Lector de Feeds

MGASA-2025-0201 - Updated rootcerts, nss & firefox packages fix security vulnerabilities

Mageia Security - Hace 12 horas 44 minutos
Publication date: 02 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6424 , CVE-2025-6425 , CVE-2025-6429 , CVE-2025-6430 Description CVE-2025-6424: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. CVE-2025-6425: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. CVE-2025-6429: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. CVE-2025-6430: When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a or tag, potentially making a website vulnerable to a cross-site scripting attack. We can't yet ship this update to the armv7hl architecture; we are investigating the issue and will try to update firefox for armv7hl as soon as possible. References SRPMS 9/core
  • firefox-128.12.0-1.1.mga9
  • firefox-l10n-128.12.0-1.1.mga9
  • rootcerts-20250613.00-1.mga9
  • nss-3.113.0-1.mga9

MGASA-2025-0200 - Updated libarchive packages fix security vulnerabilities

Mageia Security - 2 Julio, 2025 - 18:04
Publication date: 02 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5914 , CVE-2025-5915 , CVE-2025-5916 , CVE-2025-5917 Description Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c. (CVE-2025-5914) Heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c. (CVE-2025-5915) Integer overflow while reading warc files at archive_read_support_format_warc.c. (CVE-2025-5916) Off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c. (CVE-2025-5917) References SRPMS 9/core
  • libarchive-3.6.2-5.5.mga9
Feed