Actualizaciones de Seguridad
MGASA-2024-0348 - Updated ruby-webrick packages fix security vulnerability
Publication date: 08 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-47220 Description An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1rn" inside of a "POST /user HTTP/1.1rn" request. (CVE-2024-47220) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-47220 Description An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1rn" inside of a "POST /user HTTP/1.1rn" request. (CVE-2024-47220) References
- https://bugs.mageia.org/show_bug.cgi?id=33617
- https://ubuntu.com/security/notices/USN-7057-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47220
- ruby-webrick-1.7.0-3.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0347 - Updated python-urllib3 packages fix security vulnerability
Publication date: 08 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-37891 Description When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the Proxy-Authorization HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the Proxy-Authorization header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the Proxy-Authorization header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-37891 Description When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the Proxy-Authorization HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the Proxy-Authorization header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the Proxy-Authorization header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. References
- https://bugs.mageia.org/show_bug.cgi?id=33716
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37891
- python-urllib3-1.26.20-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0225 - Updated wireplumber & pipewire-media-session packages fix Bluetooth audio connections
Publication date: 07 Nov 2024
Type: bugfix
Affected Mageia releases : 9
Description This bug addresses a newer wireplumber that was missed in a previous pipewire update. After the previous update (pipewire-0.3.85-6) sometimes it could happen that some Bluetooth audio device was not correctly connected. This version update should fix the problem, among other fixes. The pipewire-media-session package, which is the other (older) companion media session manager, has also been rebuilt against the latest pipewire (0.3.85-6 aka 1.0.9) and includes an upstream patch to fix a potential DBusMessage memory leak. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description This bug addresses a newer wireplumber that was missed in a previous pipewire update. After the previous update (pipewire-0.3.85-6) sometimes it could happen that some Bluetooth audio device was not correctly connected. This version update should fix the problem, among other fixes. The pipewire-media-session package, which is the other (older) companion media session manager, has also been rebuilt against the latest pipewire (0.3.85-6 aka 1.0.9) and includes an upstream patch to fix a potential DBusMessage memory leak. References SRPMS 9/core
- wireplumber-0.5.6-1.mga9
- pipewire-media-session-0.4.2-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0346 - Updated libarchive packages fix security vulnerabilities
Publication date: 06 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-48957 , CVE-2024-48958 Description execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. (CVE-2024-48957) execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. (CVE-2024-48958) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-48957 , CVE-2024-48958 Description execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. (CVE-2024-48957) execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. (CVE-2024-48958) References
- https://bugs.mageia.org/show_bug.cgi?id=33717
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48957
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48958
- libarchive-3.6.2-5.2.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0224 - Updated grub2 packages help to do lightest installations
Publication date: 05 Nov 2024
Type: bugfix
Affected Mageia releases : 9
Description A minimal install with grub2 installs graphical libraries, due to the inclusion of the grub2-mkfont binary in the core package. This update splits grub2-mkfont from the core package and make it an optional requirement helping to make more light installations. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description A minimal install with grub2 installs graphical libraries, due to the inclusion of the grub2-mkfont binary in the core package. This update splits grub2-mkfont from the core package and make it an optional requirement helping to make more light installations. References SRPMS 9/core
- grub2-2.06-28.4.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0223 - Updated digikam packages fix crash on some 32 bit systems
Publication date: 05 Nov 2024
Type: bugfix
Affected Mageia releases : 9
Description Use of SSE2 instructions even if not available for the processor makes digikam crash on some 32 bit systems. These updates fixes the issue. References
Type: bugfix
Affected Mageia releases : 9
Description Use of SSE2 instructions even if not available for the processor makes digikam crash on some 32 bit systems. These updates fixes the issue. References
- https://bugs.mageia.org/show_bug.cgi?id=32102
- https://www.digikam.org/news/2023-07-09-8.1.0_release_announcement/
- https://www.digikam.org/news/2023-12-03-8.2.0_release_announcement/
- https://www.digikam.org/news/2024-03-17-8.3.0_release_announcement/
- https://www.digikam.org/news/2024-07-14-8.4.0_release_announcement/
- digikam-8.4.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0345 - Updated kernel, kmod-xtables-addons. kmod-virtualbox, kernel-firmware & kernel-firmware-nonfree radeon-firmware packages fix security vulnerabilities
Publication date: 02 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-52917 , CVE-2024-47670 , CVE-2024-47671 , CVE-2024-47672 , CVE-2024-47673 , CVE-2024-47675 , CVE-2024-47678 , CVE-2024-47679 , CVE-2024-47681 , CVE-2024-47682 , CVE-2024-47683 , CVE-2024-47684 , CVE-2024-47685 , CVE-2024-47686 , CVE-2024-47688 , CVE-2024-47689 , CVE-2024-47690 , CVE-2024-47691 , CVE-2024-47692 , CVE-2024-47693 , CVE-2024-47695 , CVE-2024-47696 , CVE-2024-47697 , CVE-2024-47698 , CVE-2024-47699 , CVE-2024-47700 , CVE-2024-47701 , CVE-2024-47704 , CVE-2024-47705 , CVE-2024-47706 , CVE-2024-47707 , CVE-2024-47709 , CVE-2024-47710 , CVE-2024-47712 , CVE-2024-47713 , CVE-2024-47714 , CVE-2024-47715 , CVE-2024-47716 , CVE-2024-47718 , CVE-2024-47719 , CVE-2024-47720 , CVE-2024-47722 , CVE-2024-47723 , CVE-2024-47725 , CVE-2024-47727 , CVE-2024-47728 , CVE-2024-47730 , CVE-2024-47731 , CVE-2024-47734 , CVE-2024-47735 , CVE-2024-47737 , CVE-2024-47738 , CVE-2024-47739 , CVE-2024-47740 , CVE-2024-47741 , CVE-2024-47742 , CVE-2024-47743 , CVE-2024-47744 , CVE-2024-47745 , CVE-2024-47747 , CVE-2024-47748 , CVE-2024-47749 , CVE-2024-47750 , CVE-2024-47751 , CVE-2024-47752 , CVE-2024-47753 , CVE-2024-47754 , CVE-2024-47755 , CVE-2024-47756 , CVE-2024-47757 , CVE-2024-49850 , CVE-2024-49851 , CVE-2024-49852 , CVE-2024-49853 , CVE-2024-49855 , CVE-2024-49856 , CVE-2024-49858 , CVE-2024-49859 , CVE-2024-49860 , CVE-2024-49861 , CVE-2024-49862 , CVE-2024-49863 , CVE-2024-49864 , CVE-2024-49866 , CVE-2024-49867 , CVE-2024-49868 , CVE-2024-49870 , CVE-2024-49871 , CVE-2024-49874 , CVE-2024-49875 , CVE-2024-49877 , CVE-2024-49878 , CVE-2024-49879 , CVE-2024-49881 , CVE-2024-49882 , CVE-2024-49883 , CVE-2024-49884 , CVE-2024-49886 , CVE-2024-49889 , CVE-2024-49890 , CVE-2024-49892 , CVE-2024-49894 , CVE-2024-49895 , CVE-2024-49896 , CVE-2024-49900 , CVE-2024-49901 , CVE-2024-49902 , CVE-2024-49903 , CVE-2024-49905 , CVE-2024-49907 , CVE-2024-49912 , CVE-2024-49913 , CVE-2024-49924 , CVE-2024-49925 , CVE-2024-49927 , CVE-2024-49929 , CVE-2024-49930 , CVE-2024-49931 , CVE-2024-49933 , CVE-2024-49935 , CVE-2024-49936 , CVE-2024-49937 , CVE-2024-49938 , CVE-2024-49939 , CVE-2024-49944 , CVE-2024-49946 , CVE-2024-49947 , CVE-2024-49948 , CVE-2024-49949 , CVE-2024-49950 , CVE-2024-49951 , CVE-2024-49952 , CVE-2024-49953 , CVE-2024-49954 , CVE-2024-49955 , CVE-2024-49957 , CVE-2024-49958 , CVE-2024-49959 , CVE-2024-49960 , CVE-2024-49961 , CVE-2024-49962 , CVE-2024-49963 , CVE-2024-49965 , CVE-2024-49966 , CVE-2024-49967 , CVE-2024-49969 , CVE-2024-49973 , CVE-2024-49975 , CVE-2024-49976 , CVE-2024-49977 , CVE-2024-49978 , CVE-2024-49980 , CVE-2024-49981 , CVE-2024-49982 , CVE-2024-49983 , CVE-2024-49985 , CVE-2024-49986 , CVE-2024-49987 , CVE-2024-49988 , CVE-2024-49989 , CVE-2024-49991 , CVE-2024-49992 , CVE-2024-49993 , CVE-2024-49995 , CVE-2024-49996 , CVE-2024-49997 , CVE-2024-50000 , CVE-2024-50001 , CVE-2024-50002 , CVE-2024-50003 , CVE-2024-50005 , CVE-2024-50006 , CVE-2024-50007 , CVE-2024-50008 , CVE-2024-50012 , CVE-2024-50013 , CVE-2024-50015 , CVE-2024-50016 , CVE-2024-50019 , CVE-2024-50022 , CVE-2024-50023 , CVE-2024-50024 , CVE-2024-50026 , CVE-2024-50029 , CVE-2024-50031 , CVE-2024-50032 , CVE-2024-50033 , CVE-2024-50035 , CVE-2024-50036 , CVE-2024-50038 , CVE-2024-50039 , CVE-2024-50040 , CVE-2024-50041 , CVE-2024-50044 , CVE-2024-50045 , CVE-2024-50046 , CVE-2024-50047 , CVE-2024-50048 , CVE-2024-50049 , CVE-2024-50055 , CVE-2024-50057 , CVE-2024-50058 , CVE-2024-50059 , CVE-2024-50060 , CVE-2024-50061 , CVE-2024-50062 , CVE-2024-50063 , CVE-2024-50064 , CVE-2024-50065 , CVE-2024-50066 Description Upstream kernel version 6.6.58 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-52917 , CVE-2024-47670 , CVE-2024-47671 , CVE-2024-47672 , CVE-2024-47673 , CVE-2024-47675 , CVE-2024-47678 , CVE-2024-47679 , CVE-2024-47681 , CVE-2024-47682 , CVE-2024-47683 , CVE-2024-47684 , CVE-2024-47685 , CVE-2024-47686 , CVE-2024-47688 , CVE-2024-47689 , CVE-2024-47690 , CVE-2024-47691 , CVE-2024-47692 , CVE-2024-47693 , CVE-2024-47695 , CVE-2024-47696 , CVE-2024-47697 , CVE-2024-47698 , CVE-2024-47699 , CVE-2024-47700 , CVE-2024-47701 , CVE-2024-47704 , CVE-2024-47705 , CVE-2024-47706 , CVE-2024-47707 , CVE-2024-47709 , CVE-2024-47710 , CVE-2024-47712 , CVE-2024-47713 , CVE-2024-47714 , CVE-2024-47715 , CVE-2024-47716 , CVE-2024-47718 , CVE-2024-47719 , CVE-2024-47720 , CVE-2024-47722 , CVE-2024-47723 , CVE-2024-47725 , CVE-2024-47727 , CVE-2024-47728 , CVE-2024-47730 , CVE-2024-47731 , CVE-2024-47734 , CVE-2024-47735 , CVE-2024-47737 , CVE-2024-47738 , CVE-2024-47739 , CVE-2024-47740 , CVE-2024-47741 , CVE-2024-47742 , CVE-2024-47743 , CVE-2024-47744 , CVE-2024-47745 , CVE-2024-47747 , CVE-2024-47748 , CVE-2024-47749 , CVE-2024-47750 , CVE-2024-47751 , CVE-2024-47752 , CVE-2024-47753 , CVE-2024-47754 , CVE-2024-47755 , CVE-2024-47756 , CVE-2024-47757 , CVE-2024-49850 , CVE-2024-49851 , CVE-2024-49852 , CVE-2024-49853 , CVE-2024-49855 , CVE-2024-49856 , CVE-2024-49858 , CVE-2024-49859 , CVE-2024-49860 , CVE-2024-49861 , CVE-2024-49862 , CVE-2024-49863 , CVE-2024-49864 , CVE-2024-49866 , CVE-2024-49867 , CVE-2024-49868 , CVE-2024-49870 , CVE-2024-49871 , CVE-2024-49874 , CVE-2024-49875 , CVE-2024-49877 , CVE-2024-49878 , CVE-2024-49879 , CVE-2024-49881 , CVE-2024-49882 , CVE-2024-49883 , CVE-2024-49884 , CVE-2024-49886 , CVE-2024-49889 , CVE-2024-49890 , CVE-2024-49892 , CVE-2024-49894 , CVE-2024-49895 , CVE-2024-49896 , CVE-2024-49900 , CVE-2024-49901 , CVE-2024-49902 , CVE-2024-49903 , CVE-2024-49905 , CVE-2024-49907 , CVE-2024-49912 , CVE-2024-49913 , CVE-2024-49924 , CVE-2024-49925 , CVE-2024-49927 , CVE-2024-49929 , CVE-2024-49930 , CVE-2024-49931 , CVE-2024-49933 , CVE-2024-49935 , CVE-2024-49936 , CVE-2024-49937 , CVE-2024-49938 , CVE-2024-49939 , CVE-2024-49944 , CVE-2024-49946 , CVE-2024-49947 , CVE-2024-49948 , CVE-2024-49949 , CVE-2024-49950 , CVE-2024-49951 , CVE-2024-49952 , CVE-2024-49953 , CVE-2024-49954 , CVE-2024-49955 , CVE-2024-49957 , CVE-2024-49958 , CVE-2024-49959 , CVE-2024-49960 , CVE-2024-49961 , CVE-2024-49962 , CVE-2024-49963 , CVE-2024-49965 , CVE-2024-49966 , CVE-2024-49967 , CVE-2024-49969 , CVE-2024-49973 , CVE-2024-49975 , CVE-2024-49976 , CVE-2024-49977 , CVE-2024-49978 , CVE-2024-49980 , CVE-2024-49981 , CVE-2024-49982 , CVE-2024-49983 , CVE-2024-49985 , CVE-2024-49986 , CVE-2024-49987 , CVE-2024-49988 , CVE-2024-49989 , CVE-2024-49991 , CVE-2024-49992 , CVE-2024-49993 , CVE-2024-49995 , CVE-2024-49996 , CVE-2024-49997 , CVE-2024-50000 , CVE-2024-50001 , CVE-2024-50002 , CVE-2024-50003 , CVE-2024-50005 , CVE-2024-50006 , CVE-2024-50007 , CVE-2024-50008 , CVE-2024-50012 , CVE-2024-50013 , CVE-2024-50015 , CVE-2024-50016 , CVE-2024-50019 , CVE-2024-50022 , CVE-2024-50023 , CVE-2024-50024 , CVE-2024-50026 , CVE-2024-50029 , CVE-2024-50031 , CVE-2024-50032 , CVE-2024-50033 , CVE-2024-50035 , CVE-2024-50036 , CVE-2024-50038 , CVE-2024-50039 , CVE-2024-50040 , CVE-2024-50041 , CVE-2024-50044 , CVE-2024-50045 , CVE-2024-50046 , CVE-2024-50047 , CVE-2024-50048 , CVE-2024-50049 , CVE-2024-50055 , CVE-2024-50057 , CVE-2024-50058 , CVE-2024-50059 , CVE-2024-50060 , CVE-2024-50061 , CVE-2024-50062 , CVE-2024-50063 , CVE-2024-50064 , CVE-2024-50065 , CVE-2024-50066 Description Upstream kernel version 6.6.58 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=33667
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.53
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.54
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.55
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.56
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.57
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.58
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52917
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47670
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47671
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47672
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47673
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47675
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47678
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47681
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47682
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47683
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47684
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47685
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47686
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47688
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47689
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47690
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47691
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47692
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47693
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47695
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47696
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47697
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47698
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47699
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47700
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47701
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47704
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47705
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47706
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47707
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47709
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47710
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47712
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47715
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47716
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47718
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47719
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47720
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47722
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47723
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47725
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47728
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47730
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47731
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47734
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47735
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47737
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47738
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47739
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47740
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47741
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47742
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47743
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47744
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47745
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47747
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47748
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47749
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47750
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47751
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47752
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47753
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47754
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47755
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47756
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47757
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49850
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49851
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49852
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49853
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49855
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49856
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49858
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49859
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49860
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49861
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49862
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49863
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49866
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49867
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49868
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49870
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49871
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49874
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49875
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49877
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49878
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49879
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49881
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49882
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49883
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49884
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49886
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49889
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49890
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49892
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49894
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49895
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49896
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49900
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49901
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49902
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49903
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49905
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49907
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49912
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49913
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49924
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49925
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49927
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49929
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49930
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49931
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49933
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49935
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49936
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49937
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49938
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49939
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49944
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49946
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49947
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49948
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49949
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49950
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49951
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49952
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49953
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49954
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49955
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49957
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49958
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49959
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49960
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49961
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49962
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49963
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49965
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49966
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49967
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49969
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49973
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49975
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49976
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49977
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49978
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49980
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49981
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49982
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49983
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49986
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49987
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49988
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49989
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49991
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49992
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49993
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49995
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49996
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49997
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50000
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50001
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50002
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50003
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50005
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50006
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50007
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50008
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50012
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50015
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50016
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50019
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50022
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50023
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50024
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50026
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50029
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50031
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50032
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50033
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50035
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50036
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50038
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50039
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50040
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50041
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50044
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50045
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50046
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50047
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50048
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50049
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50055
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50057
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50058
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50059
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50061
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50062
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50063
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50064
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50065
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50066
- kernel-6.6.58-2.mga9
- kmod-xtables-addons-3.24-65.mga9
- kmod-virtualbox-7.0.20-57.mga9
- kernel-firmware-20240909-1.mga9
- kernel-firmware-nonfree-20240909-1.mga9.nonfree
- radeon-firmware-20240909-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGASA-2024-0344 - Updated kernel-linus packages fix security vulnerabilities
Publication date: 02 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-52917 , CVE-2024-47670 , CVE-2024-47671 , CVE-2024-47672 , CVE-2024-47673 , CVE-2024-47675 , CVE-2024-47678 , CVE-2024-47679 , CVE-2024-47681 , CVE-2024-47682 , CVE-2024-47683 , CVE-2024-47684 , CVE-2024-47685 , CVE-2024-47686 , CVE-2024-47688 , CVE-2024-47689 , CVE-2024-47690 , CVE-2024-47691 , CVE-2024-47692 , CVE-2024-47693 , CVE-2024-47695 , CVE-2024-47696 , CVE-2024-47697 , CVE-2024-47698 , CVE-2024-47699 , CVE-2024-47700 , CVE-2024-47701 , CVE-2024-47704 , CVE-2024-47705 , CVE-2024-47706 , CVE-2024-47707 , CVE-2024-47709 , CVE-2024-47710 , CVE-2024-47712 , CVE-2024-47713 , CVE-2024-47714 , CVE-2024-47715 , CVE-2024-47716 , CVE-2024-47718 , CVE-2024-47719 , CVE-2024-47720 , CVE-2024-47722 , CVE-2024-47723 , CVE-2024-47725 , CVE-2024-47727 , CVE-2024-47728 , CVE-2024-47730 , CVE-2024-47731 , CVE-2024-47734 , CVE-2024-47735 , CVE-2024-47737 , CVE-2024-47738 , CVE-2024-47739 , CVE-2024-47740 , CVE-2024-47741 , CVE-2024-47742 , CVE-2024-47743 , CVE-2024-47744 , CVE-2024-47745 , CVE-2024-47747 , CVE-2024-47748 , CVE-2024-47749 , CVE-2024-47750 , CVE-2024-47751 , CVE-2024-47752 , CVE-2024-47753 , CVE-2024-47754 , CVE-2024-47755 , CVE-2024-47756 , CVE-2024-47757 , CVE-2024-49850 , CVE-2024-49851 , CVE-2024-49852 , CVE-2024-49853 , CVE-2024-49855 , CVE-2024-49856 , CVE-2024-49858 , CVE-2024-49859 , CVE-2024-49860 , CVE-2024-49861 , CVE-2024-49862 , CVE-2024-49863 , CVE-2024-49864 , CVE-2024-49866 , CVE-2024-49867 , CVE-2024-49868 , CVE-2024-49870 , CVE-2024-49871 , CVE-2024-49874 , CVE-2024-49875 , CVE-2024-49877 , CVE-2024-49878 , CVE-2024-49879 , CVE-2024-49881 , CVE-2024-49882 , CVE-2024-49883 , CVE-2024-49884 , CVE-2024-49886 , CVE-2024-49889 , CVE-2024-49890 , CVE-2024-49892 , CVE-2024-49894 , CVE-2024-49895 , CVE-2024-49896 , CVE-2024-49900 , CVE-2024-49901 , CVE-2024-49902 , CVE-2024-49903 , CVE-2024-49905 , CVE-2024-49907 , CVE-2024-49912 , CVE-2024-49913 , CVE-2024-49924 , CVE-2024-49925 , CVE-2024-49927 , CVE-2024-49929 , CVE-2024-49930 , CVE-2024-49931 , CVE-2024-49933 , CVE-2024-49935 , CVE-2024-49936 , CVE-2024-49937 , CVE-2024-49938 , CVE-2024-49939 , CVE-2024-49944 , CVE-2024-49946 , CVE-2024-49947 , CVE-2024-49948 , CVE-2024-49949 , CVE-2024-49950 , CVE-2024-49951 , CVE-2024-49952 , CVE-2024-49953 , CVE-2024-49954 , CVE-2024-49955 , CVE-2024-49957 , CVE-2024-49958 , CVE-2024-49959 , CVE-2024-49960 , CVE-2024-49961 , CVE-2024-49962 , CVE-2024-49963 , CVE-2024-49965 , CVE-2024-49966 , CVE-2024-49967 , CVE-2024-49969 , CVE-2024-49973 , CVE-2024-49975 , CVE-2024-49976 , CVE-2024-49977 , CVE-2024-49978 , CVE-2024-49980 , CVE-2024-49981 , CVE-2024-49982 , CVE-2024-49983 , CVE-2024-49985 , CVE-2024-49986 , CVE-2024-49987 , CVE-2024-49988 , CVE-2024-49989 , CVE-2024-49991 , CVE-2024-49992 , CVE-2024-49993 , CVE-2024-49995 , CVE-2024-49996 , CVE-2024-49997 , CVE-2024-50000 , CVE-2024-50001 , CVE-2024-50002 , CVE-2024-50003 , CVE-2024-50005 , CVE-2024-50006 , CVE-2024-50007 , CVE-2024-50008 , CVE-2024-50012 , CVE-2024-50013 , CVE-2024-50015 , CVE-2024-50016 , CVE-2024-50019 , CVE-2024-50022 , CVE-2024-50023 , CVE-2024-50024 , CVE-2024-50026 , CVE-2024-50029 , CVE-2024-50031 , CVE-2024-50032 , CVE-2024-50033 , CVE-2024-50035 , CVE-2024-50036 , CVE-2024-50038 , CVE-2024-50039 , CVE-2024-50040 , CVE-2024-50041 , CVE-2024-50044 , CVE-2024-50045 , CVE-2024-50046 , CVE-2024-50047 , CVE-2024-50048 , CVE-2024-50049 , CVE-2024-50055 , CVE-2024-50057 , CVE-2024-50058 , CVE-2024-50059 , CVE-2024-50060 , CVE-2024-50061 , CVE-2024-50062 , CVE-2024-50063 , CVE-2024-50064 , CVE-2024-50065 , CVE-2024-50066 Description Vanilla upstream kernel version 6.6.58 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-52917 , CVE-2024-47670 , CVE-2024-47671 , CVE-2024-47672 , CVE-2024-47673 , CVE-2024-47675 , CVE-2024-47678 , CVE-2024-47679 , CVE-2024-47681 , CVE-2024-47682 , CVE-2024-47683 , CVE-2024-47684 , CVE-2024-47685 , CVE-2024-47686 , CVE-2024-47688 , CVE-2024-47689 , CVE-2024-47690 , CVE-2024-47691 , CVE-2024-47692 , CVE-2024-47693 , CVE-2024-47695 , CVE-2024-47696 , CVE-2024-47697 , CVE-2024-47698 , CVE-2024-47699 , CVE-2024-47700 , CVE-2024-47701 , CVE-2024-47704 , CVE-2024-47705 , CVE-2024-47706 , CVE-2024-47707 , CVE-2024-47709 , CVE-2024-47710 , CVE-2024-47712 , CVE-2024-47713 , CVE-2024-47714 , CVE-2024-47715 , CVE-2024-47716 , CVE-2024-47718 , CVE-2024-47719 , CVE-2024-47720 , CVE-2024-47722 , CVE-2024-47723 , CVE-2024-47725 , CVE-2024-47727 , CVE-2024-47728 , CVE-2024-47730 , CVE-2024-47731 , CVE-2024-47734 , CVE-2024-47735 , CVE-2024-47737 , CVE-2024-47738 , CVE-2024-47739 , CVE-2024-47740 , CVE-2024-47741 , CVE-2024-47742 , CVE-2024-47743 , CVE-2024-47744 , CVE-2024-47745 , CVE-2024-47747 , CVE-2024-47748 , CVE-2024-47749 , CVE-2024-47750 , CVE-2024-47751 , CVE-2024-47752 , CVE-2024-47753 , CVE-2024-47754 , CVE-2024-47755 , CVE-2024-47756 , CVE-2024-47757 , CVE-2024-49850 , CVE-2024-49851 , CVE-2024-49852 , CVE-2024-49853 , CVE-2024-49855 , CVE-2024-49856 , CVE-2024-49858 , CVE-2024-49859 , CVE-2024-49860 , CVE-2024-49861 , CVE-2024-49862 , CVE-2024-49863 , CVE-2024-49864 , CVE-2024-49866 , CVE-2024-49867 , CVE-2024-49868 , CVE-2024-49870 , CVE-2024-49871 , CVE-2024-49874 , CVE-2024-49875 , CVE-2024-49877 , CVE-2024-49878 , CVE-2024-49879 , CVE-2024-49881 , CVE-2024-49882 , CVE-2024-49883 , CVE-2024-49884 , CVE-2024-49886 , CVE-2024-49889 , CVE-2024-49890 , CVE-2024-49892 , CVE-2024-49894 , CVE-2024-49895 , CVE-2024-49896 , CVE-2024-49900 , CVE-2024-49901 , CVE-2024-49902 , CVE-2024-49903 , CVE-2024-49905 , CVE-2024-49907 , CVE-2024-49912 , CVE-2024-49913 , CVE-2024-49924 , CVE-2024-49925 , CVE-2024-49927 , CVE-2024-49929 , CVE-2024-49930 , CVE-2024-49931 , CVE-2024-49933 , CVE-2024-49935 , CVE-2024-49936 , CVE-2024-49937 , CVE-2024-49938 , CVE-2024-49939 , CVE-2024-49944 , CVE-2024-49946 , CVE-2024-49947 , CVE-2024-49948 , CVE-2024-49949 , CVE-2024-49950 , CVE-2024-49951 , CVE-2024-49952 , CVE-2024-49953 , CVE-2024-49954 , CVE-2024-49955 , CVE-2024-49957 , CVE-2024-49958 , CVE-2024-49959 , CVE-2024-49960 , CVE-2024-49961 , CVE-2024-49962 , CVE-2024-49963 , CVE-2024-49965 , CVE-2024-49966 , CVE-2024-49967 , CVE-2024-49969 , CVE-2024-49973 , CVE-2024-49975 , CVE-2024-49976 , CVE-2024-49977 , CVE-2024-49978 , CVE-2024-49980 , CVE-2024-49981 , CVE-2024-49982 , CVE-2024-49983 , CVE-2024-49985 , CVE-2024-49986 , CVE-2024-49987 , CVE-2024-49988 , CVE-2024-49989 , CVE-2024-49991 , CVE-2024-49992 , CVE-2024-49993 , CVE-2024-49995 , CVE-2024-49996 , CVE-2024-49997 , CVE-2024-50000 , CVE-2024-50001 , CVE-2024-50002 , CVE-2024-50003 , CVE-2024-50005 , CVE-2024-50006 , CVE-2024-50007 , CVE-2024-50008 , CVE-2024-50012 , CVE-2024-50013 , CVE-2024-50015 , CVE-2024-50016 , CVE-2024-50019 , CVE-2024-50022 , CVE-2024-50023 , CVE-2024-50024 , CVE-2024-50026 , CVE-2024-50029 , CVE-2024-50031 , CVE-2024-50032 , CVE-2024-50033 , CVE-2024-50035 , CVE-2024-50036 , CVE-2024-50038 , CVE-2024-50039 , CVE-2024-50040 , CVE-2024-50041 , CVE-2024-50044 , CVE-2024-50045 , CVE-2024-50046 , CVE-2024-50047 , CVE-2024-50048 , CVE-2024-50049 , CVE-2024-50055 , CVE-2024-50057 , CVE-2024-50058 , CVE-2024-50059 , CVE-2024-50060 , CVE-2024-50061 , CVE-2024-50062 , CVE-2024-50063 , CVE-2024-50064 , CVE-2024-50065 , CVE-2024-50066 Description Vanilla upstream kernel version 6.6.58 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=33669
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.53
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.54
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.55
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.56
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.57
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.58
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52917
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47670
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47671
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47672
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47673
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47675
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47678
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47679
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47681
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47682
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47683
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47684
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47685
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47686
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47688
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47689
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47690
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47691
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47692
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47693
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47695
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47696
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47697
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47698
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47699
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47700
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47701
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47704
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47705
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47706
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47707
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47709
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47710
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47712
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47715
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47716
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47718
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47719
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47720
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47722
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47723
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47725
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47727
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47728
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47730
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47731
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47734
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47735
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47737
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47738
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47739
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47740
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47741
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47742
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47743
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47744
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47745
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47747
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47748
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47749
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47750
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47751
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47752
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47753
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47754
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47755
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47756
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47757
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49850
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49851
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49852
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49853
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49855
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49856
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49858
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49859
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49860
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49861
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49862
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49863
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49864
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49866
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49867
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49868
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49870
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49871
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49874
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49875
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49877
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49878
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49879
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49881
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49882
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49883
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49884
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49886
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49889
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49890
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49892
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49894
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49895
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49896
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49900
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49901
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49902
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49903
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49905
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49907
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49912
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49913
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49924
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49925
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49927
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49929
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49930
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49931
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49933
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49935
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49936
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49937
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49938
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49939
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49944
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49946
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49947
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49948
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49949
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49950
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49951
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49952
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49953
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49954
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49955
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49957
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49958
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49959
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49960
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49961
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49962
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49963
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49965
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49966
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49967
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49969
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49973
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49975
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49976
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49977
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49978
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49980
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49981
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49982
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49983
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49986
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49987
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49988
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49989
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49991
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49992
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49993
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49995
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49996
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49997
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50000
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50001
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50002
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50003
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50005
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50006
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50007
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50008
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50012
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50015
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50016
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50019
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50022
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50023
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50024
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50026
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50029
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50031
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50032
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50033
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50035
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50036
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50038
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50039
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50040
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50041
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50044
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50045
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50046
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50047
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50048
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50049
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50055
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50057
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50058
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50059
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50060
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50061
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50062
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50063
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50064
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50065
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50066
- kernel-linus-6.6.58-2.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0222 - Updated mesa mesa packages fix bugs
Publication date: 02 Nov 2024
Type: bugfix
Affected Mageia releases : 9
Description This is the latest bugfix release for the mesa 24.2.x branch, that improves stability further. References SRPMS 9/tainted
Type: bugfix
Affected Mageia releases : 9
Description This is the latest bugfix release for the mesa 24.2.x branch, that improves stability further. References SRPMS 9/tainted
- mesa-24.2.5-1.mga9.tainted
- mesa-24.2.5-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0343 - Updated buildah, podman, skopeo packages fix security vulnerabilities
Publication date: 01 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-1753 , CVE-2024-3727 , CVE-2023-45290 , CVE-2024-28180 , CVE-2024-28176 , CVE-2024-9341 , CVE-2024-6104 , CVE-2024-9407 Description A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time. (CVE-2024-1753) A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (CVE-2024-3727) When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines. (CVE-2023-45290) Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. (CVE-2024-28180) jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5. (CVE-2024-28176) A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. (CVE-2024-9341) go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7. (CVE-2024-6104) A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. (CVE-2024-9407) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-1753 , CVE-2024-3727 , CVE-2023-45290 , CVE-2024-28180 , CVE-2024-28176 , CVE-2024-9341 , CVE-2024-6104 , CVE-2024-9407 Description A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time. (CVE-2024-1753) A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (CVE-2024-3727) When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines. (CVE-2023-45290) Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. (CVE-2024-28180) jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5. (CVE-2024-28176) A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. (CVE-2024-9341) go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7. (CVE-2024-6104) A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. (CVE-2024-9407) References
- https://bugs.mageia.org/show_bug.cgi?id=33036
- https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf
- https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR/
- https://lwn.net/Articles/978101/
- https://lwn.net/Articles/978102/
- https://lists.suse.com/pipermail/sle-security-updates/2024-July/018858.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/PJ4RBOYLRKSRUVS77S4OAZ7SQJWH36K2/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MYMA7BZJZTURAPGKHV2ACU3HBJTKVYMK/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1753
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28180
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28176
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6104
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9407
- buildah-1.37.4-1.mga9
- podman-4.9.5-1.mga9
- skopeo-1.16.1-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0342 - Updated bind packages fix security vulnerabilities
Publication date: 01 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-0760 , CVE-2024-1737 , CVE-2024-1975 , CVE-2024-4076 Description A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. (CVE-2024-0760) Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. (CVE-2024-1737) If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. (CVE-2024-1975) Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. (CVE-2024-4076) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-0760 , CVE-2024-1737 , CVE-2024-1975 , CVE-2024-4076 Description A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. (CVE-2024-0760) Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. (CVE-2024-1737) If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. (CVE-2024-1975) Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. (CVE-2024-4076) References
- https://bugs.mageia.org/show_bug.cgi?id=33437
- https://ubuntu.com/security/notices/USN-6909-1
- https://www.openwall.com/lists/oss-security/2024/07/23/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0760
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1737
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1975
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4076
- bind-9.18.28-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0221 - Updated libmateweather packages fix bug
Publication date: 01 Nov 2024
Type: bugfix
Affected Mageia releases : 9
Description The weather applet fail to fetch weather parameters; this update fixes the issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description The weather applet fail to fetch weather parameters; this update fixes the issue. References SRPMS 9/core
- libmateweather-1.26.3-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0220 - Updated python-networkx packages makes python3-matplotlib optional requirement
Publication date: 31 Oct 2024
Type: bugfix
Affected Mageia releases : 9
Description Installing python3-networkx pulls matplotlib, which requires python-qt5 and texlive, which increase the total size of packages to download. This update makes python3-matplotlib an optional requirement that can be avoided if you use --no-recommends with urpmi from command line.. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Installing python3-networkx pulls matplotlib, which requires python-qt5 and texlive, which increase the total size of packages to download. This update makes python3-matplotlib an optional requirement that can be avoided if you use --no-recommends with urpmi from command line.. References SRPMS 9/core
- python-networkx-2.8.8-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0219 - Updated nextcloud-client to 3.13.4 branch
Publication date: 31 Oct 2024
Type: bugfix
Affected Mageia releases : 9
Description Fix release kind detection by @ivaradi in #7034 docs: conf file option moveToTrash is no longer Linux specific by @backportbot in #7047 only add Encrypt context menu entry for top folder in settings dialog by @backportbot in #7063 add missing exception handling by @backportbot in #7081 do not ignore paths containing 2 "#" characters by @backportbot in #7087 Narrow down ReadWrite folder permission to owner by @backportbot in #7092 Fix building of client on macOS 10.13 and 10.14 by @backportbot in #7099 Bugfix/delete read only remnants folders by @backportbot in #7107 Bugfix/fix one rename issue by @backportbot in #7111 And more in the references. References
Type: bugfix
Affected Mageia releases : 9
Description Fix release kind detection by @ivaradi in #7034 docs: conf file option moveToTrash is no longer Linux specific by @backportbot in #7047 only add Encrypt context menu entry for top folder in settings dialog by @backportbot in #7063 add missing exception handling by @backportbot in #7081 do not ignore paths containing 2 "#" characters by @backportbot in #7087 Narrow down ReadWrite folder permission to owner by @backportbot in #7092 Fix building of client on macOS 10.13 and 10.14 by @backportbot in #7099 Bugfix/delete read only remnants folders by @backportbot in #7107 Bugfix/fix one rename issue by @backportbot in #7111 And more in the references. References
- https://bugs.mageia.org/show_bug.cgi?id=33458
- https://github.com/nextcloud/desktop/releases/tag/v3.12.6
- https://github.com/nextcloud/desktop/releases/tag/v3.12.7
- https://github.com/nextcloud/desktop/releases/tag/v3.13.0
- https://github.com/nextcloud/desktop/releases/tag/v3.13.1
- https://github.com/nextcloud/desktop/releases/tag/v3.13.2
- https://github.com/nextcloud/desktop/releases/tag/v3.13.3
- https://github.com/nextcloud/desktop/releases/tag/v3.13.4
- nextcloud-client-3.13.4-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0341 - Updated chromium-browser-stable packages fix security vulnerabilities
Publication date: 29 Oct 2024
Type: security
Affected Mageia releases : 9
Description Integer overflow in Layout. (CVE-2024-7025) Insufficient data validation in Mojo. (CVE-2024-9369) Inappropriate implementation in V8. (CVE-2024-9370) Type Confusion in V8. (CVE-2024-9602) Type Confusion in V8. (CVE-2024-9603) References
Type: security
Affected Mageia releases : 9
Description Integer overflow in Layout. (CVE-2024-7025) Insufficient data validation in Mojo. (CVE-2024-9369) Inappropriate implementation in V8. (CVE-2024-9370) Type Confusion in V8. (CVE-2024-9602) Type Confusion in V8. (CVE-2024-9603) References
- https://bugs.mageia.org/show_bug.cgi?id=33688
- https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html
- chromium-browser-stable-128.0.6613.137-2.mga9.tainted
Categorías: Actualizaciones de Seguridad
MGAA-2024-0218 - Updated python-pandas package fixes unneeded dependencies
Publication date: 29 Oct 2024
Type: bugfix
Affected Mageia releases : 9
Description Installing python3-pandas pulls matplotlib, which requires python-qt5 and texlive, which is more than 1 Gb. However, this dependency is not in the python package; it is added only in our spec. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Installing python3-pandas pulls matplotlib, which requires python-qt5 and texlive, which is more than 1 Gb. However, this dependency is not in the python package; it is added only in our spec. References SRPMS 9/core
- python-pandas-1.4.1-2.1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0217 - Updated php packages fix bugs
Publication date: 29 Oct 2024
Type: bugfix
Affected Mageia releases : 9
Description This update fixes a bunch of segmentation faults and assertion errors. For details see the linked reference. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description This update fixes a bunch of segmentation faults and assertion errors. For details see the linked reference. References SRPMS 9/core
- php-8.2.25-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0340 - Updated redis packages fix security vulnerabilities
Publication date: 27 Oct 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-31227 , CVE-2024-31228 , CVE-2024-31449 Description An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. (CVE-2024-31227) Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. (CVE-2024-31228) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. (CVE-2024-31449) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-31227 , CVE-2024-31228 , CVE-2024-31449 Description An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. (CVE-2024-31227) Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. (CVE-2024-31228) An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. (CVE-2024-31449) References
- https://bugs.mageia.org/show_bug.cgi?id=33643
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EMP3URK6CE4LGQZ7V2GD23UVMTFM7K46/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31227
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31228
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31449
- redis-7.0.14-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0339 - Updated cpanminus packages fix security vulnerability
Publication date: 27 Oct 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45321 Description The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. (CVE-2024-45321) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45321 Description The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. (CVE-2024-45321) References
- https://bugs.mageia.org/show_bug.cgi?id=33631
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5W36RUTOUQ2VUGWG2FCEBOWNRYS6RBI/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45321
- cpanminus-1.704.500-2.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0338 - Updated mozjs78 packages fix security vulnerabilities
Publication date: 27 Oct 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45490 , CVE-2024-45491 , CVE-2024-45492 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. (CVE-2024-45490) An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45491) An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45492) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45490 , CVE-2024-45491 , CVE-2024-45492 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. (CVE-2024-45490) An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45491) An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45492) References
- https://bugs.mageia.org/show_bug.cgi?id=33630
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/NII5WWMANSN5NYNMNOK7LJ2P5FT7TW5X/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492
- mozjs78-78.15.0-7.1.mga9
Categorías: Actualizaciones de Seguridad
