Actualizaciones de Seguridad
MGAA-2025-0074 - Updated nvidia-current packages fix bugs
Publication date: 04 Aug 2025
Type: bugfix
Affected Mageia releases : 9
Description The recent update produced some new issues fixed by these packages: - several Steam games crash or freeze at launch - vulkan wasn't working after nvidia drivers update - plasmashell crashes when restoring from suspend References
Type: bugfix
Affected Mageia releases : 9
Description The recent update produced some new issues fixed by these packages: - several Steam games crash or freeze at launch - vulkan wasn't working after nvidia drivers update - plasmashell crashes when restoring from suspend References
- https://bugs.mageia.org/show_bug.cgi?id=34523
- https://bugs.mageia.org/show_bug.cgi?id=34511
- https://bugs.mageia.org/show_bug.cgi?id=34512
- https://bugs.mageia.org/show_bug.cgi?id=34514
- nvidia-current-570.172.08-3.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGASA-2025-0217 - Updated wxgtk packages fix security vulnerability
Publication date: 02 Aug 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-58249 Description In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-58249 Description In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL. References
- https://bugs.mageia.org/show_bug.cgi?id=34447
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5MGXBYGQNDVNLDQFHYQAQNIK5TUT6PIL/
- https://raw.githubusercontent.com/wxWidgets/wxWidgets/v3.2.7/docs/readme.txt
- https://raw.githubusercontent.com/wxWidgets/wxWidgets/v3.2.8/docs/readme.txt
- https://raw.githubusercontent.com/wxWidgets/wxWidgets/v3.2.8.1/docs/readme.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58249
- wxgtk-3.2.8.1-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0216 - Updated glib2.0 packages fix security vulnerability
Publication date: 02 Aug 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6052 Description A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6052 Description A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption. References
- https://bugs.mageia.org/show_bug.cgi?id=34412
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/JCF4CXWHQ7T6REXQFZTU4OS54OXUZ2HW/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6052
- glib2.0-2.76.3-1.5.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0073 - Updated mc packages fix bug
Publication date: 02 Aug 2025
Type: bugfix
Affected Mageia releases : 9
Description The current version can't view inside files compressed with lha. This update fixes the issue & others fixed by upstream; see the references. References
Type: bugfix
Affected Mageia releases : 9
Description The current version can't view inside files compressed with lha. This update fixes the issue & others fixed by upstream; see the references. References
- https://bugs.mageia.org/show_bug.cgi?id=34199
- https://github.com/MidnightCommander/mc/blob/4.8.33/doc/NEWS
- mc-4.8.33-1.3.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0215 - Updated slurm slurm packages fix security vulnerability
Publication date: 31 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43904 Description Updated slurm packages to fix a vulnerability in the Slurm’s accounting system that would have allowed a Coordinator to promote a user to Administrator (CVE-2025-43904). References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43904 Description Updated slurm packages to fix a vulnerability in the Slurm’s accounting system that would have allowed a Coordinator to promote a user to Administrator (CVE-2025-43904). References
- https://bugs.mageia.org/show_bug.cgi?id=34453
- https://lists.debian.org/debian-security-announce/2025/msg00125.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43904
- slurm-23.11.11-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0072 - Updated kwin packages fix bug
Publication date: 31 Jul 2025
Type: bugfix
Affected Mageia releases : 9
Description Launching application from Dolphin without having .desktop file results in parsing the application by kwin. this also causes KDE to completely freeze for few seconds depending on executable filesize. This update fixes the reported issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Launching application from Dolphin without having .desktop file results in parsing the application by kwin. this also causes KDE to completely freeze for few seconds depending on executable filesize. This update fixes the reported issue. References SRPMS 9/core
- kwin-5.27.10-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0071 - Updated nvidia-newfeature, egl-wayland, eglexternalplatform, libdecor, vkmark & mesa-demos
Publication date: 31 Jul 2025
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bug that could cause blank rendering on some single-buffered GLX applications when running on Xwayland. Fixed a bug that could cause a kernel use-after-free on pre-Turing GPUs. Fixed a bug that could cause 32-bit x86 applications running on recent builds of glibc to crash on dlopen(). References
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bug that could cause blank rendering on some single-buffered GLX applications when running on Xwayland. Fixed a bug that could cause a kernel use-after-free on pre-Turing GPUs. Fixed a bug that could cause 32-bit x86 applications running on recent builds of glibc to crash on dlopen(). References
- https://bugs.mageia.org/show_bug.cgi?id=34475
- https://www.nvidia.com/en-us/drivers/details/250991/
- https://www.nvidia.com/en-us/drivers/details/249044/
- https://www.nvidia.com/en-us/drivers/details/247716/
- egl-wayland-1.1.13.1-2.mga9
- eglexternalplatform-1.2.1-1.mga9
- mesa-demos-9.0.0-1.mga9
- libdecor-0.2.3-1.mga9
- vkmark-2025.01-2.20250123.git2bf2ca7.1.mga9
- nvidia-newfeature-575.64.05-2.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGASA-2025-0214 - Updated poppler packages fix security vulnerabilities
Publication date: 25 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-52886 Description poppler uses std::atomic_int for reference counting. Because it is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-52886 Description poppler uses std::atomic_int for reference counting. Because it is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. References
- https://bugs.mageia.org/show_bug.cgi?id=34485
- https://www.openwall.com/lists/oss-security/2025/07/11/5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52886
- poppler-23.02.0-1.7.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0213 - Updated sudo packages fix security vulnerabilities
Publication date: 25 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32462 , CVE-2025-32463 Description CVE-2025-32462 - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines CVE-2025-32463 - Sudo before 1.9.17p1 allows local users to obtain root access because "/etc/nsswitch.conf" from a user-controlled directory is used with the --chroot option. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32462 , CVE-2025-32463 Description CVE-2025-32462 - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines CVE-2025-32463 - Sudo before 1.9.17p1 allows local users to obtain root access because "/etc/nsswitch.conf" from a user-controlled directory is used with the --chroot option. References
- https://bugs.mageia.org/show_bug.cgi?id=34409
- https://www.openwall.com/lists/oss-security/2025/06/30/2
- https://www.openwall.com/lists/oss-security/2025/06/30/3
- https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32462
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32463
- sudo-1.9.15p5-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0070 - Updated nvidia-current & ldetect-lst packages fix bug
Publication date: 25 Jul 2025
Type: bugfix
Affected Mageia releases : 9
Description This is a bugfix update that sync the driver with the nvidia latest release. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description This is a bugfix update that sync the driver with the nvidia latest release. References SRPMS 9/core
- ldetect-lst-0.6.61-1.mga9
- nvidia-current-570.172.08-2.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGASA-2025-0212 - Updated qtbase6 & qtbase5 packages fix security vulnerability
Publication date: 22 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5455 Description An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5455 Description An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. References
- https://bugs.mageia.org/show_bug.cgi?id=34444
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KQMS4MZAS4ACVLXLPAIC3JKRWOKIVJS7/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5455
- qtbase6-6.4.1-5.2.mga9
- qtbase5-5.15.7-6.2.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0069 - Updated qarte 5.9.0 1.mga9 packages fix bug
Publication date: 22 Jul 2025
Type: bugfix
Affected Mageia releases : 9
Description The current version crashes at start. This update fixes the reported issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description The current version crashes at start. This update fixes the reported issue. References SRPMS 9/core
- qarte-5.10.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0211 - Updated redis packages fix security vulnerabilities
Publication date: 19 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-27151 , CVE-2023-41056 , CVE-2025-32023 , CVE-2025-48367 Description Updated redis packages to a more recent version to fix security vulnerabilities: Some vulnerabilities have been discovered and fixed. Please note this update is from 7.0 to 7.2 which brings some potentially breaking changes. In most cases this update could be installed without problems. Potentially Breaking / Behavior Changes: bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Client side tracking for scripts now tracks the keys that are read by the script instead of the keys that are declared by the caller of EVAL / FCALL (#11770) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Freeze time sampling during command execution and in scripts (#10300) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb When a blocked command is being unblocked, checks like ACL, OOM, etc are re-evaluated (#11012) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Unify ACL failure error message text and error codes (#11160) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Blocked stream command that's released when key no longer exists carries a different error code (#11012) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Command stats are updated for blocked commands only when / if the command actually executes (#11012) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb The way ACL users are stored internally no longer removes redundant command and category rules, which may alter the way those rules are displayed as part of `ACL SAVE`, `ACL GETUSER` and `ACL LIST` (#11224) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Client connections created for TLS-based replication use SNI if possible (#11458) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Stream consumers: Re-purpose seen-time, add active-time (#11099) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb XREADGROUP and X[AUTO]CLAIM create the consumer regardless of whether it was able to perform some reading/claiming (#11099) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb ACL default newly created user set sanitize-payload flag in ACL LIST/GETUSER #11279 bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Fix HELLO command not to affect the client state unless successful (#11659) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Normalize `NAN` in replies to a single nan type, like we do with `inf` (#11597) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Cluster SHARD IDs are no longer visible in the cluster nodes output, introduced in 7.2-RC1. (#10536, #12166) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb When calling PUBLISH with a RESP3 client that's also subscribed to the same channel, the order is changed and the reply is sent before the published message (#12326) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-27151 , CVE-2023-41056 , CVE-2025-32023 , CVE-2025-48367 Description Updated redis packages to a more recent version to fix security vulnerabilities: Some vulnerabilities have been discovered and fixed. Please note this update is from 7.0 to 7.2 which brings some potentially breaking changes. In most cases this update could be installed without problems. Potentially Breaking / Behavior Changes: bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Client side tracking for scripts now tracks the keys that are read by the script instead of the keys that are declared by the caller of EVAL / FCALL (#11770) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Freeze time sampling during command execution and in scripts (#10300) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb When a blocked command is being unblocked, checks like ACL, OOM, etc are re-evaluated (#11012) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Unify ACL failure error message text and error codes (#11160) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Blocked stream command that's released when key no longer exists carries a different error code (#11012) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Command stats are updated for blocked commands only when / if the command actually executes (#11012) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb The way ACL users are stored internally no longer removes redundant command and category rules, which may alter the way those rules are displayed as part of `ACL SAVE`, `ACL GETUSER` and `ACL LIST` (#11224) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Client connections created for TLS-based replication use SNI if possible (#11458) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Stream consumers: Re-purpose seen-time, add active-time (#11099) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb XREADGROUP and X[AUTO]CLAIM create the consumer regardless of whether it was able to perform some reading/claiming (#11099) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb ACL default newly created user set sanitize-payload flag in ACL LIST/GETUSER #11279 bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Fix HELLO command not to affect the client state unless successful (#11659) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Normalize `NAN` in replies to a single nan type, like we do with `inf` (#11597) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Cluster SHARD IDs are no longer visible in the cluster nodes output, introduced in 7.2-RC1. (#10536, #12166) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb When calling PUBLISH with a RESP3 client that's also subscribed to the same channel, the order is changed and the reply is sent before the published message (#12326) References
- https://bugs.mageia.org/show_bug.cgi?id=34452
- https://github.com/redis/redis/releases/tag/7.2.10
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27151
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41056
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32023
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48367
- redis-7.2.10-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0210 - Updated quictls packages with minor bug fixes
Publication date: 19 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-13176 , CVE-2024-9143 Description Miscellaneous minor bug fixes. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-13176 , CVE-2024-9143 Description Miscellaneous minor bug fixes. References
- https://bugs.mageia.org/show_bug.cgi?id=34478
- https://openssl-library.org/news/secadv/20241016.txt
- https://openssl-library.org/news/secadv/20250120.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9143
- quictls-3.0.17-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0209 - Updated djvulibre packages fix security vulnerability
Publication date: 19 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53367 Description An out-of-bounds write in the MMRDecoder::scanruns method was fixed. The vulnerability could be exploited to gain code execution on a Linux Desktop system when the user tries to open a crafted document. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53367 Description An out-of-bounds write in the MMRDecoder::scanruns method was fixed. The vulnerability could be exploited to gain code execution on a Linux Desktop system when the user tries to open a crafted document. References
- https://bugs.mageia.org/show_bug.cgi?id=34423
- https://www.openwall.com/lists/oss-security/2025/07/03/1
- https://ubuntu.com/security/notices/USN-7631-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53367
- djvulibre-3.5.29-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0068 - Updated virtualbox kmod-virtualbox packages fix bugs
Publication date: 17 Jul 2025
Type: bugfix
Affected Mageia releases : 9
Description VBoxManage: Fixed a crash when running 'guestcontrol run' on Windows hosts (bug #22175) Audio: Fixed device switching on Windows hosts (bug #22267) Windows host installer: Fixed multiple installation entries in the 'Add or remove programs' dialog and upgrade issues Linux host: Fixed issue which caused VM Selector process crash due to missing libdl.so and libpthread.so libraries (bug #22193) Linux host: Removed libIDL as a build time dependency when building VirtualBox from source code (bug #21169) Linux guest and host: Added initial support for kernel 6.15 (bug #22420) Linux guest: Added initial support for kernel 6.16-RC0 Linux guest and host: Fixed issue with building modules for UEK8 kernel on Oracle Linux 9 distribution RDP: Fixed issue when it was not possible to paste clipboard buffer into a guest over RDP remote session References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description VBoxManage: Fixed a crash when running 'guestcontrol run' on Windows hosts (bug #22175) Audio: Fixed device switching on Windows hosts (bug #22267) Windows host installer: Fixed multiple installation entries in the 'Add or remove programs' dialog and upgrade issues Linux host: Fixed issue which caused VM Selector process crash due to missing libdl.so and libpthread.so libraries (bug #22193) Linux host: Removed libIDL as a build time dependency when building VirtualBox from source code (bug #21169) Linux guest and host: Added initial support for kernel 6.15 (bug #22420) Linux guest: Added initial support for kernel 6.16-RC0 Linux guest and host: Fixed issue with building modules for UEK8 kernel on Oracle Linux 9 distribution RDP: Fixed issue when it was not possible to paste clipboard buffer into a guest over RDP remote session References SRPMS 9/core
- virtualbox-7.1.10-1.mga9
- kmod-virtualbox-7.1.10-4.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0208 - Updated qtimageformats6 packages fix security vulnerabilities
Publication date: 15 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5683 Description Loading a specifically-crafted ICNS format image file in QImage will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5683 Description Loading a specifically-crafted ICNS format image file in QImage will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. References
- https://bugs.mageia.org/show_bug.cgi?id=34395
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3F6LZUJWFANK7X5A65ECKBPB2KQ2DCO/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5683
- qtimageformats6-6.4.1-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0207 - Updated firefox packages fix security vulnerabilities
Publication date: 11 Jul 2025
Type: security
Affected Mageia releases : 9
Description Suggested Advisory The last packaged version for armv7hl was 115.13.0, so from the point of view of the armv7hl architecture, this is a Security Advisory and fixes a lot of CVEs; see the linked Security Advisories below. https://advisories.mageia.org/MGASA-2024-0325.html https://advisories.mageia.org/MGASA-2024-0331.html https://advisories.mageia.org/MGASA-2024-0349.html https://advisories.mageia.org/MGASA-2024-0383.html https://advisories.mageia.org/MGASA-2025-0009.html https://advisories.mageia.org/MGASA-2025-0045.html https://advisories.mageia.org/MGASA-2025-0092.html https://advisories.mageia.org/MGASA-2025-0125.html https://advisories.mageia.org/MGASA-2025-0150.html https://advisories.mageia.org/MGASA-2025-0165.html https://advisories.mageia.org/MGASA-2025-0195.html https://advisories.mageia.org/MGASA-2025-0201.html For the remaining architectures, this is just a bump in the release subversion. We understand it can be upsetting to get an update that does not fix or improve something, but as part of quality assurance the packages of a piece of software should be built from the same source rpm for all the architectures. References SRPMS 9/core
Type: security
Affected Mageia releases : 9
Description Suggested Advisory The last packaged version for armv7hl was 115.13.0, so from the point of view of the armv7hl architecture, this is a Security Advisory and fixes a lot of CVEs; see the linked Security Advisories below. https://advisories.mageia.org/MGASA-2024-0325.html https://advisories.mageia.org/MGASA-2024-0331.html https://advisories.mageia.org/MGASA-2024-0349.html https://advisories.mageia.org/MGASA-2024-0383.html https://advisories.mageia.org/MGASA-2025-0009.html https://advisories.mageia.org/MGASA-2025-0045.html https://advisories.mageia.org/MGASA-2025-0092.html https://advisories.mageia.org/MGASA-2025-0125.html https://advisories.mageia.org/MGASA-2025-0150.html https://advisories.mageia.org/MGASA-2025-0165.html https://advisories.mageia.org/MGASA-2025-0195.html https://advisories.mageia.org/MGASA-2025-0201.html For the remaining architectures, this is just a bump in the release subversion. We understand it can be upsetting to get an update that does not fix or improve something, but as part of quality assurance the packages of a piece of software should be built from the same source rpm for all the architectures. References SRPMS 9/core
- firefox-128.12.0-1.4.mga9
- firefox-l10n-128.12.0-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0206 - Updated gnupg2 packages fix security vulnerabilities
Publication date: 11 Jul 2025
Type: security
Affected Mageia releases : 9
Description Key validity not computed when key is certified by a trusted "certify-only" key (regression due to patch for CVE-2025-30258) References SRPMS 9/core
Type: security
Affected Mageia releases : 9
Description Key validity not computed when key is certified by a trusted "certify-only" key (regression due to patch for CVE-2025-30258) References SRPMS 9/core
- gnupg2-2.3.8-1.4.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0205 - Updated golang packages fix security vulnerabilities
Publication date: 11 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4674 Description Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools (such as directly cloning Git or Mercurial repositories) can cause the toolchain to execute unexpected commands, if said directory contains multiple VCS configuration metadata (such as a '.hg' directory in a Git repository). This is due to how the Go toolchain attempts to resolve which VCS is being used in order to embed build information in binaries and determine module versions. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4674 Description Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools (such as directly cloning Git or Mercurial repositories) can cause the toolchain to execute unexpected commands, if said directory contains multiple VCS configuration metadata (such as a '.hg' directory in a Git repository). This is due to how the Go toolchain attempts to resolve which VCS is being used in order to embed build information in binaries and determine module versions. References
- https://bugs.mageia.org/show_bug.cgi?id=34456
- https://www.openwall.com/lists/oss-security/2025/07/08/5
- https://github.com/golang/go/issues/74382
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4674
- golang-1.24.5-1.mga9
Categorías: Actualizaciones de Seguridad
