Mageia Security

Feed
Mageia Advisories
Updated: hace 1 hora 39 minutos

MGAA-2025-0042 - Updated mesa, wayland, wayland-protocols, libdrm, weston, mutter, kwayland, kwayland-integration,egl-wayland, mesa-demos, kwin, xdg-desktop-portal-gtk & xdg-desktop-portal-kde packages fix bugs

28 Abril, 2025 - 23:04
Publication date: 28 Apr 2025
Type: bugfix
Affected Mageia releases : 9
Description Upstream fixed many bugs and made improvements since our current version. Please see the links for details. References SRPMS 9/core
  • libdrm-2.4.124-1.mga9
  • wayland-1.23.1-1.mga9
  • wayland-protocols-1.43-1.mga9
  • mesa-25.0.4-1.mga9
  • weston-11.0.1-1.1.mga9
  • mutter-44.2-1.1.mga9
  • kwayland-integration-5.27.10-1.1.mga9
  • egl-wayland-1.1.11-1.1.mga9
  • mesa-demos-8.5.0-3.1.mga9
  • kwayland-5.114.0-1.1.mga9
  • kwin-5.27.10-1.1.mga9
  • xdg-desktop-portal-gtk-1.15.3-1.mga9
  • xdg-desktop-portal-kde-5.27.10-1.1.mga9
  • layer-shell-qt-5.27.10-1.1.mga9
9/tainted
  • mesa-25.0.4-1.mga9.tainted

MGASA-2025-0139 - Updated libxml2 packages fix security vulnerabilities

25 Abril, 2025 - 18:34
Publication date: 25 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32414 , CVE-2025-32415 Description [CVE-2025-32414] Buffer overflow when parsing text streams with Python API [CVE-2025-32415] Heap-based Buffer Overflow in xmlSchemaIDCFillNodeTables References SRPMS 9/core
  • libxml2-2.10.4-1.7.mga9

MGASA-2025-0138 - Updated haproxy packages fix security vulnerability

25 Abril, 2025 - 18:34
Publication date: 25 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32464 Description BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refsAleandro Prudenzano of Doyensec and Edoardo Geraci of Codean Labs reported a bug in sample_conv_regsub(), which can cause replacements of multiple back-references to overflow the temporary trash buffer. The problem happens when doing "regsub(match,replacement,g)": we're replacing every occurrence of "match" with "replacement" in the input sample, which requires a length check. For this, a max is applied, so that a replacement may not use more than the remaining length in the buffer. However, the length check is made on the replaced pattern and not on the temporary buffer used to carry the new string. This results in the remaining size to be usable for each input match, which can go beyond the temporary buffer size if more than one occurrence has to be replaced with something that's larger than the remaining room. References SRPMS 9/core
  • haproxy-2.8.14-1.1.mga9

MGAA-2025-0041 - Updated opencpn-s63-plugin packages fix bug

19 Abril, 2025 - 18:25
Publication date: 19 Apr 2025
Type: bugfix
Affected Mageia releases : 9
Description Opencpn needs some nonfree plugins to use and display paid nautical charts from countries that don't provide free charts. This new version 1.30.6.0 of opencpn-s63-plugin provides an updated nonfree binary necessary for aarch64. References SRPMS 9/nonfree
  • opencpn-s63-plugin-1.30.6.0-1.mga9.nonfree

MGAA-2025-0040 - Updated opencpn-weather-routing-plugin packages fix bug

19 Abril, 2025 - 18:25
Publication date: 19 Apr 2025
Type: bugfix
Affected Mageia releases : 9
Description opencpn-weather-routing-plugin has been improved for route drawing with better polars and allowing routing from the boat position. Some little build problems have been corrected. References SRPMS 9/core
  • opencpn-weather-routing-plugin-1.15.21.25-1.mga9

MGASA-2025-0137 - Updated chromium-browser-stable packages fix security vulnerabilities

18 Abril, 2025 - 00:34
Publication date: 17 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3066 , CVE-2025-3067 , CVE-2025-3068 , CVE-2025-3069 , CVE-2025-3070 , CVE-2025-3071 , CVE-2025-3072 , CVE-2025-3073 , CVE-2025-3074 Description Use after free in Site Isolation. (CVE-2025-3066) Inappropriate implementation in Custom Tabs. (CVE-2025-3067) Inappropriate implementation in Intents. (CVE-2025-3068) Inappropriate implementation in Extensions. (CVE-2025-3069) Insufficient validation of untrusted input in Extensions. (CVE-2025-3070) Inappropriate implementation in Navigations. (CVE-2025-3071) Inappropriate implementation in Custom Tabs. (CVE-2025-3072) Inappropriate implementation in Autofill. (CVE-2025-3073) Inappropriate implementation in Downloads. (CVE-2025-3074) References SRPMS 9/tainted
  • chromium-browser-stable-134.0.6998.165-1.mga9.tainted

MGASA-2025-0136 - Updated rust packages fix security vulnerability

17 Abril, 2025 - 18:37
Publication date: 17 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-24576 Description The Rust Security Response WG was notified that the Rust standard library did not properly escape arguments when invoking batch files (with the bat and cmd extensions) on Windows using the Command API. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical if you are invoking batch files on Windows with untrusted arguments. No other platform or use is affected. We update to rust 1.78.0 for future mesa updates in mageia 9. References SRPMS 9/core
  • rust-1.78.0-1.mga9

MGAA-2025-0039 - Updated mariadb packages fix bug

17 Abril, 2025 - 18:37
Publication date: 17 Apr 2025
Type: bugfix
Affected Mageia releases : 9
Description This update brings major improvements in DB optimizer. This should speedup queries, even delete and update queries, which uses joins. Also other components like JSON, InnoDB or ALTER Table statements have been improved. For details see the changelog. References SRPMS 9/core
  • mariadb-11.4.5-2.mga9

MGAA-2025-0038 - Updated cups-pdf packages fix bug

14 Abril, 2025 - 18:47
Publication date: 14 Apr 2025
Type: bugfix
Affected Mageia releases : 9
Description When printing to the cups-pdf printer the output is one blank pdf page. This update fixes the issue. References SRPMS 9/core
  • cups-pdf-3.0.2-1.mga9

MGASA-2025-0135 - Updated giflib packages fix security vulnerabilitiy

12 Abril, 2025 - 20:04
Publication date: 12 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31344 Description The giflib open-source component has a buffer overflow vulnerability. (CVE-2025-31344) References SRPMS 9/core
  • giflib-5.2.1-7.2.mga9

MGASA-2025-0134 - Updated poppler packages fix security vulnerabilities

12 Abril, 2025 - 05:23
Publication date: 12 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32364 , CVE-2025-32365 Description A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. (CVE-2025-32364) Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. (CVE-2025-32365) References SRPMS 9/core
  • poppler-23.02.0-1.5.mga9

MGASA-2025-0133 - Updated gnupg2 packages fix security vulnerabilitiy

12 Abril, 2025 - 05:23
Publication date: 12 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-30258 Description In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS". (CVE-2025-30258) References SRPMS 9/core
  • gnupg2-2.3.8-1.3.mga9

MGASA-2025-0132 - Updated graphicsmagick packages fix security vulnerabilities

12 Abril, 2025 - 05:23
Publication date: 12 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-27795 Description ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. (CVE-2025-27795) References SRPMS 9/core
  • graphicsmagick-1.3.40-1.1.mga9
9/tainted
  • graphicsmagick-1.3.40-1.1.mga9.tainted

MGAA-2025-0037 - Updated libreoffice packages fix bug

12 Abril, 2025 - 05:23
Publication date: 12 Apr 2025
Type: bugfix
Affected Mageia releases : 9
Description Writer crashes in some circumstances when trying to edit or insert a TOC. This update fixes the issue. References SRPMS 9/core
  • libreoffice-24.2.7.2-1.2.mga9

MGASA-2025-0131 - Updated xz packages fix security vulnerability

10 Abril, 2025 - 01:22
Publication date: 10 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31115 Description XZ has a heap-use-after-free bug in threaded .xz decoder. (CVE-2025-31115) References SRPMS 9/core
  • xz-5.4.3-1.1.mga9

MGASA-2025-0130 - Updated docker-containerd packages fix security vulnerability

10 Abril, 2025 - 01:22
Publication date: 10 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-40635 Description containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. References SRPMS 9/core
  • docker-containerd-1.7.27-1.mga9

MGAA-2025-0036 - Updated qarte packages fix bug

10 Abril, 2025 - 01:22
Publication date: 10 Apr 2025
Type: bugfix
Affected Mageia releases : 9
Description arte.tv has changed the URL of the videos and qarte is unable to retrieve the lists and the videos. Version 5.9.0 fixes the issue. References SRPMS 9/core
  • qarte-5.9.0-1.mga9

MGASA-2025-0128 - Updated augeas packages fix security vulnerability

5 Abril, 2025 - 19:46
Publication date: 05 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2588 Description Hercules Augeas fa.c re_case_expand null pointer dereference. (CVE-2025-2588) References SRPMS 9/core
  • augeas-1.12.0-4.1.mga9