Lector de Feeds
MGASA-2026-0012 - Updated gimp packages fix security vulnerabilities
Publication date: 17 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2760 , CVE-2025-2761 , CVE-2025-48797 , CVE-2025-48798 , CVE-2025-10934 , CVE-2025-14422 , CVE-2025-14425 Description XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. (CVE-2025-2760) FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. (CVE-2025-2761) Multiple heap buffer overflows in tga parser. (CVE-2025-48797) Multiple use after free in xcf parser. (CVE-2025-48798) XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2025-10934) PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. (CVE-2025-14422) JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2025-14425) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2760 , CVE-2025-2761 , CVE-2025-48797 , CVE-2025-48798 , CVE-2025-10934 , CVE-2025-14422 , CVE-2025-14425 Description XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. (CVE-2025-2760) FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. (CVE-2025-2761) Multiple heap buffer overflows in tga parser. (CVE-2025-48797) Multiple use after free in xcf parser. (CVE-2025-48798) XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2025-10934) PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. (CVE-2025-14422) JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2025-14425) References
- https://bugs.mageia.org/show_bug.cgi?id=34363
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DVVZTOVQSBY5ON5P7HYQIXK2OLMSUEH5/
- https://lists.debian.org/debian-lts-announce/2025/11/msg00005.html
- https://lists.debian.org/debian-security-announce/2025/msg00103.html
- https://lists.debian.org/debian-security-announce/2026/msg00001.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2760
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2761
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48797
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48798
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10934
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14422
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14425
- gimp-2.10.36-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0011 - Updated python-urllib3 packages fix security vulnerabilities
Publication date: 17 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-66418 , CVE-2026-21441 Description urllib3 allows an unbounded number of links in the decompression chain. (CVE-2025-66418) urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API). (CVE-2026-21441) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-66418 , CVE-2026-21441 Description urllib3 allows an unbounded number of links in the decompression chain. (CVE-2025-66418) urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API). (CVE-2026-21441) References
- https://bugs.mageia.org/show_bug.cgi?id=34809
- https://www.openwall.com/lists/oss-security/2025/12/05/4
- https://ubuntu.com/security/notices/USN-7955-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66418
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21441
- python-urllib3-1.26.20-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0010 - Updated libpng packages fix security vulnerabilities
Publication date: 17 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-22695 , CVE-2026-22801 Description LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix). (CVE-2026-22695) LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*. (CVE-2026-22801) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-22695 , CVE-2026-22801 Description LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix). (CVE-2026-22695) LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*. (CVE-2026-22801) References
- https://bugs.mageia.org/show_bug.cgi?id=34986
- https://www.openwall.com/lists/oss-security/2026/01/12/7
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801
- libpng-1.6.38-1.3.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0009 - Updated nodejs packages fix security vulnerabilities
Publication date: 17 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-59465 , CVE-2025-59466 , CVE-2025-55130 , CVE-2025-55131 , CVE-2025-55132 , CVE-2026-21637 Description Node.js HTTP/2 server crashes with unhandled error when receiving malformed HEADERS frame. (CVE-2025-59465) Uncatchable "Maximum call stack size exceeded" error on Node.js via async_hooks leads to process crashes bypassing error handlers. (CVE-2025-59466) Bypass File System Permissions using crafted symlinks. (CVE-2025-55130) Timeout-based race conditions make Uint8Array/Buffer.alloc non-zerofilled. (CVE-2025-55131) fs.futimes() Bypasses Read-Only Permission Model. (CVE-2025-55132) TLS PSK/ALPN Callback Exceptions Bypass Error Handlers, Causing DoS and FD Leak. (CVE-2026-21637) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-59465 , CVE-2025-59466 , CVE-2025-55130 , CVE-2025-55131 , CVE-2025-55132 , CVE-2026-21637 Description Node.js HTTP/2 server crashes with unhandled error when receiving malformed HEADERS frame. (CVE-2025-59465) Uncatchable "Maximum call stack size exceeded" error on Node.js via async_hooks leads to process crashes bypassing error handlers. (CVE-2025-59466) Bypass File System Permissions using crafted symlinks. (CVE-2025-55130) Timeout-based race conditions make Uint8Array/Buffer.alloc non-zerofilled. (CVE-2025-55131) fs.futimes() Bypasses Read-Only Permission Model. (CVE-2025-55132) TLS PSK/ALPN Callback Exceptions Bypass Error Handlers, Causing DoS and FD Leak. (CVE-2026-21637) References
- https://bugs.mageia.org/show_bug.cgi?id=34995
- https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
- https://nodejs.org/en/blog/release/v22.22.0
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59465
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59466
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55130
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55131
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55132
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21637
- nodejs-22.22.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2026-0006 - Updated v4l2loopback packages fix bug
Publication date: 17 Jan 2026
Type: bugfix
Affected Mageia releases : 9
Description Backported kernel 6.18 requires an updated version (mga#34962). Additionally some bugs and issues have been fixed. References
Type: bugfix
Affected Mageia releases : 9
Description Backported kernel 6.18 requires an updated version (mga#34962). Additionally some bugs and issues have been fixed. References
- https://bugs.mageia.org/show_bug.cgi?id=34980
- https://github.com/v4l2loopback/v4l2loopback/issues/653
- v4l2loopback-0.15.3-1.mga9
Categorías: Actualizaciones de Seguridad
