Principal

Lector de Feeds

MGASA-2025-0289 - Updated python-py packages fix security vulnerability

Mageia Security - 14 Noviembre, 2025 - 00:37
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2022-42969 Description The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. (CVE-2022-42969) References SRPMS 9/core
  • python-py-1.11.0-2.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0288 - Updated python-setuptools packages fix security vulnerability

Mageia Security - 14 Noviembre, 2025 - 00:37
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47273 Description Setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write. (CVE-2025-47273) References SRPMS 9/core
  • python-setuptools-65.5.0-3.2.mga9
Categorías: Actualizaciones de Seguridad

Re: [dev] [changelog] [RPM] cauldron core/release perl-DBIx-Class-EncodedColumn-0.110.0-1.mga10 - thierry.vignaud@gmail.com

Mageia Cauldron - 13 Noviembre, 2025 - 20:18

MGASA-2025-0287 - Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability

Mageia Security - 13 Noviembre, 2025 - 19:03
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-2467 Description Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack). (CVE-2024-2467) References SRPMS 9/core
  • perl-Crypt-OpenSSL-RSA-0.330.0-1.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0286 - Updated python-flask-cors packages fix security vulnerabilities

Mageia Security - 13 Noviembre, 2025 - 19:03
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-1681 , CVE-2024-6221 , CVE-2024-6839 , CVE-2024-6844 , CVE-2024-6866 Description Log Injection Vulnerability in corydolphin/flask-cors. (CVE-2024-1681) Improper Access Control in corydolphin/flask-cors. (CVE-2024-6221) Improper Regex Path Matching in corydolphin/flask-cors. (CVE-2024-6839) Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors. (CVE-2024-6844) Case-Insensitive Path Matching in corydolphin/flask-cors. (CVE-2024-6866) References SRPMS 9/core
  • python-flask-cors-3.0.10-1.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0285 - Updated perl-Authen-SASL packages fix security vulnerability

Mageia Security - 13 Noviembre, 2025 - 19:03
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40918 Description Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. (CVE-2025-40918) References SRPMS 9/core
  • perl-Authen-SASL-2.160.0-13.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0284 - Updated perl-Cpanel-JSON-XS packages fix security vulnerability

Mageia Security - 13 Noviembre, 2025 - 19:03
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40929 Description Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. (CVE-2025-40929) References SRPMS 9/core
  • perl-Cpanel-JSON-XS-4.350.0-1.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0283 - Updated perl-JSON-XS packages fix security vulnerability

Mageia Security - 13 Noviembre, 2025 - 19:03
Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40928 Description JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. (CVE-2025-40928) References SRPMS 9/core
  • perl-JSON-XS-4.30.0-5.1.mga9
Categorías: Actualizaciones de Seguridad

Re: [dev] linux32.mod - xerxes2@gmail.com

Mageia Cauldron - 13 Noviembre, 2025 - 16:38

Re: [dev] linux32.mod - mageia@martin-whitaker.me.uk

Mageia Cauldron - 13 Noviembre, 2025 - 10:13

Re: [dev] linux32.mod - xerxes2@gmail.com

Mageia Cauldron - 13 Noviembre, 2025 - 01:29

Re: [dev] maintained packages - dan@coneharvesters.com

Mageia Cauldron - 12 Noviembre, 2025 - 23:04

MGASA-2025-0282 - Updated python-tornado packages fix security vulnerability

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47287 Description Tornado vulnerable to excessive logging caused by malformed multipart form data. (CVE-2025-47287) References SRPMS 9/core
  • python-tornado-6.3.2-1.2.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0281 - Updated python-urllib3 & python-pip packages fix security vulnerability

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-50181 Description Urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation. (CVE-2025-50181) References SRPMS 9/core
  • python-urllib3-1.26.20-1.1.mga9
  • python-pip-23.0.1-1.2.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0280 - Updated python3 packages fix security vulnerabilities

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0938 , CVE-2025-1795 , CVE-2024-9287 , CVE-2025-4516 , CVE-2024-12718 , CVE-2025-4138 , CVE-2025-4330 , CVE-2025-4435 , CVE-2025-4517 , CVE-2025-8194 Description URL parser allowed square brackets in domain names. (CVE-2025-0938) Mishandling of comma during folding and unicode-encoding of email headers. (CVE-2025-1795) Virtual environment (venv) activation scripts don't quote paths. (CVE-2024-9287) Use-after-free in "unicode_escape" decoder with error handler. (CVE-2025-4516) Bypass extraction filter to modify file metadata outside extraction directory. (CVE-2024-12718) Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory. (CVE-2025-4138) Extraction filter bypass for linking outside extraction directory. (CVE-2025-4330) Tarfile extracts filtered members when errorlevel=0. (CVE-2025-4435) Arbitrary writes via tarfile realpath overflow. (CVE-2025-4517) Tarfile infinite loop during parsing with negative member offset. (CVE-2025-8194) References SRPMS 9/core
  • python3-3.10.18-1.4.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0279 - Updated perl-Data-Entropy packages fix security vulnerability

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1860 Description Data::Entropy for Perl uses insecure rand() function for cryptographic functions. (CVE-2025-1860) References SRPMS 9/core
  • perl-Data-Entropy-0.7.0-10.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0278 - Updated perl-File-Find-Rule packages fix security vulnerability

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2011-10007 Description File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name. (CVE-2011-10007) References SRPMS 9/core
  • perl-File-Find-Rule-0.340.0-5.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0277 - Updated perl-FCGI packages fix security vulnerability

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40907 Description FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. (CVE-2025-40907) References SRPMS 9/core
  • perl-FCGI-0.820.0-3.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0276 - Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-31484 , CVE-2023-31486 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. (CVE-2023-31484) HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. (CVE-2023-31486) References SRPMS 9/core
  • perl-CPAN-2.340.0-1.1.mga9
  • perl-HTTP-Tiny-0.82.0-1.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0275 - Updated perl-YAML-LibYAML packages fix security vulnerability

Mageia Security - 12 Noviembre, 2025 - 22:29
Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40908 Description YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified. (CVE-2025-40908) References SRPMS 9/core
  • perl-YAML-LibYAML-0.860.0-1.1.mga9
Categorías: Actualizaciones de Seguridad
Feed