
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55131
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55132
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21637
- nodejs-22.22.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2026-0006 - Updated v4l2loopback packages fix bug
Publication date: 17 Jan 2026
Type: bugfix
Affected Mageia releases : 9
Description Backported kernel 6.18 requires an updated version (mga#34962). Additionally some bugs and issues have been fixed. References
Type: bugfix
Affected Mageia releases : 9
Description Backported kernel 6.18 requires an updated version (mga#34962). Additionally some bugs and issues have been fixed. References
- https://bugs.mageia.org/show_bug.cgi?id=34980
- https://github.com/v4l2loopback/v4l2loopback/issues/653
- v4l2loopback-0.15.3-1.mga9
Categorías: Actualizaciones de Seguridad
