Lector de Feeds
MGAA-2025-0087 - Updated simgear, flightgear and flightgear-data packages fix bugs
Publication date: 24 Oct 2025
Type: bugfix
Affected Mageia releases : 9
Description Fixed multiple shader bugs that were causing graphical artifacts and vegetation to not be visible Fixed a bug where messages from ATC were appearing on the splash screen before the user had fully spawned Fixed a bug in the launcher where dropdown boxes on the Flight Planner page were empty Fixed a memory bug in YASim that resulted in a crash under certain conditions Fixed missing maps in the FG1000 Fixed regional textures for random buildings Fixed minimum dewpoint calculation in JSBSim Fixed SID/STAR selection and modification in the route manager References
Type: bugfix
Affected Mageia releases : 9
Description Fixed multiple shader bugs that were causing graphical artifacts and vegetation to not be visible Fixed a bug where messages from ATC were appearing on the splash screen before the user had fully spawned Fixed a bug in the launcher where dropdown boxes on the Flight Planner page were empty Fixed a memory bug in YASim that resulted in a crash under certain conditions Fixed missing maps in the FG1000 Fixed regional textures for random buildings Fixed minimum dewpoint calculation in JSBSim Fixed SID/STAR selection and modification in the route manager References
- https://bugs.mageia.org/show_bug.cgi?id=34659
- https://www.flightgear.org/download/releases/2024-1-2/
- simgear-2024.1.2-1.mga9
- flightgear-2024.1.2-1.mga9
- flightgear-data-2024.1.2-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0247 - Updated thunderbird packgaes fix security vulnerabilities
Publication date: 23 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-10527 , CVE-2025-10528 , CVE-2025-10529 , CVE-2025-10532 , CVE-2025-10533 , CVE-2025-10536 , CVE-2025-10537 , CVE-2025-11708 , CVE-2025-11709 , CVE-2025-11710 , CVE-2025-11711 , CVE-2025-11712 , CVE-2025-11713 , CVE-2025-11714 , CVE-2025-11715 Description CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could be modified CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other security fixes; please see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-10527 , CVE-2025-10528 , CVE-2025-10529 , CVE-2025-10532 , CVE-2025-10533 , CVE-2025-10536 , CVE-2025-10537 , CVE-2025-11708 , CVE-2025-11709 , CVE-2025-11710 , CVE-2025-11711 , CVE-2025-11712 , CVE-2025-11713 , CVE-2025-11714 , CVE-2025-11715 Description CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could be modified CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other security fixes; please see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=34638
- https://www.thunderbird.net/en-US/thunderbird/140.4.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/
- https://www.thunderbird.net/en-US/thunderbird/140.4.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/
- https://www.thunderbird.net/en-US/thunderbird/140.3.1esr/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/140.3.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10527
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10528
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10529
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10532
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10533
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10536
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10537
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11708
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11709
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11710
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11711
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11712
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11715
- thunderbird-140.4.0-1.2.mga9
- thunderbird-l10n-140.4.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0246 - Updated firefox, nss & rootcerts fix security vulnerabilities
Publication date: 23 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-10527 , CVE-2025-10528 , CVE-2025-10529 , CVE-2025-10532 , CVE-2025-10533 , CVE-2025-10536 , CVE-2025-10537 , CVE-2025-11708 , CVE-2025-11709 , CVE-2025-11710 , CVE-2025-11711 , CVE-2025-11712 , CVE-2025-11713 , CVE-2025-11714 , CVE-2025-11715 Description CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could be modified CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other security fixes; please see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-10527 , CVE-2025-10528 , CVE-2025-10529 , CVE-2025-10532 , CVE-2025-10533 , CVE-2025-10536 , CVE-2025-10537 , CVE-2025-11708 , CVE-2025-11709 , CVE-2025-11710 , CVE-2025-11711 , CVE-2025-11712 , CVE-2025-11713 , CVE-2025-11714 , CVE-2025-11715 Description CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could be modified CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other security fixes; please see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=34637
- https://www.firefox.com/en-US/firefox/140.4.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_117.html
- https://www.firefox.com/en-US/firefox/140.3.1/releasenotes/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_116.html
- https://www.firefox.com/en-US/firefox/140.3.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10527
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10528
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10529
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10532
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10533
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10536
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10537
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11708
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11709
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11710
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11711
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11712
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11715
- nss-3.117.0-1.mga9
- rootcerts-20251003.00-1.mga9
- firefox-140.4.0-1.2.mga9
- firefox-l10n-140.4.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0245 - Updated nginx package fixes security vulnerability
Publication date: 22 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53859 Description It was discovered that nginx contains a security issue in the ngx_mail_smtp_module which might allow an attacker to cause buffer over-read potentially resulting in sensitive information leak in a HTTP request to the authentication server (CVE-2025-53859). References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53859 Description It was discovered that nginx contains a security issue in the ngx_mail_smtp_module which might allow an attacker to cause buffer over-read potentially resulting in sensitive information leak in a HTTP request to the authentication server (CVE-2025-53859). References
- https://bugs.mageia.org/show_bug.cgi?id=34585
- https://www.openwall.com/lists/oss-security/2025/08/13/5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53859
- nginx-1.26.3-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0244 - Updated openssl packages fix a security vulnerability
Publication date: 22 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9230 Description Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9230 Description Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230) References
- https://bugs.mageia.org/show_bug.cgi?id=34643
- https://www.openwall.com/lists/oss-security/2025/09/30/5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230
- openssl-3.0.18-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0243 - Updated python-django packages fix a security vulnerability
Publication date: 22 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-59681 , CVE-2025-59682 Description An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB). (CVE-2025-59681) An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory. (CVE-2025-59682) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-59681 , CVE-2025-59682 Description An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB). (CVE-2025-59681) An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory. (CVE-2025-59682) References
- https://bugs.mageia.org/show_bug.cgi?id=34645
- https://www.openwall.com/lists/oss-security/2025/10/01/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59681
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59682
- python-django-4.1.13-1.7.mga9
Categorías: Actualizaciones de Seguridad
