Lector de Feeds

Publication date: 19 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13012 , CVE-2025-13013 , CVE-2025-13014 , CVE-2025-13015 , CVE-2025-13016 , CVE-2025-13017 , CVE-2025-13018 , CVE-2025-13019 , CVE-2025-13020 Description Race condition in the Graphics component. (CVE-2025-13012) Mitigation bypass in the DOM: Core & HTML component. (CVE-2025-13013) CVE-2025-13014: Use-after-free in the Audio/Video component. (CVE-2025-13014) Spoofing issue in Firefox. (CVE-2025-13015) Incorrect boundary conditions in the JavaScript: WebAssembly component. (CVE-2025-13016) Same-origin policy bypass in the DOM: Notifications component. (CVE-2025-13017) Mitigation bypass in the DOM: Security component. (CVE-2025-13018) Same-origin policy bypass in the DOM: Workers component. (CVE-2025-13019) Use-after-free in the WebRTC: Audio/Video component. (CVE-2025-13020) References

• https://bugs.mageia.org/show_bug.cgi?id=34743
• https://www.thunderbird.net/en-US/thunderbird/140.5.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-91/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13012
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13013
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13014
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13015
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13016
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13017
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13018
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13019
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13020

SRPMS 9/core

• thunderbird-140.5.0-1.mga9
• thunderbird-l10n-140.5.0-1.mga9

Publication date: 19 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-57812 , CVE-2025-64503 Description CUPS-Filters has heap-buffer-overflow write in `cfImageLut()`. (CVE-2025-57812) cups-filters 1.x: out of bounds write in pdftoraster. (CVE-2025-64503) References

• https://bugs.mageia.org/show_bug.cgi?id=34746
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57812
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64503

SRPMS 9/core

• cups-filters-1.28.16-6.2.mga9

Publication date: 19 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-42472 Description Flatpak may allow access to files outside sandbox for certain apps. (CVE-2024-42472). References

• https://bugs.mageia.org/show_bug.cgi?id=33510
• https://openwall.com/lists/oss-security/2024/08/14/6
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42472

SRPMS 9/core

• flatpak-1.14.10-1.mga9
• bubblewrap-0.7.0-1.1.mga9

Publication date: 18 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-12817 , CVE-2025-12818 Description PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege. (CVE-2025-12817) PostgreSQL libpq undersizes allocations, via integer wraparound. (CVE-2025-12818) References

• https://bugs.mageia.org/show_bug.cgi?id=34752
• https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818

SRPMS 9/core

• postgresql15-15.15-1.mga9
• postgresql13-13.23-1.mga9

Publication date: 18 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-42516 , CVE-2024-43204 , CVE-2024-47252 , CVE-2025-49630 , CVE-2025-23048 , CVE-2025-49812 , CVE-2025-53020 , CVE-2025-54090 Description HTTP response splitting. (CVE-2024-42516) SSRF with mod_headers setting Content-Type header. (CVE-2024-43204) mod_ssl error log variable escaping. (CVE-2024-47252) mod_proxy_http2 denial of service. (CVE-2025-49630) mod_ssl access control bypass with session resumption. (CVE-2025-23048) mod_ssl TLS upgrade attack. (CVE-2025-49812) HTTP/2 DoS by Memory Increase. (CVE-2025-53020) 'RewriteCond expr' always evaluates to true in 2.4.64. (CVE-2025-54090) You will find the update delay sometimes causes a failure; just restart the service after the update. References

• https://bugs.mageia.org/show_bug.cgi?id=34464
• https://www.openwall.com/lists/oss-security/2025/07/10/2
• https://www.openwall.com/lists/oss-security/2025/07/10/3
• https://www.openwall.com/lists/oss-security/2025/07/10/4
• https://www.openwall.com/lists/oss-security/2025/07/10/6
• https://www.openwall.com/lists/oss-security/2025/07/10/7
• https://www.openwall.com/lists/oss-security/2025/07/10/8
• https://www.openwall.com/lists/oss-security/2025/07/10/9
• https://www.openwall.com/lists/oss-security/2025/07/10/10
• https://www.openwall.com/lists/oss-security/2025/07/24/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42516
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43204
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47252
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49630
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23048
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49812
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53020
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54090

SRPMS 9/core

• apache-2.4.65-1.mga9

Publication date: 17 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13012 , CVE-2025-13013 , CVE-2025-13014 , CVE-2025-13015 , CVE-2025-13016 , CVE-2025-13017 , CVE-2025-13018 , CVE-2025-13019 , CVE-2025-13020 Description Race condition in the Graphics component. (CVE-2025-13012) Mitigation bypass in the DOM: Core & HTML component. (CVE-2025-13013) CVE-2025-13014: Use-after-free in the Audio/Video component. (CVE-2025-13014) Spoofing issue in Firefox. (CVE-2025-13015) Incorrect boundary conditions in the JavaScript: WebAssembly component. (CVE-2025-13016) Same-origin policy bypass in the DOM: Notifications component. (CVE-2025-13017) Mitigation bypass in the DOM: Security component. (CVE-2025-13018) Same-origin policy bypass in the DOM: Workers component. (CVE-2025-13019) Use-after-free in the WebRTC: Audio/Video component. (CVE-2025-13020) References

• https://bugs.mageia.org/show_bug.cgi?id=34742
• https://www.firefox.com/en-US/firefox/140.5.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13012
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13013
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13014
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13015
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13016
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13017
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13018
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13019
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13020

SRPMS 9/core

• firefox-140.5.0-1.mga9
• firefox-l10n-140.5.0-1.mga9