Mageia Security
MGASA-2025-0331 - Updated webkit2 packages fix security vulnerabilities
Publication date: 21 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43501 , CVE-2025-43531 , CVE-2025-43535 , CVE-2025-43536 Description CVE-2025-43501 Processing maliciously crafted web content may lead to an unexpected process crash. Description: A buffer overflow issue was addressed with improved memory handling. VE-2025-43531Processing maliciously crafted web content may lead to an unexpected process crash. Description: A race condition was addressed with improved state handling. CVE-2025-43535 Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling. CVE-2025-43536 Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43501 , CVE-2025-43531 , CVE-2025-43535 , CVE-2025-43536 Description CVE-2025-43501 Processing maliciously crafted web content may lead to an unexpected process crash. Description: A buffer overflow issue was addressed with improved memory handling. VE-2025-43531Processing maliciously crafted web content may lead to an unexpected process crash. Description: A race condition was addressed with improved state handling. CVE-2025-43535 Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling. CVE-2025-43536 Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management. References
- https://bugs.mageia.org/show_bug.cgi?id=34866
- https://webkitgtk.org/security/WSA-2025-0010.html
- https://webkitgtk.org/2025/12/16/webkitgtk2.50.4-released.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43501
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43531
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43535
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43536
- webkit2-2.50.4-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0330 - Updated php packages fix security vulnerabilities
Publication date: 21 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14180 , CVE-2025-14178 , CVE-2025-14177 Description Opcache: - Reset global pointers to prevent use-after-free in zend_jit_status. PDO: - Fixed PDO quoting result null deref. Standard: - Fixed Null byte termination in dns_get_record - Heap buffer overflow in array_merge - Information Leak of Memory in getimagesize References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14180 , CVE-2025-14178 , CVE-2025-14177 Description Opcache: - Reset global pointers to prevent use-after-free in zend_jit_status. PDO: - Fixed PDO quoting result null deref. Standard: - Fixed Null byte termination in dns_get_record - Heap buffer overflow in array_merge - Information Leak of Memory in getimagesize References
- https://bugs.mageia.org/show_bug.cgi?id=34873
- https://www.php.net/ChangeLog-8.php#8.2.30
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14180
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14178
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14177
- php-8.2.30-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0329 - Updated thunderbird packages fix security vulnerabilities
Publication date: 15 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14321 , CVE-2025-14322 , CVE-2025-14323 , CVE-2025-14324 , CVE-2025-14325 , CVE-2025-14328 , CVE-2025-14329 , CVE-2025-14330 , CVE-2025-14331 , CVE-2025-14333 Description Use-after-free in the WebRTC: Signaling component. (CVE-2025-14321) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2025-14322) Privilege escalation in the DOM: Notifications component. (CVE-2025-14323) IT miscompilation in the JavaScript Engine: JIT component. (CVE-2025-14324, CVE-2025-14325, CVE-2025-14330) Privilege escalation in the Netmonitor component. (CVE-2025-14328, CVE-2025-14329) Same-origin policy bypass in the Request Handling component. (CVE-2025-14331) Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. (CVE-2025-14333) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14321 , CVE-2025-14322 , CVE-2025-14323 , CVE-2025-14324 , CVE-2025-14325 , CVE-2025-14328 , CVE-2025-14329 , CVE-2025-14330 , CVE-2025-14331 , CVE-2025-14333 Description Use-after-free in the WebRTC: Signaling component. (CVE-2025-14321) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2025-14322) Privilege escalation in the DOM: Notifications component. (CVE-2025-14323) IT miscompilation in the JavaScript Engine: JIT component. (CVE-2025-14324, CVE-2025-14325, CVE-2025-14330) Privilege escalation in the Netmonitor component. (CVE-2025-14328, CVE-2025-14329) Same-origin policy bypass in the Request Handling component. (CVE-2025-14331) Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. (CVE-2025-14333) References
- https://bugs.mageia.org/show_bug.cgi?id=34820
- https://www.thunderbird.net/en-US/thunderbird/140.6.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14321
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14322
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14323
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14324
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14325
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14328
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14329
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14330
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14331
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14333
- thunderbird-140.6.0-1.mga9
- thunderbird-l10n-140.6.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0328 - Updated nspr, nss & firefox packages fix security vulnerabilities
Publication date: 15 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14321 , CVE-2025-14322 , CVE-2025-14323 , CVE-2025-14324 , CVE-2025-14325 , CVE-2025-14328 , CVE-2025-14329 , CVE-2025-14330 , CVE-2025-14331 , CVE-2025-14333 Description Use-after-free in the WebRTC: Signaling component. (CVE-2025-14321) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2025-14322) Privilege escalation in the DOM: Notifications component. (CVE-2025-14323) JIT miscompilation in the JavaScript Engine: JIT component. (CVE-2025-14324, CVE-2025-14325, CVE-2025-14330) Privilege escalation in the Netmonitor component. (CVE-2025-14328, CVE-2025-14329) Same-origin policy bypass in the Request Handling component. (CVE-2025-14331) Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. (CVE-2025-14333) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14321 , CVE-2025-14322 , CVE-2025-14323 , CVE-2025-14324 , CVE-2025-14325 , CVE-2025-14328 , CVE-2025-14329 , CVE-2025-14330 , CVE-2025-14331 , CVE-2025-14333 Description Use-after-free in the WebRTC: Signaling component. (CVE-2025-14321) Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. (CVE-2025-14322) Privilege escalation in the DOM: Notifications component. (CVE-2025-14323) JIT miscompilation in the JavaScript Engine: JIT component. (CVE-2025-14324, CVE-2025-14325, CVE-2025-14330) Privilege escalation in the Netmonitor component. (CVE-2025-14328, CVE-2025-14329) Same-origin policy bypass in the Request Handling component. (CVE-2025-14331) Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. (CVE-2025-14333) References
- https://bugs.mageia.org/show_bug.cgi?id=34814
- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/-FCacePkmj8
- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/V7GVSScpn5w
- https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/qFuz87KunGc
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_118.html
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_118_1.html
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_119.html
- https://www.firefox.com/en-US/firefox/140.6.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14321
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14322
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14323
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14324
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14325
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14328
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14329
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14330
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14331
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14333
- nspr-4.38.2-1.mga9
- nss-3.119.0-1.mga9
- firefox-140.6.0-1.mga9
- firefox-l10n-140.6.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0327 - Updated ffmpeg packages fix security vulnerabilities
Publication date: 15 Dec 2025
Type: security
Affected Mageia releases : 9
Description Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. References
Type: security
Affected Mageia releases : 9
Description Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. References
- https://bugs.mageia.org/show_bug.cgi?id=34832
- https://lists.debian.org/debian-security-announce/2025/msg00245.html
- ffmpeg-5.1.8-1.mga9
- ffmpeg-5.1.8-1.mga9.tainted
Categorías: Actualizaciones de Seguridad
MGAA-2025-0105 - Updated sansimera-qt packages fix bugs
Publication date: 15 Dec 2025
Type: bugfix
Affected Mageia releases : 9
Description Current version has a bogus requirement on python3-sip. Current version misses a python3-lxml requirement. Current version crashes after downloading images. The updated package fixes the reported issues. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Current version has a bogus requirement on python3-sip. Current version misses a python3-lxml requirement. Current version crashes after downloading images. The updated package fixes the reported issues. References SRPMS 9/core
- sansimera-qt-1.1.0-1.3.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0326 - Updated golang packages fix security vulnerabilities
Publication date: 13 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-61727 , CVE-2025-61729 Description Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509. (CVE-2025-61727) Excessive resource consumption when printing error string for host certificate validation in crypto/x509. (CVE-2025-61729) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-61727 , CVE-2025-61729 Description Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509. (CVE-2025-61727) Excessive resource consumption when printing error string for host certificate validation in crypto/x509. (CVE-2025-61729) References
- https://bugs.mageia.org/show_bug.cgi?id=34810
- https://www.openwall.com/lists/oss-security/2025/12/05/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61727
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729
- golang-1.24.11-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0104 - Updated codeblocks packages fix bug
Publication date: 13 Dec 2025
Type: bugfix
Affected Mageia releases : 9
Description codeblocks was absent from the Mageia 9 repositories. We are shipping the latest release to fix the issue. cross-avr-gcc is not yet present and it is suggested it could be replaced by cross-gcc. If that doesn't work please open other bug report. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description codeblocks was absent from the Mageia 9 repositories. We are shipping the latest release to fix the issue. cross-avr-gcc is not yet present and it is suggested it could be replaced by cross-gcc. If that doesn't work please open other bug report. References SRPMS 9/core
- codeblocks-25.03-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0325 - Updated webkit2 packages fix security vulnerabilities
Publication date: 09 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13947 , CVE-2025-43421 , CVE-2025-43458 , CVE-2025-66287 Description A website may be able to exfiltrate sensitive system information. Description: The issue was addressed through improved state checks - CVE-2025-13947. Processing maliciously crafted web content may lead to an unexpected process crash. Description: Multiple issues were addressed by disabling array allocation sinking - CVE-2025-43421. Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed through improved state management - CVE-2025-43458. Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling - CVE-2025-66287. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13947 , CVE-2025-43421 , CVE-2025-43458 , CVE-2025-66287 Description A website may be able to exfiltrate sensitive system information. Description: The issue was addressed through improved state checks - CVE-2025-13947. Processing maliciously crafted web content may lead to an unexpected process crash. Description: Multiple issues were addressed by disabling array allocation sinking - CVE-2025-43421. Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed through improved state management - CVE-2025-43458. Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling - CVE-2025-66287. References
- https://bugs.mageia.org/show_bug.cgi?id=34802
- https://webkitgtk.org/security/WSA-2025-0009.html
- https://webkitgtk.org/2025/12/04/webkitgtk2.50.3-released.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13947
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43421
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43458
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66287
- webkit2-2.50.3-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0324 - Updated python3 packages fix security vulnerabilities
Publication date: 09 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13836 , CVE-2025-13837 , CVE-2025-12084 Description Excessive read buffering DoS in http.client. (CVE-2025-13836) Out-of-memory when loading Plist. (CVE-2025-13837) Quadratic complexity in node ID cache clearing. (CVE-2025-12084) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13836 , CVE-2025-13837 , CVE-2025-12084 Description Excessive read buffering DoS in http.client. (CVE-2025-13836) Out-of-memory when loading Plist. (CVE-2025-13837) Quadratic complexity in node ID cache clearing. (CVE-2025-12084) References
- https://bugs.mageia.org/show_bug.cgi?id=34808
- https://www.openwall.com/lists/oss-security/2025/12/05/5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13836
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13837
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12084
- python3-3.10.18-1.5.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0323 - Updated libpng packages fix security vulnerability
Publication date: 08 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-66293 Description LIBPNG has an out-of-bounds read in png_image_read_composite. (CVE-2025-66293) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-66293 Description LIBPNG has an out-of-bounds read in png_image_read_composite. (CVE-2025-66293) References
- https://bugs.mageia.org/show_bug.cgi?id=34799
- https://www.openwall.com/lists/oss-security/2025/12/03/5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293
- libpng-1.6.38-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0322 - Updated apache packages fix security vulnerabilities
Publication date: 08 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-55753 , CVE-2025-58098 , CVE-2025-65082 , CVE-2025-66200 Description Apache HTTP Server: mod_md (ACME), unintended retry intervals. (CVE-2025-55753) Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. (CVE-2025-58098) Apache HTTP Server: CGI environment variable override. (CVE-2025-65082) Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo. (CVE-2025-66200) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-55753 , CVE-2025-58098 , CVE-2025-65082 , CVE-2025-66200 Description Apache HTTP Server: mod_md (ACME), unintended retry intervals. (CVE-2025-55753) Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. (CVE-2025-58098) Apache HTTP Server: CGI environment variable override. (CVE-2025-65082) Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo. (CVE-2025-66200) References
- https://bugs.mageia.org/show_bug.cgi?id=34803
- https://www.openwall.com/lists/oss-security/2025/12/04/4
- https://www.openwall.com/lists/oss-security/2025/12/04/5
- https://www.openwall.com/lists/oss-security/2025/12/04/7
- https://www.openwall.com/lists/oss-security/2025/12/04/8
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55753
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58098
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65082
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66200
- apache-2.4.66-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0321 - Updated xkbcomp packages fix security vulnerabilities
Publication date: 04 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2018-15853 , CVE-2018-15859 , CVE-2018-15861 , CVE-2018-15863 Description Endless recursion in xkbcomp/expr.c resulting in a crash. (CVE-2018-15853) NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash. (CVE-2018-15859) NULL pointer dereference in ExprResolveLhs resulting in a crash. (CVE-2018-15861) NULL pointer dereference in ResolveStateAndPredicate resulting in a crash. (CVE-2018-15863) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2018-15853 , CVE-2018-15859 , CVE-2018-15861 , CVE-2018-15863 Description Endless recursion in xkbcomp/expr.c resulting in a crash. (CVE-2018-15853) NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash. (CVE-2018-15859) NULL pointer dereference in ExprResolveLhs resulting in a crash. (CVE-2018-15861) NULL pointer dereference in ResolveStateAndPredicate resulting in a crash. (CVE-2018-15863) References
- https://bugs.mageia.org/show_bug.cgi?id=34796
- https://www.openwall.com/lists/oss-security/2025/12/03/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15853
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15859
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15861
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15863
- xkbcomp-1.4.6-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0320 - Updated python-django packages fix security vulnerabilities
Publication date: 04 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13372 , CVE-2025-64460 Description Potential SQL injection in FilteredRelation column aliases on PostgreSQL. (CVE-2025-13372) Potential denial-of-service vulnerability in XML serializer text extraction. (CVE-2025-64460) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13372 , CVE-2025-64460 Description Potential SQL injection in FilteredRelation column aliases on PostgreSQL. (CVE-2025-13372) Potential denial-of-service vulnerability in XML serializer text extraction. (CVE-2025-64460) References
- https://bugs.mageia.org/show_bug.cgi?id=34795
- https://www.openwall.com/lists/oss-security/2025/12/02/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13372
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64460
- python-django-4.1.13-1.9.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0319 - Updated webkit2 packages fix security vulnerabilities
Publication date: 04 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43392 , CVE-2025-43419 , CVE-2025-43425 , CVE-2025-43427 , CVE-2025-43429 , CVE-2025-43430 , CVE-2025-43431 , CVE-2025-43432 , CVE-2025-43434 , CVE-2025-43440 , CVE-2025-43443 , CVE-2025-43421 Description The updated packages fix security vulnerabilities: CVE-2025-43392, CVE-2025-43419, CVE-2025-43425, CVE-2025-43427, CVE-2025-43429, CVE-2025-43430, CVE-2025-43431, CVE-2025-43432, CVE-2025-43434, CVE-2025-43440, CVE-2025-43443, CVE-2025-43421. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43392 , CVE-2025-43419 , CVE-2025-43425 , CVE-2025-43427 , CVE-2025-43429 , CVE-2025-43430 , CVE-2025-43431 , CVE-2025-43432 , CVE-2025-43434 , CVE-2025-43440 , CVE-2025-43443 , CVE-2025-43421 Description The updated packages fix security vulnerabilities: CVE-2025-43392, CVE-2025-43419, CVE-2025-43425, CVE-2025-43427, CVE-2025-43429, CVE-2025-43430, CVE-2025-43431, CVE-2025-43432, CVE-2025-43434, CVE-2025-43440, CVE-2025-43443, CVE-2025-43421. References
- https://bugs.mageia.org/show_bug.cgi?id=34792
- https://webkitgtk.org/security/WSA-2025-0008.html
- https://webkitgtk.org/2025/11/19/webkitgtk2.50.2-released.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43392
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43419
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43425
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43427
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43429
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43430
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43431
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43432
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43434
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43440
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43443
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43421
- webkit2-2.50.2-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0318 - Updated unbound packages fix security vulnerabilities
Publication date: 04 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-11411 Description Possible domain hijacking via promiscuous records in the authority section. (CVE-2025-11411). Previous fixes for CVE-2025-11411 released with Unbound 1.24.1 were not complete. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-11411 Description Possible domain hijacking via promiscuous records in the authority section. (CVE-2025-11411). Previous fixes for CVE-2025-11411 released with Unbound 1.24.1 were not complete. References
- https://bugs.mageia.org/show_bug.cgi?id=34785
- https://advisories.mageia.org/MGASA-2025-0273.html
- https://www.openwall.com/lists/oss-security/2025/11/26/4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11411
- unbound-1.24.2-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0317 - Updated gnutls packages fix security vulnerability
Publication date: 04 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9820 Description Stack write buffer overflow. (CVE-2025-9820) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9820 Description Stack write buffer overflow. (CVE-2025-9820) References
- https://bugs.mageia.org/show_bug.cgi?id=34760
- https://www.openwall.com/lists/oss-security/2025/11/20/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820
- gnutls-3.8.4-1.3.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0316 - Updated libraw, digikam & darktable packages fix security vulnerabilities
Publication date: 04 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43961 , CVE-2025-43962 , CVE-2025-43963 , CVE-2025-43964 Description In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. (CVE-2025-43961) In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. (CVE-2025-43962) In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. (CVE-2025-43963) In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. (CVE-2025-43964) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43961 , CVE-2025-43962 , CVE-2025-43963 , CVE-2025-43964 Description In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. (CVE-2025-43961) In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. (CVE-2025-43962) In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. (CVE-2025-43963) In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. (CVE-2025-43964) References
- https://bugs.mageia.org/show_bug.cgi?id=34221
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDAIVZ4BSSDOYXE25CJ6Z7KXPOF4A6GL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMNI4GAUYVWHWJ2MPCIEMWUBTIM32E2H/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3I3BWKSTHKFJDS7ZRYZSMCPXZLSPJKIW/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43961
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43962
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43963
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43964
- libraw-0.20.2-5.1.mga9
- digikam-8.4.0-1.1.mga9
- darktable-4.6.1-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0315 - Updated cups packages fix security vulnerabilities
Publication date: 03 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-58436 , CVE-2025-61915 Description The updated packages fix security vulnerabilities and a regression with GTK+ apps caused by the fix for CVE-2025-58436: OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack. (CVE-2025-58436) OpenPrinting CUPS vulnerable to stack based out-of-bound write. (CVE-2025-61915) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-58436 , CVE-2025-61915 Description The updated packages fix security vulnerabilities and a regression with GTK+ apps caused by the fix for CVE-2025-58436: OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack. (CVE-2025-58436) OpenPrinting CUPS vulnerable to stack based out-of-bound write. (CVE-2025-61915) References
- https://bugs.mageia.org/show_bug.cgi?id=34786
- https://www.openwall.com/lists/oss-security/2025/11/27/4
- https://www.openwall.com/lists/oss-security/2025/11/27/5
- https://github.com/OpenPrinting/cups/issues/1429
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58436
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61915
- cups-2.4.6-1.5.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0314 - Updated libpng packages fix security vulnerabilities
Publication date: 01 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-64505 , CVE-2025-64506 , CVE-2025-64720 , CVE-2025-65018 Description LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index. (CVE-2025-64505) LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images. (CVE-2025-64506) LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication. (CVE-2025-64720) LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`. (CVE-2025-65018) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-64505 , CVE-2025-64506 , CVE-2025-64720 , CVE-2025-65018 Description LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index. (CVE-2025-64505) LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images. (CVE-2025-64506) LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication. (CVE-2025-64720) LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`. (CVE-2025-65018) References
- https://bugs.mageia.org/show_bug.cgi?id=34766
- https://www.openwall.com/lists/oss-security/2025/11/22/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018
- libpng-1.6.38-1.1.mga9
Categorías: Actualizaciones de Seguridad
