Lector de Feeds
MGASA-2026-0148 - Updated perl-YAML-Syck package fixes security vulnerability
Publication date: 18 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-5089 Description YAML::Syck versions before 1.38 for Perl have an out-of-bounds read. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-5089 Description YAML::Syck versions before 1.38 for Perl have an out-of-bounds read. References
- https://bugs.mageia.org/show_bug.cgi?id=35525
- https://www.openwall.com/lists/oss-security/2026/05/12/16
- https://metacpan.org/release/TODDR/YAML-Syck-1.45/source/Changes
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5089
- perl-YAML-Syck-1.450.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0147 - Updated rclone packages fix security vulnerabilities
Publication date: 18 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-41179 , CVE-2026-41176 , CVE-2026-32282 , CVE-2026-32289 , CVE-2026-33810 , CVE-2026-27144 , CVE-2026-27143 , CVE-2026-32288 , CVE-2026-32283 , CVE-2026-27140 , CVE-2026-32280 , CVE-2026-32281 , CVE-2026-33186 , CVE-2026-27137 , CVE-2026-27138 , CVE-2026-25679 , CVE-2026-27142 , CVE-2026-1229 , CVE-2026-27141 , CVE-2025-68121 , CVE-2025-61729 , CVE-2025-58181 , CVE-2025-30204 , CVE-2025-22869 , CVE-2025-22870 , CVE-2024-45337 , CVE-2024-45338 , CVE-2024-52522 , CVE-2023-45288 , CVE-2024-35255 , CVE-2023-48795 Description This update bring new features, bugs and vulnerabilities fixed in rclone and golang components used to build it. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-41179 , CVE-2026-41176 , CVE-2026-32282 , CVE-2026-32289 , CVE-2026-33810 , CVE-2026-27144 , CVE-2026-27143 , CVE-2026-32288 , CVE-2026-32283 , CVE-2026-27140 , CVE-2026-32280 , CVE-2026-32281 , CVE-2026-33186 , CVE-2026-27137 , CVE-2026-27138 , CVE-2026-25679 , CVE-2026-27142 , CVE-2026-1229 , CVE-2026-27141 , CVE-2025-68121 , CVE-2025-61729 , CVE-2025-58181 , CVE-2025-30204 , CVE-2025-22869 , CVE-2025-22870 , CVE-2024-45337 , CVE-2024-45338 , CVE-2024-52522 , CVE-2023-45288 , CVE-2024-35255 , CVE-2023-48795 Description This update bring new features, bugs and vulnerabilities fixed in rclone and golang components used to build it. References
- https://bugs.mageia.org/show_bug.cgi?id=33808
- https://rclone.org/changelog/#v1-73-5-2026-04-19
- https://rclone.org/changelog/#v1-73-4-2026-04-08
- https://rclone.org/changelog/#v1-73-3-2026-03-23
- https://rclone.org/changelog/#v1-73-2-2026-03-06
- https://rclone.org/changelog/#v1-73-1-2026-02-17
- https://rclone.org/changelog/#v1-73-0-2026-01-30
- https://rclone.org/changelog/#v1-72-1-2025-12-10
- https://rclone.org/changelog/#v1-72-0-2025-11-21
- https://rclone.org/changelog/#v1-71-2-2025-10-20
- https://rclone.org/changelog/#v1-71-1-2025-09-24
- https://rclone.org/changelog/#v1-71-0-2025-08-22
- https://rclone.org/changelog/#v1-70-3-2025-07-09
- https://rclone.org/changelog/#v1-70-2-2025-06-27
- https://rclone.org/changelog/#v1-70-1-2025-06-19
- https://rclone.org/changelog/#v1-70-0-2025-06-17
- https://rclone.org/changelog/#v1-69-3-2025-05-21
- https://rclone.org/changelog/#v1-69-2-2025-05-01
- https://rclone.org/changelog/#v1-69-1-2025-02-14
- https://rclone.org/changelog/#v1-69-0-2025-01-12
- https://rclone.org/changelog/#v1-68-2-2024-11-15
- https://rclone.org/changelog/#v1-68-1-2024-09-24
- https://rclone.org/changelog/#v1-68-0-2024-09-08
- https://rclone.org/changelog/#v1-67-0-2024-06-14
- https://rclone.org/changelog/#v1-66-0-2024-03-10
- https://rclone.org/changelog/#v1-65-2-2024-01-24
- https://rclone.org/changelog/#v1-65-1-2024-01-08
- https://rclone.org/changelog/#v1-65-0-2023-11-26
- https://rclone.org/changelog/#v1-64-2-2023-10-19
- https://rclone.org/changelog/#v1-64-1-2023-10-17
- https://rclone.org/changelog/#v1-64-0-2023-09-11
- https://rclone.org/changelog/#v1-63-1-2023-07-17
- https://rclone.org/changelog/#v1-63-0-2023-06-30
- https://rclone.org/changelog/#v1-62-2-2023-03-16
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41176
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32289
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33810
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27144
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27143
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32288
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27140
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33186
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27137
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27142
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1229
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27141
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58181
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22870
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45337
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45338
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52522
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35255
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
- rclone-1.73.5-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0146 - Updated haproxy packages fix security vulnerability
Publication date: 16 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-33555 Description The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. (CVE-2026-33555) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-33555 Description The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. (CVE-2026-33555) References
- https://bugs.mageia.org/show_bug.cgi?id=35416
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/B3PXHUYDTDFG5IIQSPNJLLIEQV4Z5WK6/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33555
- haproxy-2.8.18-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0145 - Updated firefox & thunderbird packages fix security vulnerabilities
Publication date: 16 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-62813 , CVE-2026-32776 , CVE-2026-32777 , CVE-2026-32778 , CVE-2026-8090 , CVE-2026-8092 , CVE-2026-8094 Description LZ4 compression library issue. (CVE-2025-62813) libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. (CVE-2026-32776) libexpat before 2.7.5 allows an infinite loop while parsing DTD content. (CVE-2026-32777) libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. (CVE-2026-32778) Use-after-free in the DOM: Networking component. (CVE-2026-8090) Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2, Firefox 150.0.2, Thunderbird ESR 140.10.2 and Thunderbird 150.0.2. (CVE-2026-8092) Another issue in the WebRTC component. (CVE-2026-8094) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-62813 , CVE-2026-32776 , CVE-2026-32777 , CVE-2026-32778 , CVE-2026-8090 , CVE-2026-8092 , CVE-2026-8094 Description LZ4 compression library issue. (CVE-2025-62813) libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. (CVE-2026-32776) libexpat before 2.7.5 allows an infinite loop while parsing DTD content. (CVE-2026-32777) libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. (CVE-2026-32778) Use-after-free in the DOM: Networking component. (CVE-2026-8090) Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2, Firefox 150.0.2, Thunderbird ESR 140.10.2 and Thunderbird 150.0.2. (CVE-2026-8092) Another issue in the WebRTC component. (CVE-2026-8094) References
- https://bugs.mageia.org/show_bug.cgi?id=35508
- https://www.firefox.com/en-US/firefox/140.10.2/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/140.10.2esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-44/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32776
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32777
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32778
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8090
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8092
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8094
- firefox-140.10.2-1.mga9
- firefox-l10n-140.10.2-1.mga9
- thunderbird-140.10.2-1.mga9
- thunderbird-l10n-140.10.2-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0144 - Updated dpkg packages fix security vulnerabilities
Publication date: 16 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2219 Description It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU). References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2219 Description It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU). References
- https://bugs.mageia.org/show_bug.cgi?id=35489
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3QFBK2ZJ4T5BTAWBSDBQLVRZQKJEAJEX/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2219
- dpkg-1.22.22-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0143 - Updated golang packages fix security vulnerabilities
Publication date: 16 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-27142 , CVE-2026-25679 , CVE-2026-27139 , CVE-2026-27140 , CVE-2026-27143 , CVE-2026-27144 , CVE-2026-32280 , CVE-2026-32281 , CVE-2026-32282 , CVE-2026-32283 , CVE-2026-32288 , CVE-2026-32289 Description We are moving to a supported branch as ver. 1.24 reaches EOL. This update comes with the security vulnerabilities fixed in the 1.25 branch. Please see the links for details. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-27142 , CVE-2026-25679 , CVE-2026-27139 , CVE-2026-27140 , CVE-2026-27143 , CVE-2026-27144 , CVE-2026-32280 , CVE-2026-32281 , CVE-2026-32282 , CVE-2026-32283 , CVE-2026-32288 , CVE-2026-32289 Description We are moving to a supported branch as ver. 1.24 reaches EOL. This update comes with the security vulnerabilities fixed in the 1.25 branch. Please see the links for details. References
- https://bugs.mageia.org/show_bug.cgi?id=35181
- https://www.openwall.com/lists/oss-security/2026/05/08/20
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27142
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27139
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27140
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27143
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27144
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32288
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32289
- golang-1.25.10-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0142 - Updated samba packages fix security vulnerabilities
Publication date: 16 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2018-14628 , CVE-2025-10230 , CVE-2025-9640 Description An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. (CVE-2018-14628) Command injection in wins server hook script. (CVE-2025-10230) vfs_streams_xattr uninitialized memory write possible. (CVE-2025-9640) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2018-14628 , CVE-2025-10230 , CVE-2025-9640 Description An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. (CVE-2018-14628) Command injection in wins server hook script. (CVE-2025-10230) vfs_streams_xattr uninitialized memory write possible. (CVE-2025-9640) References
- https://bugs.mageia.org/show_bug.cgi?id=34672
- https://www.openwall.com/lists/oss-security/2025/10/15/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14628
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10230
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9640
- samba-4.17.12-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0141 - Updated libreoffice packages fix security vulnerability
Publication date: 15 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-4430 Description Heap Buffer Overflow in AgileEngine. (CVE-2026-4430) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-4430 Description Heap Buffer Overflow in AgileEngine. (CVE-2026-4430) References
- https://bugs.mageia.org/show_bug.cgi?id=35496
- https://lists.debian.org/debian-security-announce/2026/msg00162.html
- https://www.libreoffice.org/security/#cve-2026-4430
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4430
- libreoffice-24.2.7.2-1.4.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0140 - Updated perl-HTTP-Tiny packages fix security vulnerability
Publication date: 15 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-7010 Description HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. (CVE-2026-7010) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-7010 Description HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. (CVE-2026-7010) References
- https://bugs.mageia.org/show_bug.cgi?id=35521
- https://www.openwall.com/lists/oss-security/2026/05/11/17
- https://metacpan.org/release/HAARG/HTTP-Tiny-0.093-TRIAL/changes
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7010
- perl-HTTP-Tiny-0.82.0-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0139 - Updated tomcat packages fix security vulnerability
Publication date: 15 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-41284 , CVE-2026-41293 , CVE-2026-42498 , CVE-2026-43512 , CVE-2026-43513 , CVE-2026-43514 , CVE-2026-43515 Description Unbounded read in WebDAV LOCK and PROPFIND handling. (CVE-2026-41284) HTTP/2 request headers not validated. (CVE-2026-41293) WebSocket authentication header exposure. (CVE-2026-42498) Digest authenticator will authenticate any unknown user. (CVE-2026-43512) LockOutRealm treats user names as case-sensitive. (CVE-2026-43513) AJP secret compared in non-constant time. (CVE-2026-43514) Security constraints not correctly applied. (CVE-2026-43515) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-41284 , CVE-2026-41293 , CVE-2026-42498 , CVE-2026-43512 , CVE-2026-43513 , CVE-2026-43514 , CVE-2026-43515 Description Unbounded read in WebDAV LOCK and PROPFIND handling. (CVE-2026-41284) HTTP/2 request headers not validated. (CVE-2026-41293) WebSocket authentication header exposure. (CVE-2026-42498) Digest authenticator will authenticate any unknown user. (CVE-2026-43512) LockOutRealm treats user names as case-sensitive. (CVE-2026-43513) AJP secret compared in non-constant time. (CVE-2026-43514) Security constraints not correctly applied. (CVE-2026-43515) References
- https://bugs.mageia.org/show_bug.cgi?id=35523
- https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.118
- https://www.openwall.com/lists/oss-security/2026/05/12/8
- https://www.openwall.com/lists/oss-security/2026/05/12/9
- https://www.openwall.com/lists/oss-security/2026/05/12/10
- https://www.openwall.com/lists/oss-security/2026/05/12/11
- https://www.openwall.com/lists/oss-security/2026/05/12/12
- https://www.openwall.com/lists/oss-security/2026/05/12/13
- https://www.openwall.com/lists/oss-security/2026/05/12/14
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41284
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41293
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42498
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43512
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43513
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43514
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43515
- tomcat-9.0.118-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0138 - Updated awstats packages fix security vulnerability
Publication date: 15 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-63261 Description AWStats is vulnerable to Command Injection via the open function. (CVE-2025-63261) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-63261 Description AWStats is vulnerable to Command Injection via the open function. (CVE-2025-63261) References
- https://bugs.mageia.org/show_bug.cgi?id=35407
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GP4DGW2LGHINXKYPZWR2WJ5DMROGGO66/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-63261
- awstats-7.9-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0137 - Updated perl-XML-LibXML packages fix security vulnerability
Publication date: 14 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8177 Description XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. (CVE-2026-8177) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8177 Description XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. (CVE-2026-8177) References
- https://bugs.mageia.org/show_bug.cgi?id=35507
- https://www.openwall.com/lists/oss-security/2026/05/10/8
- https://github.com/cpan-authors/XML-LibXML/issues/146
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8177
- perl-XML-LibXML-2.20.800-3.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0136 - Updated perl-Net-CIDR-Lite packages fix security vulnerabilities
Publication date: 14 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-45190 , CVE-2026-45191 Description Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. (CVE-2026-45190) Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. (CVE-2026-45191) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-45190 , CVE-2026-45191 Description Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. (CVE-2026-45190) Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. (CVE-2026-45191) References
- https://bugs.mageia.org/show_bug.cgi?id=35506
- https://www.openwall.com/lists/oss-security/2026/05/10/6
- https://www.openwall.com/lists/oss-security/2026/05/10/7
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45190
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45191
- perl-Net-CIDR-Lite-0.240.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0135 - Updated dnsmasq packages fix security vulnerabilities
Publication date: 14 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2291 , CVE-2026-4890 , CVE-2026-4891 , CVE-2026-4892 , CVE-2026-4893 , CVE-2026-5172 Description CVE-2026-2291: dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS. CVE-2026-4890: A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. CVE-2026-4891: A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. CVE-2026-4892: A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet. CVE-2026-4893: An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information. CVE-2026-5172: A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2291 , CVE-2026-4890 , CVE-2026-4891 , CVE-2026-4892 , CVE-2026-4893 , CVE-2026-5172 Description CVE-2026-2291: dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS. CVE-2026-4890: A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. CVE-2026-4891: A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. CVE-2026-4892: A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet. CVE-2026-4893: An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information. CVE-2026-5172: A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end. References
- https://bugs.mageia.org/show_bug.cgi?id=35520
- https://thekelleys.org.uk/dnsmasq/CHANGELOG
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2291
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4890
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4891
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4892
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4893
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5172
- dnsmasq-2.92rel2-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0134 - Updated redis packages fix security vulnerabilities
Publication date: 14 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-23479 , CVE-2026-23631 , CVE-2026-25243 , CVE-2026-25588 , CVE-2026-25589 Description (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution. (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution A user can manipulate data read by a connection by injecting rn sequences into a Redis error reply References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-23479 , CVE-2026-23631 , CVE-2026-25243 , CVE-2026-25588 , CVE-2026-25589 Description (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution. (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution A user can manipulate data read by a connection by injecting rn sequences into a Redis error reply References
- https://bugs.mageia.org/show_bug.cgi?id=35514
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CVOEZ7I2TIPXYBFA4UYY5GI5Q4VOAD7C/
- https://github.com/redis/redis/releases/tag/7.2.13
- https://github.com/redis/redis/releases/tag/7.2.14
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23479
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23631
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25243
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25589
- redis-7.2.14-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0133 - Updated flatpak packages fix security vulnerabilities
Publication date: 14 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-34078 , CVE-2026-34079 Description Complete sandbox escape leading to host file access and code execution in the host context. (CVE-2026-34078) Arbitrary file deletion on the host filesystem. (CVE-2026-34079) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-34078 , CVE-2026-34079 Description Complete sandbox escape leading to host file access and code execution in the host context. (CVE-2026-34078) Arbitrary file deletion on the host filesystem. (CVE-2026-34079) References
- https://bugs.mageia.org/show_bug.cgi?id=35336
- https://www.openwall.com/lists/oss-security/2026/04/09/3
- https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg
- https://github.com/flatpak/flatpak/security/advisories/GHSA-p29x-r292-46pp
- https://github.com/flatpak/flatpak/security/advisories/GHSA-2fxp-43j9-pwvc
- https://github.com/flatpak/flatpak/security/advisories/GHSA-89xm-3m96-w3jg
- https://lists.debian.org/debian-security-announce/2026/msg00133.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34078
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34079
- flatpak-1.14.10-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0132 - Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerability
Publication date: 13 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-43284 Description Upstream kernel version 6.6.138 fixes a vulnerability. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-43284 Description Upstream kernel version 6.6.138 fixes a vulnerability. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel. References
- https://bugs.mageia.org/show_bug.cgi?id=35499
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43284
- kernel-6.6.138-1.mga9
- kmod-virtualbox-7.1.18-19.mga9
- kmod-xtables-addons-3.24-91.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0131 - Updated kernel-linus packages fix security vulnerability
Publication date: 13 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-43284 Description Vanilla upstream kernel version 6.6.138 fixes vulnerability. For information about the vulnerability see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-43284 Description Vanilla upstream kernel version 6.6.138 fixes vulnerability. For information about the vulnerability see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=35500
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43284
- kernel-linus-6.6.138-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0130 - Updated perl-Gazelle packages fix security vulnerability
Publication date: 13 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-40562 Description Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. (CVE-2026-40562) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-40562 Description Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. (CVE-2026-40562) References
- https://bugs.mageia.org/show_bug.cgi?id=35485
- https://www.openwall.com/lists/oss-security/2026/05/06/7
- https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40562
- perl-Gazelle-0.490.0-5.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0129 - Updated apache packages fix security vulnerabilities
Publication date: 13 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-23918 , CVE-2026-24072 , CVE-2026-28780 , CVE-2026-29168 , CVE-2026-29169 , CVE-2026-33006 , CVE-2026-33007 , CVE-2026-33523 , CVE-2026-33857 , CVE-2026-34032 , CVE-2026-34059 Description http2: double free and possible RCE on early reset. (CVE-2026-23918) mod_rewrite elevation of privileges via ap_expr. (CVE-2026-24072) buffer overflow in mod_proxy_ajp via ajp_msg_check_header(). (CVE-2026-28780) mod_md unrestricted OCSP response. (CVE-2026-29168) mod_dav_lock indirect lock crash. (CVE-2026-29169) mod_auth_digest timing attack. (CVE-2026-33006) mod_authn_socache crash. (CVE-2026-33007) HTTP response splitting forwarding malicious status line. (CVE-2026-33523) Off-by-one OOB reads in AJP getter functions. (CVE-2026-33857) Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string). (CVE-2026-34032) Heap Over-Read and memory disclosure in ajp_parse_data(). (CVE-2026-34059) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-23918 , CVE-2026-24072 , CVE-2026-28780 , CVE-2026-29168 , CVE-2026-29169 , CVE-2026-33006 , CVE-2026-33007 , CVE-2026-33523 , CVE-2026-33857 , CVE-2026-34032 , CVE-2026-34059 Description http2: double free and possible RCE on early reset. (CVE-2026-23918) mod_rewrite elevation of privileges via ap_expr. (CVE-2026-24072) buffer overflow in mod_proxy_ajp via ajp_msg_check_header(). (CVE-2026-28780) mod_md unrestricted OCSP response. (CVE-2026-29168) mod_dav_lock indirect lock crash. (CVE-2026-29169) mod_auth_digest timing attack. (CVE-2026-33006) mod_authn_socache crash. (CVE-2026-33007) HTTP response splitting forwarding malicious status line. (CVE-2026-33523) Off-by-one OOB reads in AJP getter functions. (CVE-2026-33857) Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string). (CVE-2026-34032) Heap Over-Read and memory disclosure in ajp_parse_data(). (CVE-2026-34059) References
- https://bugs.mageia.org/show_bug.cgi?id=35473
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.435691
- https://downloads.apache.org/httpd/CHANGES_2.4.67
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://www.openwall.com/lists/oss-security/2026/05/04/15
- https://www.openwall.com/lists/oss-security/2026/05/04/16
- https://www.openwall.com/lists/oss-security/2026/05/04/17
- https://www.openwall.com/lists/oss-security/2026/05/04/18
- https://www.openwall.com/lists/oss-security/2026/05/04/19
- https://www.openwall.com/lists/oss-security/2026/05/04/20
- https://www.openwall.com/lists/oss-security/2026/05/04/21
- https://www.openwall.com/lists/oss-security/2026/05/04/22
- https://www.openwall.com/lists/oss-security/2026/05/04/23
- https://www.openwall.com/lists/oss-security/2026/05/05/6
- https://www.openwall.com/lists/oss-security/2026/05/05/9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23918
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24072
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28780
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29168
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29169
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33006
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33007
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33523
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33857
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34032
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34059
- apache-2.4.67-1.mga9
Categorías: Actualizaciones de Seguridad
