Mageia Security

Feed
Mageia Advisories
Updated: hace 16 horas 7 minutos

MGASA-2025-0128 - Updated augeas packages fix security vulnerability

5 Abril, 2025 - 19:46
Publication date: 05 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2588 Description Hercules Augeas fa.c re_case_expand null pointer dereference. (CVE-2025-2588) References SRPMS 9/core
  • augeas-1.12.0-4.1.mga9

MGASA-2025-0127 - Updated corosync packages fix security vulnerability

5 Abril, 2025 - 19:46
Publication date: 05 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-30472 Description Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet. (CVE-2025-30472) References SRPMS 9/core
  • corosync-3.1.7-1.1.mga9

MGASA-2025-0126 - Updated thunderbird packages fix security vulnerabilities

5 Abril, 2025 - 19:46
Publication date: 05 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3028 , CVE-2025-3029 , CVE-2025-3030 Description Use-after-free triggered by XSLTProcessor. (CVE-2025-3028) URL Bar Spoofing via non-BMP Unicode characters. (CVE-2025-3029) Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. (CVE-2025-3030) References SRPMS 9/core
  • thunderbird-128.9.0-1.mga9
  • thunderbird-l10n-128.9.0-1.mga9

MGASA-2025-0125 - Updated nss & firefox packages fix security vulnerabilities

5 Abril, 2025 - 19:46
Publication date: 05 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3028 , CVE-2025-3029 , CVE-2025-3030 Description Use-after-free triggered by XSLTProcessor. (CVE-2025-3028) URL Bar Spoofing via non-BMP Unicode characters. (CVE-2025-3029) Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. (CVE-2025-3030) References SRPMS 9/core
  • firefox-128.9.0-1.mga9
  • firefox-l10n-128.9.0-1.mga9
  • nss-3.110.0-1.mga9

MGAA-2025-0035 - Updated wapiti, python-browser-cookie3, python-httpx packages fix bug

5 Abril, 2025 - 19:46
Publication date: 05 Apr 2025
Type: bugfix
Affected Mageia releases : 9
Description The current version of wapiti is not compatible with our version of python3-httpx and python3-browser-cookie3 lacks some runtime requirements. We update the necessary packages to fix this issue, and to be able to build wapiti version 3.1.4 it was necessary to import some new packages as part of its build and runtime requirements. References SRPMS 9/core
  • python-browser-cookie3-0.20.1-1.mga9
  • python-socksio-1.0.0-1.1.mga9
  • python-httpx-0.23.0-1.1.mga9
  • python-aiomcache-0.8.2-1.mga9
  • python-aiosqlite-0.20.0-1.mga9
  • python-aiocache-0.12.3-1.mga9
  • python-arsenic-21.8-1.mga9
  • python-maturin-1.2.3-1.mga9
  • python-mitmproxy-wireguard-0.1.23-1.mga9
  • python3-loguru-0.5.3-1.mga9
  • wapiti-3.1.4-1.mga9

MGASA-2025-0124 - Updated microcode packages fix security vulnerability

3 Abril, 2025 - 23:52
Publication date: 03 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-56161 Description Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP. (CVE-2024-56161) References SRPMS 9/nonfree
  • microcode-0.20250211-2.mga9.nonfree

MGASA-2025-0123 - Updated curl packages fix security vulnerabilities

3 Abril, 2025 - 02:36
Publication date: 03 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0167 , CVE-2025-0665 , CVE-2025-0725 Description When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. The fix was included previously as part of MGAA-2025-0004. References SRPMS 9/core
  • curl-7.88.1-4.6.mga9

MGAA-2025-0034 - Updated packages fix bug

3 Abril, 2025 - 01:10
Publication date: 03 Apr 2025
Type: bugfix
Affected Mageia releases : 9
Description opencpn-celestial-navigation-plugin, opencpn-weather-routing-plugin and opencpn-weatherfax-plugin have improvements, useful for sailors using OpenCPN (a navigation chart plotter). References SRPMS 9/core
  • opencpn-celestial-navigation-plugin-2.4.47.0-1.mga9
  • opencpn-weather-routing-plugin-1.15.21.22-1.mga9
  • opencpn-weatherfax-plugin-1.10.17.0-1.mga9

MGAA-2025-0033 - Updated opencpn-o-charts-plugin packages fix bug

3 Abril, 2025 - 01:10
Publication date: 03 Apr 2025
Type: bugfix
Affected Mageia releases : 9
Description This new version of opencpn-o-charts-plugin contains a new nonfree binary for aarch64 but no major change for the other arches. References SRPMS 9/nonfree
  • opencpn-o-charts-plugin-2.0.30.0-1.mga9.nonfree

MGASA-2025-0122 - Updated upx packages fix security vulnerability

2 Abril, 2025 - 22:53
Publication date: 02 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2849 Description UPX p_lx_elf.cpp un_DT_INIT heap-based overflow. (CVE-2025-2849) References SRPMS 9/core
  • upx-4.2.3-1.1.mga9

MGASA-2025-0121 - Updated zvbi packages fix security vulnerabilities

31 Marzo, 2025 - 16:54
Publication date: 31 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2173 , CVE-2025-2174 , CVE-2025-2175 , CVE-2025-2176 , CVE-2025-2177 Description A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2173). A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue(A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2176). A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2175). A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2177) A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2174). References SRPMS 9/core
  • zvbi-0.2.44-1.mga9

MGASA-2025-0119 - Updated elfutils packages fix security vulnerabilities

31 Marzo, 2025 - 16:54
Publication date: 31 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-25260 , CVE-2025-1372 , CVE-2025-1377 Description elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. (CVE-2024-25260) GNU elfutils eu-readelf readelf.c print_string_section buffer overflow. (CVE-2025-1372) GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service. (CVE-2025-1377) References SRPMS 9/core
  • elfutils-0.189-1.1.mga9

MGASA-2025-0118 - Updated chromium-browser-stable packages fix security vulnerability

27 Marzo, 2025 - 17:14
Publication date: 27 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2476 Description Use after free in Lens. (CVE-2025-2476) References SRPMS 9/tainted
  • chromium-browser-stable-134.0.6998.117-1.mga9.tainted

MGASA-2025-0117 - Updated dcmtk packages fix security vulnerability

26 Marzo, 2025 - 04:43
Publication date: 26 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2357 Description DCMTK dcmjpls JPEG-LS Decoder memory corruption. (CVE-2025-2357) References SRPMS 9/core
  • dcmtk-3.6.7-4.5.mga9

MGASA-2025-0116 - Updated radare2 packages fix security vulnerabilities

26 Marzo, 2025 - 04:43
Publication date: 26 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-56737 , CVE-2025-1744 , CVE-2025-1864 Description Buffer overflow in the HFS parser from grub2. (CVE-2024-56737) Out-of-bounds Write in radare2. (CVE-2025-1744) Buffer Overflow and Potential Code Execution in Radare2. (CVE-2025-1864) References SRPMS 9/core
  • radare2-5.8.8-1.6.mga9

MGASA-2025-0115 - Updated bluez packages fix security vulnerabilities

26 Marzo, 2025 - 04:43
Publication date: 26 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-44431 , CVE-2023-51580 , CVE-2023-51589 , CVE-2023-51592 , CVE-2023-51594 , CVE-2023-51596 Description BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2023-44431) BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. (CVE-2023-51580) BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. (CVE-2023-51589) BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. (CVE-2023-51592) BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. (CVE-2023-51594) BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2023-51596) References SRPMS 9/core
  • bluez-5.80-1.mga9

MGASA-2025-0114 - Updated ffmpeg packages fix security vulnerability

26 Marzo, 2025 - 04:43
Publication date: 26 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-12361 Description FFmpeg NULL Pointer Dereference. (CVE-2024-12361) References SRPMS 9/core
  • ffmpeg-5.1.6-1.5.mga9
9/tainted
  • ffmpeg-5.1.6-1.5.mga9.tainted

MGASA-2025-0113 - Updated wpa_supplicant & hostapd packages fix security vulnerability

24 Marzo, 2025 - 18:27
Publication date: 24 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-24912 Description hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail. (CVE-2025-24912) References SRPMS 9/core
  • hostapd-2.11-1.1.mga9
  • wpa_supplicant-2.11-1.1.mga9

MGASA-2025-0112 - Updated kernel-linus packages fix security vulnerabilities

24 Marzo, 2025 - 18:27
Publication date: 24 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-58088 , CVE-2025-21838 , CVE-2025-21844 , CVE-2025-21846 , CVE-2025-21847 , CVE-2025-21848 , CVE-2025-21853 , CVE-2025-21854 , CVE-2025-21855 , CVE-2025-21856 , CVE-2025-21857 , CVE-2025-21858 , CVE-2025-21859 , CVE-2025-21862 , CVE-2025-21863 , CVE-2025-21864 , CVE-2025-21865 , CVE-2025-21866 Description Vanilla upstream kernel version 6.6.83 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References SRPMS 9/core
  • kernel-linus-6.6.83-1.mga9