Actualizaciones de Seguridad

Publication date: 16 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-56826 , CVE-2024-56827 Description Heap buffer overflow in bin/common/color.c. (CVE-2024-56826) Heap buffer overflow in lib/openjp2/j2k.c. (CVE-2024-56827) References

• https://bugs.mageia.org/show_bug.cgi?id=33905
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWMGURRKWFOTMCKEBHYWF7HHDJSY7BTR/
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XKBM37J7PMJ763EKO4IP3FLOLF4U26HW/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56826
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56827

SRPMS 9/core

• openjpeg2-2.5.0-1.2.mga9

Publication date: 16 Jan 2025
Type: bugfix
Affected Mageia releases : 9
Description curl update that addresses a .netrc related issue that breaks git. References

• https://bugs.mageia.org/show_bug.cgi?id=33893
• https://github.com/curl/curl/issues/15496

SRPMS 9/core

• curl-7.88.1-4.6.mga9

Publication date: 16 Jan 2025
Type: bugfix
Affected Mageia releases : 9
Description Performances enhancements and other changes since our current version, References

• https://bugs.mageia.org/show_bug.cgi?id=33887
• https://developer.nvidia.com/blog/nvidia-cuda-toolkit-12-2-unleashes-powerful-features-for-boosting-applications/
• https://developer.nvidia.com/blog/cuda-toolkit-12-4-enhances-support-for-nvidia-grace-hopper-and-confidential-computing/

SRPMS 9/nonfree

• nvidia-cuda-toolkit-samples-bins-12.4.1-1.mga9.nonfree
• nvidia-cuda-toolkit-12.4.1-1.mga9.nonfree
• cuda-z-0.11.291-11.mga9.nonfree

Publication date: 14 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-48916 Description Authentication bypass in CEPH RadosGW. (CVE-2024-48916) References

• https://bugs.mageia.org/show_bug.cgi?id=33896
• https://ubuntu.com/security/notices/USN-7182-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48916

SRPMS 9/core

• ceph-18.1.1-1.1.mga9

Publication date: 14 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0237 , CVE-2025-0238 , CVE-2025-0239 , CVE-2025-0240 , CVE-2025-0241 , CVE-2025-0242 , CVE-2025-0243 Description WebChannel APIs susceptible to confused deputy attack. (CVE-2025-0237) Use-after-free when breaking lines in text. (CVE-2025-0238) Alt-Svc ALPN validation failure when redirected. (CVE-2025-0239) Compartment mismatch when parsing JavaScript JSON module. (CVE-2025-0240) Memory corruption when using JavaScript Text Segmentation. (CVE-2025-0241) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. (CVE-2025-0242) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. (CVE-2025-0243) References

• https://bugs.mageia.org/show_bug.cgi?id=33900
• https://www.thunderbird.net/en-US/thunderbird/128.6.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0237
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0238
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0240
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0241
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0242
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0243

SRPMS 9/core

• thunderbird-128.6.0-1.mga9
• thunderbird-l10n-128.6.0-1.mga9

Publication date: 14 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0237 , CVE-2025-0238 , CVE-2025-0239 , CVE-2025-0240 , CVE-2025-0241 , CVE-2025-0242 , CVE-2025-0243 Description WebChannel APIs susceptible to confused deputy attack. (CVE-2025-0237) Use-after-free when breaking lines in text. (CVE-2025-0238) Alt-Svc ALPN validation failure when redirected. (CVE-2025-0239) Compartment mismatch when parsing JavaScript JSON module. (CVE-2025-0240) Memory corruption when using JavaScript Text Segmentation. (CVE-2025-0241) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. (CVE-2025-0242) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. (CVE-2025-0243) References

• https://bugs.mageia.org/show_bug.cgi?id=33897
• https://www.mozilla.org/en-US/firefox/128.6.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0237
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0238
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0239
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0240
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0241
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0242
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0243

SRPMS 9/core

• firefox-128.6.0-1.mga9
• firefox-l10n-128.6.0-1.mga9

Publication date: 12 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-11403 , CVE-2024-11498 Description Out of Bounds Memory Read/Write in libjxl. (CVE-2024-11403) Resource exhaustion via Stack overflow in libjxl. (CVE-2024-11498) References

• https://bugs.mageia.org/show_bug.cgi?id=33818
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MKE5FX6CYNU67TGCF7WUASGPHZHN5WQC/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11403
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11498

SRPMS 9/core

• libjxl-0.7.2-1.mga9

Publication date: 12 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-52615 , CVE-2024-52616 Description Avahi wide-area dns uses constant source port. (CVE-2024-52615) Avahi wide-area dns predictable transaction ids. (CVE-2024-52616) References

• https://bugs.mageia.org/show_bug.cgi?id=33829
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/G3ABDXZMFN73MQ62ZJOBQIVUE3HAEKVL/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52615
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52616

SRPMS 9/core

• avahi-0.8-10.2.mga9

Publication date: 12 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-29645 Description Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function. (CVE-2024-29645) References

• https://bugs.mageia.org/show_bug.cgi?id=33853
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VM7ZHZ5AWQKW4RJJZ5LN6TSZLENLQ2GZ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29645

SRPMS 9/core

• radare2-5.8.8-1.4.mga9

Publication date: 12 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2022-1207 Description Command injection via RzBinInfo bclass due legacy code. (CVE-2022-1207) References

• https://bugs.mageia.org/show_bug.cgi?id=33895
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/YNDCM5TGWRLSMIJ74ZI6LMNSCCH5DBPL/
• https://github.com/rizinorg/rizin/security/advisories/GHSA-5jhc-frm4-p8v9
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1207

SRPMS 9/core

• rizin-0.5.2-1.1.mga9

Publication date: 10 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45310 Description runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing files **will not** be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. References

• https://bugs.mageia.org/show_bug.cgi?id=33519
• https://www.openwall.com/lists/oss-security/2024/09/03/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45310

SRPMS 9/core

• opencontainers-runc-1.1.14-1.mga9

Publication date: 10 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2022-40468 , CVE-2023-49606 Description Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.. (CVE-2022-40468) A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability. (CVE-2023-49606) References

• https://bugs.mageia.org/show_bug.cgi?id=33206
• https://www.openwall.com/lists/oss-security/2024/05/07/1
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/OM62U7F2OTTTTR4PTM6RV3UAOCUHRC75/
• https://lwn.net/Articles/990818/
• https://ubuntu.com/security/notices/USN-7140-1
• https://ubuntu.com/security/notices/USN-7190-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40468
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49606

SRPMS 9/core

• tinyproxy-1.10.0-3.1.mga9

Publication date: 04 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-21259 , CVE-2024-21263 , CVE-2024-21273 , CVE-2024-21248 , CVE-2024-21253 Description Vulnerabilities were found in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are prior to 7.0.22 and prior to 7.1.2. A difficult to exploit vulnerability allows a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise an Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VirtualBox VMs. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). References

• https://bugs.mageia.org/show_bug.cgi?id=33754
• https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixOVIR
• https://www.virtualbox.org/wiki/Changelog-7.0#v22
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21259
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21263
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21273
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21248
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21253

SRPMS 9/core

• virtualbox-7.0.22-1.mga9
• kmod-virtualbox-7.0.22-62.mga9

Publication date: 04 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-35176 , CVE-2024-39908 , CVE-2024-41123 , CVE-2024-41946 , CVE-2024-43398 , CVE-2024-49761 Description The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. (CVE-2024-35176) The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. (CVE-2024-39908) The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. (CVE-2024-41123) The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. (CVE-2024-41946) The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. (CVE-2024-43398) The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). (CVE-2024-49761) References

• https://bugs.mageia.org/show_bug.cgi?id=33576
• https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/
• https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908/
• https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123/
• https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946/
• https://www.ruby-lang.org/en/news/2024/08/22/dos-rexml-cve-2024-43398/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQWXWS2GDTKX4LYWHQOZ2PWXDEICDX2W/
• https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/
• https://ubuntu.com/security/notices/USN-7091-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35176
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39908
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41123
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41946
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43398
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49761

SRPMS 9/core

• ruby-3.1.5-46.mga9

Publication date: 04 Jan 2025
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bug in i2c handling that caused the OpenRGB Application to set incorrect LED colors on some NVIDIA GPUs. https://github.com/NVIDIA/open-gpu-kernel-modules/issues/41 Changed the fallback preference from 10 BPC YUV422 to 8 BPC RGB + dithering when enabling HDR scanout with limited display bandwidth. Fixed a bug that could cause the nvidia-settings control panel to crash when using X11 forwarding on some systems. Added a new application profile key, "GLVidHeapReuseRatio", to control the amount of memory OpenGL may hold for later reuse, as well as some application profiles for several Wayland compositors using the new key to work around issues with excessive video memory usage. Fixed a bug that could lead to crashes when a Vulkan application waits on a VkFence created by importing a DRM syncobj. This solves some crashes observed with Unreal Engine and other applications on Wayland. Fixed a bug that could cause KDE Plasma 6 to crash when running as a Wayland compositor. Fixed a bug that would cause the driver stack to fail to load the correct state of a Quadro Sync board when GSP is enabled. This would lead to inaccuracies in reporting framelock state when using house sync or stereo signals. Updated the kernel module build process to use CONFIG_CC_VERSION_TEXT from the Linux kernel's Kconfig to detect the compiler used to build the kernel. This may help select the correct compiler on systems where the kernel was built with a compiler other than the default one. Fixed a bug that prevented kernel modules linked using precompiled kernel interface files from loading on recent Debian systems. Improved the ability of nvidia-modprobe to detect whether kernel modules are already loaded. This corrects an issue that prevented nvidia-persistenced from setting persistence mode on some systems. Please note, starting from this release it's provided also the package: dkms-nvidia-newfeature-open-565.77-1.mga9.nonfree This is an "alternative" package to 'dkms-nvidia-newfeature' which uses open source kernel modules instead of the closed source ones. Note that only NVidia cards of arch Turing and beyond are supported by this dkms-nvidia-newfeature-open Older NVidia cards, e.g. in the Maxwell or Pascal arch supports only the standard dkms-nvidia-newfeature. So for instance Quadro K620 is in the Maxwell arch and are not supported by the -open variant. GTX 1080 is in the Pascal arch and it's not supported. RTX 2070, GTX 1660 are in the Turing arch and are supported. Quadro RTX A6000 is in the Ampere arch and is supported, etc. Note also that such dkms-nvidia-newfeature-open package it's not installed automatically by the drakx11 utils, but could be installed manually (in that case the cards must be already configured by the utils). So only for the brave and with a minimal competence with manual package installing. References

• https://bugs.mageia.org/show_bug.cgi?id=33847
• https://www.nvidia.com/en-us/drivers/details/237587/

SRPMS 9/nonfree

• nvidia-newfeature-565.77-5.mga9.nonfree
• cuda-z-0.11.291-9.mga9.nonfree

Publication date: 04 Jan 2025
Type: bugfix
Affected Mageia releases : 9
Description Minor bug fixes and improvements. Note that starting from this version, dkms-nvidia-current-open-550.142-1.mga9.nonfree is provided as the alternative open-sourced Nvidia kernel module (this package is not automatically retrieved from drakx11). Note that while the nvidia-current package works for cards of series GTX 745 and beyond, these modules, as we already seen for nvidia-newfeature, work only for cards of series Turing and beyond. References

• https://bugs.mageia.org/show_bug.cgi?id=33872
• https://www.nvidia.com/en-us/drivers/details/237853/

SRPMS 9/core

• meta-task-9-3.mga9
• mageia-repos-9-3.mga9
• ldetect-lst-0.6.59-1.mga9

9/nonfree

• nvidia-current-550.142-3.mga9.nonfree
• nvidia470-470.256.02-3.mga9.nonfree

Publication date: 30 Dec 2024
Type: bugfix
Affected Mageia releases : 9
Description ssh crashed with a segfault when using a dss key. This update fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=33857

SRPMS 9/core

• openssh-9.3p1-2.3.mga9

Publication date: 29 Dec 2024
Type: bugfix
Affected Mageia releases : 9
Description Updated PHP package fixes many segfaults, memory leaks and overflows. References

• https://bugs.mageia.org/show_bug.cgi?id=33874
• https://www.php.net/ChangeLog-8.php#8.2.27

SRPMS 9/core

• php-8.2.27-1.mga9

Publication date: 24 Dec 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-53920 Description In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code). (CVE-2024-53920) References

• https://bugs.mageia.org/show_bug.cgi?id=33867
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/P4KYDPPUCZHJVNAEXLQAF43YKVZPVWFH/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53920

SRPMS 9/core

• emacs-29.4-1.2.mga9

Publication date: 21 Dec 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50602 Description An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. (CVE-2024-50602) References

• https://bugs.mageia.org/show_bug.cgi?id=33864
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/X3V7QAWJ6AWA3YEKX4DEGJFLTQ6ASRC3/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50602

SRPMS 9/core

• mozjs78-78.15.0-7.2.mga9