Actualizaciones de Seguridad

Publication date: 25 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48988 , CVE-2025-49125 Description FileUpload large number of parts with headers DoS. (CVE-2025-48988) Security constraint bypass for pre/post-resources. (CVE-2025-49125) References

• https://bugs.mageia.org/show_bug.cgi?id=34376
• https://www.openwall.com/lists/oss-security/2025/06/16/1
• https://www.openwall.com/lists/oss-security/2025/06/16/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125

SRPMS 9/core

• tomcat-9.0.106-1.mga9

Publication date: 25 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-20260 Description Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution. (CVE-2025-20260) References

• https://bugs.mageia.org/show_bug.cgi?id=34387
• https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20260

SRPMS 9/core

• clamav-1.0.9-1.mga9

Publication date: 25 Jun 2025
Type: bugfix
Affected Mageia releases : 9
Description i586 packages that depend on nodejs to build have issues building: the build never ends or it fails at some point after lots of time. This update fixes the reported issue, but since this release, i586 will require CPUs with SSE2 support. References

• https://bugs.mageia.org/show_bug.cgi?id=34384

SRPMS 9/core

• nodejs-22.16.0-4.mga9

Publication date: 24 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-29018 Description External DNS requests from 'internal' networks could lead to data exfiltration - CVE-2024-29018 We can't determine if docker 24.0.5 is affected but as it is no longer supported we are releasing version 25.0.7, as it is supported and free of the CVE. References

• https://bugs.mageia.org/show_bug.cgi?id=33870
• https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx
• https://github.com/moby/moby/releases/tag/v25.0.7
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29018

SRPMS 9/core

• docker-25.0.7-1.mga9

Publication date: 24 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6019 Description A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system. References

• https://bugs.mageia.org/show_bug.cgi?id=34380
• https://www.openwall.com/lists/oss-security/2025/06/17/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6019

SRPMS 9/core

• udisks2-2.10.1-1.1.mga9
• libblockdev-3.3.1-1.mga9

Publication date: 24 Jun 2025
Type: bugfix
Affected Mageia releases : 9
Description Current release produces corrupted graphics for gtk4 apps in vulkan renderer, for some Intel hardware. This update fixes the reported issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34328
• https://gitlab.freedesktop.org/mesa/mesa/-/issues/13319

SRPMS 9/core

• mesa-25.0.7-4.mga9

9/tainted

• mesa-25.0.7-4.mga9.tainted

Publication date: 20 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5063 , CVE-2025-5064 , CVE-2025-5065 , CVE-2025-5066 , CVE-2025-5067 , CVE-2025-5068 , CVE-2025-5280 , CVE-2025-5281 , CVE-2025-5283 , CVE-2025-5419 , CVE-2025-5958 , CVE-2025-5959 Description CVE-2025-5063: Use after free in Compositing. CVE-2025-5280: Out of bounds write in V8. CVE-2025-5064: Inappropriate implementation in Background Fetch API. CVE-2025-5065: Inappropriate implementation in FileSystemAccess API. CVE-2025-5066: Inappropriate implementation in Messages. CVE-2025-5281: Inappropriate implementation in BFCache. CVE-2025-5283: Use after free in libvpx. CVE-2025-5067: Inappropriate implementation in Tab Strip. CVE-2025-5419: Out of bounds read and write in V8. CVE-2025-5068: Use after free in Blink. CVE-2025-5958: Use after free in Media. CVE-2025-5959: Type Confusion in V8. References

• https://bugs.mageia.org/show_bug.cgi?id=34340
• https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html
• https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html
• https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5063
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5064
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5065
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5066
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5067
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5068
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5280
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5281
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5283
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5419
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5958
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5959

SRPMS 9/tainted

• chromium-browser-stable-136.0.7103.113-2.mga9.tainted

Publication date: 16 Jun 2025
Type: bugfix
Affected Mageia releases : 9
Description The current release lacks systemd user units that allow running daemons as a common user. The current release doesn't allow other users to access files downloaded from the web interface if started from system units. This update fixes the issues. References

• https://bugs.mageia.org/show_bug.cgi?id=34369

SRPMS 9/core

• deluge-2.2.0-1.6.mga9

Publication date: 16 Jun 2025
Type: bugfix
Affected Mageia releases : 9
Description tcc can't found the libraries and fail to build even the simplest example. This update fixes the reported issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34372

SRPMS 9/core

• tcc-0.9.28-0.git20250528.1.mga9

Publication date: 13 Jun 2025
Type: bugfix
Affected Mageia releases : 9
Description libvirtd, virtlockd & virtlogd services fail after start due to bad key naming in service files. This update fixes the issue and brings other fixes and enhancements performed by upstream since our current version. Please note that we have disabled the nbdki backend. References

• https://bugs.mageia.org/show_bug.cgi?id=33024
• https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html
• https://github.com/libvirt/libvirt/blob/v9.10.0/NEWS.rst

SRPMS 9/core

• libvirt-9.10.0-1.mga9

Publication date: 11 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-52969 , CVE-2023-52970 , CVE-2023-52971 , CVE-2025-30693 , CVE-2025-30722 Description MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2 - CVE-2023-52969. MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where - CVE-2023-52970. MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan - CVE-2023-52971. Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H) - CVE-2025-30693. Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N) - CVE-2025-30722 References

• https://bugs.mageia.org/show_bug.cgi?id=34342
• https://mariadb.com/kb/en/mariadb-11-4-7-release-notes/
• https://mariadb.com/kb/en/mariadb-11-4-6-release-notes/
• https://ubuntu.com/security/notices/USN-7548-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52969
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52970
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52971
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722

SRPMS 9/core

• mariadb-11.4.7-1.mga9

Publication date: 11 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49113 Description A Post-Auth RCE was announced and fixed in the latest release. References

• https://bugs.mageia.org/show_bug.cgi?id=34341
• https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
• https://www.openwall.com/lists/oss-security/2025/06/02/1
• https://www.openwall.com/lists/oss-security/2025/06/02/3
• https://lists.debian.org/debian-security-announce/2025/msg00098.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49113

SRPMS 9/core

• roundcubemail-1.6.11-2.mga9

Publication date: 10 Jun 2025
Type: bugfix
Affected Mageia releases : 9
Description The current version is no longer supported, and does not update the IP direction for your domain in no-ip.com. This update fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34358

SRPMS 9/core

• noip-3.3.0-1.2.mga9

Publication date: 09 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4673 , CVE-2025-0913 , CVE-2025-22874 Description Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673. os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location - CVE-2025-0913. crypto/x509: usage of ExtKeyUsageAny disables policy validation. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon - CVE-2025-22874. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink. References

• https://bugs.mageia.org/show_bug.cgi?id=34353
• https://www.openwall.com/lists/oss-security/2025/06/05/5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0913
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22874

SRPMS 9/core

• golang-1.24.4-1.mga9

Publication date: 09 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-37797 , CVE-2025-37799 , CVE-2025-37800 , CVE-2025-37801 , CVE-2025-37803 , CVE-2025-37804 , CVE-2025-37805 , CVE-2025-37808 , CVE-2025-37810 , CVE-2025-37811 , CVE-2025-37812 , CVE-2025-37813 , CVE-2025-37815 , CVE-2025-37817 , CVE-2025-37818 , CVE-2025-37819 , CVE-2025-37820 , CVE-2025-37823 , CVE-2025-37824 , CVE-2025-37828 , CVE-2025-37829 , CVE-2025-37830 , CVE-2025-37831 , CVE-2025-37836 , CVE-2025-37878 , CVE-2025-37879 , CVE-2025-37881 , CVE-2025-37883 , CVE-2025-37884 , CVE-2025-37885 , CVE-2025-37886 , CVE-2025-37887 , CVE-2025-37890 , CVE-2025-37891 , CVE-2025-37897 , CVE-2025-37901 , CVE-2025-37903 , CVE-2025-37905 , CVE-2025-37909 , CVE-2025-37911 , CVE-2025-37912 , CVE-2025-37913 , CVE-2025-37914 , CVE-2025-37915 , CVE-2025-37916 , CVE-2025-37917 , CVE-2025-37918 , CVE-2025-37921 , CVE-2025-37922 , CVE-2025-37923 , CVE-2025-37924 , CVE-2025-37927 , CVE-2025-37928 , CVE-2025-37929 , CVE-2025-37930 , CVE-2025-37932 , CVE-2025-37933 , CVE-2025-37935 , CVE-2025-37936 , CVE-2025-37938 , CVE-2025-37947 , CVE-2025-37948 , CVE-2025-37949 , CVE-2025-37951 , CVE-2025-37952 , CVE-2025-37953 , CVE-2025-37954 , CVE-2025-37956 , CVE-2025-37959 , CVE-2025-37961 , CVE-2025-37962 , CVE-2025-37963 , CVE-2025-37964 , CVE-2025-37969 , CVE-2025-37970 , CVE-2025-37972 , CVE-2025-37973 , CVE-2025-37983 , CVE-2025-37985 , CVE-2025-37988 , CVE-2025-37989 , CVE-2025-37990 , CVE-2025-37991 , CVE-2025-37992 Description Vanilla upstream kernel version 6.6.93 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References

• https://bugs.mageia.org/show_bug.cgi?id=34303
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.89
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.90
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.91
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.92
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.93
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37797
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37799
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37800
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37801
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37803
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37804
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37805
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37808
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37810
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37811
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37812
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37813
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37815
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37817
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37818
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37819
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37820
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37823
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37824
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37828
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37829
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37830
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37831
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37836
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37878
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37879
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37881
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37883
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37884
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37885
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37886
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37887
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37890
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37891
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37897
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37901
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37903
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37905
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37909
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37911
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37912
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37913
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37914
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37915
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37916
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37917
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37918
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37921
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37922
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37923
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37924
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37927
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37928
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37929
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37930
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37932
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37933
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37935
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37936
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37938
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37947
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37948
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37949
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37951
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37952
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37953
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37954
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37956
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37959
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37961
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37962
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37963
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37964
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37969
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37970
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37972
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37973
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37983
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37985
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37988
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37989
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37990
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37991
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37992

SRPMS 9/core

• kernel-linus-6.6.93-1.mga9

Publication date: 09 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-37797 , CVE-2025-37799 , CVE-2025-37800 , CVE-2025-37801 , CVE-2025-37803 , CVE-2025-37804 , CVE-2025-37805 , CVE-2025-37808 , CVE-2025-37810 , CVE-2025-37811 , CVE-2025-37812 , CVE-2025-37813 , CVE-2025-37815 , CVE-2025-37817 , CVE-2025-37818 , CVE-2025-37819 , CVE-2025-37820 , CVE-2025-37823 , CVE-2025-37824 , CVE-2025-37828 , CVE-2025-37829 , CVE-2025-37830 , CVE-2025-37831 , CVE-2025-37836 , CVE-2025-37878 , CVE-2025-37879 , CVE-2025-37881 , CVE-2025-37883 , CVE-2025-37884 , CVE-2025-37885 , CVE-2025-37886 , CVE-2025-37887 , CVE-2025-37890 , CVE-2025-37891 , CVE-2025-37897 , CVE-2025-37901 , CVE-2025-37903 , CVE-2025-37905 , CVE-2025-37909 , CVE-2025-37911 , CVE-2025-37912 , CVE-2025-37913 , CVE-2025-37914 , CVE-2025-37915 , CVE-2025-37916 , CVE-2025-37917 , CVE-2025-37918 , CVE-2025-37921 , CVE-2025-37922 , CVE-2025-37923 , CVE-2025-37924 , CVE-2025-37927 , CVE-2025-37928 , CVE-2025-37929 , CVE-2025-37930 , CVE-2025-37932 , CVE-2025-37933 , CVE-2025-37935 , CVE-2025-37936 , CVE-2025-37938 , CVE-2025-37947 , CVE-2025-37948 , CVE-2025-37949 , CVE-2025-37951 , CVE-2025-37952 , CVE-2025-37953 , CVE-2025-37954 , CVE-2025-37956 , CVE-2025-37959 , CVE-2025-37961 , CVE-2025-37962 , CVE-2025-37963 , CVE-2025-37964 , CVE-2025-37969 , CVE-2025-37970 , CVE-2025-37972 , CVE-2025-37973 , CVE-2025-37983 , CVE-2025-37985 , CVE-2025-37988 , CVE-2025-37989 , CVE-2025-37990 , CVE-2025-37991 , CVE-2025-37992 Description Upstream kernel version 6.6.93 fixes bugs and vulnerabilities. The kmod-virtualbox, kmod-xtables-addons, wireless-regdb & firmware packages have been updated to work with this new kernel; some updated build time requirement are here to allow building this kernel version. For information about the vulnerabilities see the links. References

• https://bugs.mageia.org/show_bug.cgi?id=34302
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.89
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.90
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.91
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.92
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.93
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37797
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37799
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37800
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37801
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37803
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37804
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37805
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37808
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37810
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37811
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37812
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37813
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37815
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37817
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37818
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37819
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37820
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37823
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37824
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37828
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37829
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37830
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37831
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37836
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37878
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37879
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37881
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37883
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37884
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37885
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37886
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37887
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37890
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37891
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37897
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37901
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37903
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37905
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37909
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37911
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37912
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37913
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37914
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37915
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37916
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37917
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37918
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37921
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37922
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37923
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37924
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37927
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37928
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37929
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37930
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37932
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37933
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37935
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37936
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37938
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37947
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37948
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37949
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37951
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37952
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37953
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37954
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37956
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37959
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37961
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37962
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37963
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37964
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37969
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37970
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37972
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37973
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37983
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37985
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37988
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37989
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37990
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37991
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37992

SRPMS 9/core

• kernel-6.6.93-1.mga9
• kmod-virtualbox-7.1.8-3.mga9
• kmod-xtables-addons-3.24-80.mga9
• dwarves-1.30-1.mga9
• libtraceevent-1.8.4-1.mga9
• libtracefs-1.8.2-1.mga9
• kernel-firmware-20250509-1.mga9
• wireless-regdb-20250220-1.mga9

9/nonfree

• kernel-firmware-nonfree-20250509-1.mga9.nonfree
• radeon-firmware-20250509-1.mga9.nonfree

Publication date: 09 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-6126 Description Mageia's internal bug: In the current version you can't login in the web interface with firefox or chromium-browser packaged by Mageia. This update fixes the issue, but it is reported that could need to reboot and clear cookies from your browser. A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack - CVE-2024-6126. Please note that you need to edit /etc/nsswitch.conf as recommended in https://bugs.mageia.org/show_bug.cgi?id=33368#c18. References

• https://bugs.mageia.org/show_bug.cgi?id=33368
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6126

SRPMS 9/core

• cockpit-338-1.6.mga9

Publication date: 09 Jun 2025
Type: bugfix
Affected Mageia releases : 9
Description Since the update of bluez to 5.80 devices like mouse/keyboard do not reconnect after suspend or reboot. Only repairing helps to make them work. References

• https://bugs.mageia.org/show_bug.cgi?id=34167

SRPMS 9/core

• bluez-5.82-1.mga9

Publication date: 08 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46337 Description ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. This issue has been patched in version 5.22.9 - CVE-2025-46337. References

• https://bugs.mageia.org/show_bug.cgi?id=34339
• https://ubuntu.com/security/notices/USN-7530-1
• https://github.com/ADOdb/ADOdb/releases/tag/v5.22.9
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46337

SRPMS 9/core

• php-adodb-5.22.9-1.mga9

Publication date: 08 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4598 Description Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump. (CVE-2025-4598) References

• https://bugs.mageia.org/show_bug.cgi?id=34331
• https://openwall.com/lists/oss-security/2025/05/29/3
• https://lists.debian.org/debian-security-announce/2025/msg00095.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598

SRPMS 9/core

• systemd-253.33-1.mga9