Actualizaciones de Seguridad
MGASA-2026-0001 - Updated cups packages fix bug & security vulnerabilities
Publication date: 02 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-58364 , CVE-2025-58060 Description cups has Authentication bypass with AuthType Negotiate. (CVE-2025-58060) cups: Remote DoS via null dereference. (CVE-2025-58364) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-58364 , CVE-2025-58060 Description cups has Authentication bypass with AuthType Negotiate. (CVE-2025-58060) cups: Remote DoS via null dereference. (CVE-2025-58364) References
- https://bugs.mageia.org/show_bug.cgi?id=34900
- https://bugs.mageia.org/show_bug.cgi?id=34800
- https://lists.debian.org/debian-security-announce/2025/msg00162.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58364
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58060
- cups-2.4.6-1.6.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2026-0001 - Updated crypto-policies packages fix bug
Publication date: 02 Jan 2026
Type: bugfix
Affected Mageia releases : 9
Description Some recent systems refuse to connect to a ssh server running on mageia 9. This update fixes the issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Some recent systems refuse to connect to a ssh server running on mageia 9. This update fixes the issue. References SRPMS 9/core
- crypto-policies-20221110-2.1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0110 - Updated brasero packages fix bug
Publication date: 30 Dec 2025
Type: bugfix
Affected Mageia releases : 9
Description Vcdimager plug-in can't be enabled in brasero. This update fixes the issue. References
Type: bugfix
Affected Mageia releases : 9
Description Vcdimager plug-in can't be enabled in brasero. This update fixes the issue. References
- https://bugs.mageia.org/show_bug.cgi?id=34915
- https://gitlab.gnome.org/GNOME/brasero/-/merge_requests/31
- brasero-3.12.3-5.2.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0109 - Updated mageia-release-9 packages fix bug
Publication date: 30 Dec 2025
Type: bugfix
Affected Mageia releases : 9
Description The key we are current using to sign packages expires on 2025-12-31 and will no longer be accepted as trusted. In cauldron the key was updated some time ago causing some additional work in Mageia 9 to cauldron upgrades. These packages update the keys in your system (you need to reboot after the update). All packages have been resigned with the new key. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description The key we are current using to sign packages expires on 2025-12-31 and will no longer be accepted as trusted. In cauldron the key was updated some time ago causing some additional work in Mageia 9 to cauldron upgrades. These packages update the keys in your system (you need to reboot after the update). All packages have been resigned with the new key. References SRPMS 9/core
- mageia-release-9-2.3.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0108 - Updated mageia-repos-9 & distribution-gpg-keys packages fix bug
Publication date: 30 Dec 2025
Type: bugfix
Affected Mageia releases : 9
Description The key we are current using to sign packages expires on 2025-12-31 and will no longer be accepted as trusted. In cauldron the key has been updated sometime ago causing some additional work in mageia 9 to cauldron upgrades. These packages update the keys for dnf and to build with mock. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description The key we are current using to sign packages expires on 2025-12-31 and will no longer be accepted as trusted. In cauldron the key has been updated sometime ago causing some additional work in mageia 9 to cauldron upgrades. These packages update the keys for dnf and to build with mock. References SRPMS 9/core
- mageia-repos-9-4.1.mga9
- distribution-gpg-keys-1.89-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0334 - Updated ruby-rack packages fix security vulnerabilities
Publication date: 29 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46727 , CVE-2025-49007 , CVE-2025-59830 , CVE-2025-61770 , CVE-2025-61771 , CVE-2025-61772 , CVE-2025-61919 , CVE-2025-61780 Description Unbounded-Parameter DoS in Rack::QueryParser. (CVE-2025-46727) ReDoS Vulnerability in Rack::Multipart handle_mime_head. (CVE-2025-49007) Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters. (CVE-2025-59830) Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion). (CVE-2025-61770) Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion). (CVE-2025-61771) Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion). (CVE-2025-61772) Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing. (CVE-2025-61919) Rack has Possible Information Disclosure Vulnerability. (CVE-2025-61780) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46727 , CVE-2025-49007 , CVE-2025-59830 , CVE-2025-61770 , CVE-2025-61771 , CVE-2025-61772 , CVE-2025-61919 , CVE-2025-61780 Description Unbounded-Parameter DoS in Rack::QueryParser. (CVE-2025-46727) ReDoS Vulnerability in Rack::Multipart handle_mime_head. (CVE-2025-49007) Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters. (CVE-2025-59830) Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion). (CVE-2025-61770) Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion). (CVE-2025-61771) Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion). (CVE-2025-61772) Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing. (CVE-2025-61919) Rack has Possible Information Disclosure Vulnerability. (CVE-2025-61780) References
- https://bugs.mageia.org/show_bug.cgi?id=34755
- https://rack.github.io/rack/3.2/CHANGELOG_md.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46727
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49007
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59830
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61770
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61771
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61772
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61919
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61780
- ruby-rack-2.2.21-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0333 - Updated ceph packages fix security vulnerability
Publication date: 29 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-47866 Description RGW DoS attack with empty HTTP header in S3 object copy. (CVE-2024-47866) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-47866 Description RGW DoS attack with empty HTTP header in S3 object copy. (CVE-2024-47866) References
- https://bugs.mageia.org/show_bug.cgi?id=34741
- https://www.openwall.com/lists/oss-security/2025/11/11/3
- https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47866
- ceph-18.2.7-2.1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0107 - Updated less package fixes bug
Publication date: 29 Dec 2025
Type: bugfix
Affected Mageia releases : 9
Description The current version does not set the environment variable LESSOPEN which means that you can't view gz, bz2, lzma, zip, rpm, html, etc. files. This update fixes the reported issue. After the update you should close the terminal emulator in use for the fix to take effect. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description The current version does not set the environment variable LESSOPEN which means that you can't view gz, bz2, lzma, zip, rpm, html, etc. files. This update fixes the reported issue. After the update you should close the terminal emulator in use for the fix to take effect. References SRPMS 9/core
- less-678-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0106 - Updated nvidia-current & ldetect-lst packages fix bug
Publication date: 26 Dec 2025
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bug that caused display corruption on LG Ultragear monitors when certain modes were used. Fixed a bug that caused corruption in X-Plane on workstation GPUs. Fixed a regression introduced in 580.65.06, that caused some mode timings, such as 1920x1080@75, to no longer be available. Reverted a change that led to a user regression in 580.105.08 that caused display modes to be invalidated on a number of monitors. Fixed a bug that caused the Dots Per Inch (DPI) to be incorrectly reported for some monitors such as the Samsung Odyssey Neo G9. Fixed several problems that prevented Vulkan applications from working on Venus VirtIO virtual GPU, on Volta and newer. Fixed the following EGL platform bugs that prevented multisample configurations from working. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bug that caused display corruption on LG Ultragear monitors when certain modes were used. Fixed a bug that caused corruption in X-Plane on workstation GPUs. Fixed a regression introduced in 580.65.06, that caused some mode timings, such as 1920x1080@75, to no longer be available. Reverted a change that led to a user regression in 580.105.08 that caused display modes to be invalidated on a number of monitors. Fixed a bug that caused the Dots Per Inch (DPI) to be incorrectly reported for some monitors such as the Samsung Odyssey Neo G9. Fixed several problems that prevented Vulkan applications from working on Venus VirtIO virtual GPU, on Volta and newer. Fixed the following EGL platform bugs that prevented multisample configurations from working. References SRPMS 9/core
- ldetect-lst-0.6.63-1.mga9
- nvidia-current-580.119.02-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGASA-2025-0332 - Updated roundcubemail packages fix security vulnerabilities
Publication date: 22 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-68460 , CVE-2025-68461 Description Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike. Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-68460 , CVE-2025-68461 Description Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike. Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev. References
- https://bugs.mageia.org/show_bug.cgi?id=34863
- https://github.com/roundcube/roundcubemail/releases/tag/1.6.12
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68460
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68461
- roundcubemail-1.6.12-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0331 - Updated webkit2 packages fix security vulnerabilities
Publication date: 21 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43501 , CVE-2025-43531 , CVE-2025-43535 , CVE-2025-43536 Description CVE-2025-43501 Processing maliciously crafted web content may lead to an unexpected process crash. Description: A buffer overflow issue was addressed with improved memory handling. VE-2025-43531Processing maliciously crafted web content may lead to an unexpected process crash. Description: A race condition was addressed with improved state handling. CVE-2025-43535 Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling. CVE-2025-43536 Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43501 , CVE-2025-43531 , CVE-2025-43535 , CVE-2025-43536 Description CVE-2025-43501 Processing maliciously crafted web content may lead to an unexpected process crash. Description: A buffer overflow issue was addressed with improved memory handling. VE-2025-43531Processing maliciously crafted web content may lead to an unexpected process crash. Description: A race condition was addressed with improved state handling. CVE-2025-43535 Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling. CVE-2025-43536 Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management. References
- https://bugs.mageia.org/show_bug.cgi?id=34866
- https://webkitgtk.org/security/WSA-2025-0010.html
- https://webkitgtk.org/2025/12/16/webkitgtk2.50.4-released.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43501
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43531
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43535
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43536
- webkit2-2.50.4-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0330 - Updated php packages fix security vulnerabilities
Publication date: 21 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14180 , CVE-2025-14178 , CVE-2025-14177 Description Opcache: - Reset global pointers to prevent use-after-free in zend_jit_status. PDO: - Fixed PDO quoting result null deref. Standard: - Fixed Null byte termination in dns_get_record - Heap buffer overflow in array_merge - Information Leak of Memory in getimagesize References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14180 , CVE-2025-14178 , CVE-2025-14177 Description Opcache: - Reset global pointers to prevent use-after-free in zend_jit_status. PDO: - Fixed PDO quoting result null deref. Standard: - Fixed Null byte termination in dns_get_record - Heap buffer overflow in array_merge - Information Leak of Memory in getimagesize References
- https://bugs.mageia.org/show_bug.cgi?id=34873
- https://www.php.net/ChangeLog-8.php#8.2.30
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14180
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14178
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14177
- php-8.2.30-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0329 - Updated thunderbird packages fix security vulnerabilities
Publication date: 15 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14321 , CVE-2025-14322 , CVE-2025-14323 , CVE-2025-14324 , CVE-2025-14325 , CVE-2025-14328 , CVE-2025-14329 , CVE-2025-14330 , CVE-2025-14331 , CVE-2025-14333 Description Use-after-free in the WebRTC: Signaling component. (CVE-2025-14321) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2025-14322) Privilege escalation in the DOM: Notifications component. (CVE-2025-14323) IT miscompilation in the JavaScript Engine: JIT component. (CVE-2025-14324, CVE-2025-14325, CVE-2025-14330) Privilege escalation in the Netmonitor component. (CVE-2025-14328, CVE-2025-14329) Same-origin policy bypass in the Request Handling component. (CVE-2025-14331) Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. (CVE-2025-14333) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14321 , CVE-2025-14322 , CVE-2025-14323 , CVE-2025-14324 , CVE-2025-14325 , CVE-2025-14328 , CVE-2025-14329 , CVE-2025-14330 , CVE-2025-14331 , CVE-2025-14333 Description Use-after-free in the WebRTC: Signaling component. (CVE-2025-14321) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2025-14322) Privilege escalation in the DOM: Notifications component. (CVE-2025-14323) IT miscompilation in the JavaScript Engine: JIT component. (CVE-2025-14324, CVE-2025-14325, CVE-2025-14330) Privilege escalation in the Netmonitor component. (CVE-2025-14328, CVE-2025-14329) Same-origin policy bypass in the Request Handling component. (CVE-2025-14331) Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. (CVE-2025-14333) References
- https://bugs.mageia.org/show_bug.cgi?id=34820
- https://www.thunderbird.net/en-US/thunderbird/140.6.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14321
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14322
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14323
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14324
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14325
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14328
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14329
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14330
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14331
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14333
- thunderbird-140.6.0-1.mga9
- thunderbird-l10n-140.6.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0328 - Updated nspr, nss & firefox packages fix security vulnerabilities
Publication date: 15 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14321 , CVE-2025-14322 , CVE-2025-14323 , CVE-2025-14324 , CVE-2025-14325 , CVE-2025-14328 , CVE-2025-14329 , CVE-2025-14330 , CVE-2025-14331 , CVE-2025-14333 Description Use-after-free in the WebRTC: Signaling component. (CVE-2025-14321) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2025-14322) Privilege escalation in the DOM: Notifications component. (CVE-2025-14323) JIT miscompilation in the JavaScript Engine: JIT component. (CVE-2025-14324, CVE-2025-14325, CVE-2025-14330) Privilege escalation in the Netmonitor component. (CVE-2025-14328, CVE-2025-14329) Same-origin policy bypass in the Request Handling component. (CVE-2025-14331) Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. (CVE-2025-14333) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14321 , CVE-2025-14322 , CVE-2025-14323 , CVE-2025-14324 , CVE-2025-14325 , CVE-2025-14328 , CVE-2025-14329 , CVE-2025-14330 , CVE-2025-14331 , CVE-2025-14333 Description Use-after-free in the WebRTC: Signaling component. (CVE-2025-14321) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2025-14322) Privilege escalation in the DOM: Notifications component. (CVE-2025-14323) JIT miscompilation in the JavaScript Engine: JIT component. (CVE-2025-14324, CVE-2025-14325, CVE-2025-14330) Privilege escalation in the Netmonitor component. (CVE-2025-14328, CVE-2025-14329) Same-origin policy bypass in the Request Handling component. (CVE-2025-14331) Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. (CVE-2025-14333) References
- https://bugs.mageia.org/show_bug.cgi?id=34814
- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/-FCacePkmj8
- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/V7GVSScpn5w
- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/qFuz87KunGc
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_118.html
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_118_1.html
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_119.html
- https://www.firefox.com/en-US/firefox/140.6.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14321
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14322
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14323
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14324
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14325
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14328
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14329
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14330
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14331
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14333
- nspr-4.38.2-1.mga9
- nss-3.119.0-1.mga9
- firefox-140.6.0-1.mga9
- firefox-l10n-140.6.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0327 - Updated ffmpeg packages fix security vulnerabilities
Publication date: 15 Dec 2025
Type: security
Affected Mageia releases : 9
Description Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. References
Type: security
Affected Mageia releases : 9
Description Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. References
- https://bugs.mageia.org/show_bug.cgi?id=34832
- https://lists.debian.org/debian-security-announce/2025/msg00245.html
- ffmpeg-5.1.8-1.mga9
- ffmpeg-5.1.8-1.mga9.tainted
Categorías: Actualizaciones de Seguridad
MGAA-2025-0105 - Updated sansimera-qt packages fix bugs
Publication date: 15 Dec 2025
Type: bugfix
Affected Mageia releases : 9
Description Current version has a bogus requirement on python3-sip. Current version misses a python3-lxml requirement. Current version crashes after downloading images. The updated package fixes the reported issues. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Current version has a bogus requirement on python3-sip. Current version misses a python3-lxml requirement. Current version crashes after downloading images. The updated package fixes the reported issues. References SRPMS 9/core
- sansimera-qt-1.1.0-1.3.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0326 - Updated golang packages fix security vulnerabilities
Publication date: 13 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-61727 , CVE-2025-61729 Description Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509. (CVE-2025-61727) Excessive resource consumption when printing error string for host certificate validation in crypto/x509. (CVE-2025-61729) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-61727 , CVE-2025-61729 Description Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509. (CVE-2025-61727) Excessive resource consumption when printing error string for host certificate validation in crypto/x509. (CVE-2025-61729) References
- https://bugs.mageia.org/show_bug.cgi?id=34810
- https://www.openwall.com/lists/oss-security/2025/12/05/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61727
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729
- golang-1.24.11-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0104 - Updated codeblocks packages fix bug
Publication date: 13 Dec 2025
Type: bugfix
Affected Mageia releases : 9
Description codeblocks was absent from the Mageia 9 repositories. We are shipping the latest release to fix the issue. cross-avr-gcc is not yet present and it is suggested it could be replaced by cross-gcc. If that doesn't work please open other bug report. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description codeblocks was absent from the Mageia 9 repositories. We are shipping the latest release to fix the issue. cross-avr-gcc is not yet present and it is suggested it could be replaced by cross-gcc. If that doesn't work please open other bug report. References SRPMS 9/core
- codeblocks-25.03-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0325 - Updated webkit2 packages fix security vulnerabilities
Publication date: 09 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13947 , CVE-2025-43421 , CVE-2025-43458 , CVE-2025-66287 Description A website may be able to exfiltrate sensitive system information. Description: The issue was addressed through improved state checks - CVE-2025-13947. Processing maliciously crafted web content may lead to an unexpected process crash. Description: Multiple issues were addressed by disabling array allocation sinking - CVE-2025-43421. Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed through improved state management - CVE-2025-43458. Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling - CVE-2025-66287. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13947 , CVE-2025-43421 , CVE-2025-43458 , CVE-2025-66287 Description A website may be able to exfiltrate sensitive system information. Description: The issue was addressed through improved state checks - CVE-2025-13947. Processing maliciously crafted web content may lead to an unexpected process crash. Description: Multiple issues were addressed by disabling array allocation sinking - CVE-2025-43421. Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed through improved state management - CVE-2025-43458. Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling - CVE-2025-66287. References
- https://bugs.mageia.org/show_bug.cgi?id=34802
- https://webkitgtk.org/security/WSA-2025-0009.html
- https://webkitgtk.org/2025/12/04/webkitgtk2.50.3-released.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13947
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43421
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43458
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66287
- webkit2-2.50.3-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0324 - Updated python3 packages fix security vulnerabilities
Publication date: 09 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13836 , CVE-2025-13837 , CVE-2025-12084 Description Excessive read buffering DoS in http.client. (CVE-2025-13836) Out-of-memory when loading Plist. (CVE-2025-13837) Quadratic complexity in node ID cache clearing. (CVE-2025-12084) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13836 , CVE-2025-13837 , CVE-2025-12084 Description Excessive read buffering DoS in http.client. (CVE-2025-13836) Out-of-memory when loading Plist. (CVE-2025-13837) Quadratic complexity in node ID cache clearing. (CVE-2025-12084) References
- https://bugs.mageia.org/show_bug.cgi?id=34808
- https://www.openwall.com/lists/oss-security/2025/12/05/5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084
- python3-3.10.18-1.5.mga9
Categorías: Actualizaciones de Seguridad
