Lector de Feeds

MGASA-2026-0134 - Updated redis packages fix security vulnerabilities

Mageia Security - 14 Mayo, 2026 - 03:43
Publication date: 14 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-23479 , CVE-2026-23631 , CVE-2026-25243 , CVE-2026-25588 , CVE-2026-25589 Description (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution. (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution A user can manipulate data read by a connection by injecting rn sequences into a Redis error reply References SRPMS 9/core
  • redis-7.2.14-1.mga9

MGASA-2026-0132 - Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerability

Mageia Security - 13 Mayo, 2026 - 17:38
Publication date: 13 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-43284 Description Upstream kernel version 6.6.138 fixes a vulnerability. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel. References SRPMS 9/core
  • kernel-6.6.138-1.mga9
  • kmod-virtualbox-7.1.18-19.mga9
  • kmod-xtables-addons-3.24-91.mga9

MGASA-2026-0131 - Updated kernel-linus packages fix security vulnerability

Mageia Security - 13 Mayo, 2026 - 17:38
Publication date: 13 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-43284 Description Vanilla upstream kernel version 6.6.138 fixes vulnerability. For information about the vulnerability see the links. References SRPMS 9/core
  • kernel-linus-6.6.138-1.mga9

MGASA-2026-0130 - Updated perl-Gazelle packages fix security vulnerability

Mageia Security - 13 Mayo, 2026 - 08:00
Publication date: 13 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-40562 Description Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. (CVE-2026-40562) References SRPMS 9/core
  • perl-Gazelle-0.490.0-5.1.mga9

MGASA-2026-0129 - Updated apache packages fix security vulnerabilities

Mageia Security - 13 Mayo, 2026 - 08:00
Publication date: 13 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-23918 , CVE-2026-24072 , CVE-2026-28780 , CVE-2026-29168 , CVE-2026-29169 , CVE-2026-33006 , CVE-2026-33007 , CVE-2026-33523 , CVE-2026-33857 , CVE-2026-34032 , CVE-2026-34059 Description http2: double free and possible RCE on early reset. (CVE-2026-23918) mod_rewrite elevation of privileges via ap_expr. (CVE-2026-24072) buffer overflow in mod_proxy_ajp via ajp_msg_check_header(). (CVE-2026-28780) mod_md unrestricted OCSP response. (CVE-2026-29168) mod_dav_lock indirect lock crash. (CVE-2026-29169) mod_auth_digest timing attack. (CVE-2026-33006) mod_authn_socache crash. (CVE-2026-33007) HTTP response splitting forwarding malicious status line. (CVE-2026-33523) Off-by-one OOB reads in AJP getter functions. (CVE-2026-33857) Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string). (CVE-2026-34032) Heap Over-Read and memory disclosure in ajp_parse_data(). (CVE-2026-34059) References SRPMS 9/core
  • apache-2.4.67-1.mga9

MGASA-2026-0127 - Updated php packages fix security vulnerabilities

Mageia Security - 13 Mayo, 2026 - 08:00
Publication date: 13 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-6735 , CVE-2026-7259 , CVE-2025-14179 , CVE-2026-6722 , CVE-2026-7261 , CVE-2026-7262 , CVE-2026-7568 , CVE-2026-7258 Description FPM: Fixed GHSA-7qg2-v9fj-4mwv (XSS within status endpoint). (CVE-2026-6735) MBString: Fixed GHSA-wm6j-2649-pv75 (Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()). (CVE-2026-7259) OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDO_Firebird: Fixed GHSA-w476-322c-wpvm (SQL injection via NUL bytes in quoted strings). (CVE-2025-14179) SOAP: - Fixed GHSA-85c2-q967-79q5 (Stale SOAP_GLOBAL(ref_map) pointer with Apache Map). (CVE-2026-6722) - Fixed GHSA-m33r-qmcv-p97q (Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION). (CVE-2026-7261) - Fixed GHSA-hmxp-6pc4-f3vv (Broken Apache map value NULL check). (CVE-2026-7262) Standard: - Fixed GHSA-96wq-48vp-hh57 (Signed integer overflow of char array offset). (CVE-2026-7568) - Fixed GHSA-m8rr-4c36-8gq4 (Consistently pass unsigned char to ctype.h functions). (CVE-2026-7258) References SRPMS 9/core
  • php-8.2.31-1.mga9

MGASA-2026-0126 - Updated openvpn packages fix security vulnerabilities

Mageia Security - 10 Mayo, 2026 - 03:43
Publication date: 10 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-35058 , CVE-2026-40215 Description CVE-2026-35058 - fix server ASSERT() on receiving a suitably malformed packet with a valid tls-crypt-v2 key CVE-2026-40215 - fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances References SRPMS 9/core
  • openvpn-2.6.20-1.1.mga9

MGASA-2026-0125 - Updated thunderbird packages fix security vulnerabilities

Mageia Security - 9 Mayo, 2026 - 17:24
Publication date: 09 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-6746 , CVE-2026-6747 , CVE-2026-6748 , CVE-2026-6749 , CVE-2026-6750 , CVE-2026-6751 , CVE-2026-6752 , CVE-2026-6753 , CVE-2026-6754 , CVE-2026-6757 , CVE-2026-6759 , CVE-2026-6761 , CVE-2026-6762 , CVE-2026-6763 , CVE-2026-6764 , CVE-2026-6765 , CVE-2026-6769 Description Use-after-free in the DOM: Core & HTML component. (CVE-2026-6746) Use-after-free in the WebRTC component. (CVE-2026-6747) Uninitialized memory in the Audio/Video: Web Codecs component. (CVE-2026-6748) Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. (CVE-2026-6749) Privilege escalation in the Graphics: WebRender component. (CVE-2026-6750) Uninitialized memory in the Audio/Video: Web Codecs component. (CVE-2026-6751) Incorrect boundary conditions in the WebRTC component. (CVE-2026-6752) Incorrect boundary conditions in the WebRTC component. (CVE-2026-6753) Use-after-free in the JavaScript Engine component. (CVE-2026-6754) Invalid pointer in the JavaScript: WebAssembly component. (CVE-2026-6757) Use-after-free in the Widget: Cocoa component. (CVE-2026-6759) Privilege escalation in the Networking component. (CVE-2026-6761) Spoofing issue in the DOM: Core & HTML component. (CVE-2026-6762) Mitigation bypass in the File Handling component. (CVE-2026-6763) Incorrect boundary conditions in the DOM: Device Interfaces component. (CVE-2026-6764) Information disclosure in the Form Autofill component. (CVE-2026-6765) Privilege escalation in the Debugger component. (CVE-2026-6769) Other issue in the Storage: IndexedDB component. (CVE-2026-6770) Mitigation bypass in the DOM: Security component. (CVE-2026-6771) Incorrect boundary conditions in the WebRTC: Networking component. (CVE-2026-6776) Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. (CVE-2026-6785) Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. (CVE-2026-6786) Information disclosure due to incorrect boundary conditions in the Audio/Video component. (CVE-2026-7320) Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. (CVE-2026-7321) Memory safety bugs fixed in Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. (CVE-2026-7322) Memory safety bugs fixed in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. (CVE-2026-7323) References SRPMS 9/core
  • thunderbird-140.10.1-1.mga9
  • thunderbird-l10n-140.10.1-1.mga9

MGASA-2026-0124 - Updated rootcerts, nss & firefox packages fix security vulnerabilities

Mageia Security - 9 Mayo, 2026 - 17:24
Publication date: 09 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-6746 , CVE-2026-6747 , CVE-2026-6748 , CVE-2026-6749 , CVE-2026-6750 , CVE-2026-6751 , CVE-2026-6752 , CVE-2026-6753 , CVE-2026-6754 , CVE-2026-6757 , CVE-2026-6759 , CVE-2026-6761 , CVE-2026-6762 , CVE-2026-6763 , CVE-2026-6764 , CVE-2026-6765 , CVE-2026-6766 Description Use-after-free in the DOM: Core & HTML component. (CVE-2026-6746) Use-after-free in the WebRTC component. (CVE-2026-6747) Uninitialized memory in the Audio/Video: Web Codecs component. (CVE-2026-6748) Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. (CVE-2026-6749) Privilege escalation in the Graphics: WebRender component. (CVE-2026-6750) Uninitialized memory in the Audio/Video: Web Codecs component. (CVE-2026-6751) Incorrect boundary conditions in the WebRTC component. (CVE-2026-6752) Incorrect boundary conditions in the WebRTC component. (CVE-2026-6753) Use-after-free in the JavaScript Engine component. (CVE-2026-6754) Invalid pointer in the JavaScript: WebAssembly component. (CVE-2026-6757) Use-after-free in the Widget: Cocoa component. (CVE-2026-6759) Privilege escalation in the Networking component. (CVE-2026-6761) Spoofing issue in the DOM: Core & HTML component. (CVE-2026-6762) Mitigation bypass in the File Handling component. (CVE-2026-6763) Incorrect boundary conditions in the DOM: Device Interfaces component. (CVE-2026-6764) Information disclosure in the Form Autofill component. (CVE-2026-6765) Incorrect boundary conditions in the Libraries component in NSS. (CVE-2026-6766) Other issue in the Libraries component in NSS. (CVE-2026-6767) Privilege escalation in the Debugger component. (CVE-2026-6769) Other issue in the Storage: IndexedDB component. (CVE-2026-6770) Mitigation bypass in the DOM: Security component. (CVE-2026-6771) Incorrect boundary conditions in the Libraries component in NSS. (CVE-2026-6772) Incorrect boundary conditions in the WebRTC: Networking component. (CVE-2026-6776) Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. (CVE-2026-6785) Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150. (CVE-2026-6786) Information disclosure due to incorrect boundary conditions in the Audio/Video component. (CVE-2026-7320) Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. (CVE-2026-7321) Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. (CVE-2026-7322) Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1. (CVE-2026-7323) References SRPMS 9/core
  • rootcerts-20260412.00-1.mga9
  • nss-3.123.1-1.mga9
  • firefox-140.10.1-1.mga9
  • firefox-l10n-140.10.1-1.mga9

MGASA-2026-0122 - Updated krb5-appl packages fix security vulnerability

Mageia Security - 7 Mayo, 2026 - 06:06
Publication date: 07 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-32746 Description telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. (CVE-2026-32746) References SRPMS 9/core
  • krb5-appl-1.0.3-16.1.mga9

MGASA-2026-0121 - Updated nano packages fix security vulnerabilities

Mageia Security - 7 Mayo, 2026 - 06:06
Publication date: 07 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-6842 , CVE-2026-6843 Description Local attacker can inject malicious .desktop launcher due to insecure directory permissions. (CVE-2026-6842) Format string vulnerability leads to denial of service. (CVE-2026-6843) References SRPMS 9/core
  • nano-7.2-1.2.mga9

MGASA-2026-0120 - Updated perl-Starlet packages fix security vulnerability

Mageia Security - 7 Mayo, 2026 - 06:06
Publication date: 07 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-40561 Description Starlet versions through 0.31 for Perl allow HTTP Request Smuggling via Improper Header Precedence. (CVE-2026-40561) References SRPMS 9/core
  • perl-Starlet-0.310.0-4.1.mga9
Feed