Mageia Security
MGAA-2024-0231 - Updated nvidia-current packages fix bug
Publication date: 16 Nov 2024
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bug which could cause applications using GBM to crash when running with nvidia-drm.modeset=0 References SRPMS 9/nonfree
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bug which could cause applications using GBM to crash when running with nvidia-drm.modeset=0 References SRPMS 9/nonfree
- nvidia-current-550.127.05-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGASA-2024-0364 - Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk & java-latest-openjdk packages fix security vulnerabilities
Publication date: 13 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-48161 , CVE-2024-21208 , CVE-2024-21210 , CVE-2024-21217 , CVE-2024-21235 Description giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function. (CVE-2023-48161) Array indexing integer overflow. (CVE-2024-21210) HTTP client improper handling of maxHeaderSize. (CVE-2024-21208) Unbounded allocation leads to out-of-memory error. (CVE-2024-21217) Integer conversion error leads to incorrect range check. (CVE-2024-21235) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-48161 , CVE-2024-21208 , CVE-2024-21210 , CVE-2024-21217 , CVE-2024-21235 Description giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function. (CVE-2023-48161) Array indexing integer overflow. (CVE-2024-21210) HTTP client improper handling of maxHeaderSize. (CVE-2024-21208) Unbounded allocation leads to out-of-memory error. (CVE-2024-21217) Integer conversion error leads to incorrect range check. (CVE-2024-21235) References
- https://bugs.mageia.org/show_bug.cgi?id=33648
- https://access.redhat.com/errata/RHSA-2024:8117
- https://access.redhat.com/errata/RHSA-2024:8121
- https://access.redhat.com/errata/RHSA-2024:8124
- https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixJAVA
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48161
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21208
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21210
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21217
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21235
- java-17-openjdk-17.0.13.0.11-1.mga9
- java-11-openjdk-11.0.25.0.9-1.mga9
- java-1.8.0-openjdk-1.8.0.432.b06-1.mga9
- java-latest-openjdk-23.0.1.0.11-2.rolling.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0363 - Updated libarchive packages fix security vulnerability
Publication date: 13 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-20696 Description A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed. (CVE-2024-20696) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-20696 Description A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed. (CVE-2024-20696) References
- https://bugs.mageia.org/show_bug.cgi?id=33757
- https://lists.debian.org/debian-security-announce/2024/msg00220.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20696
- libarchive-3.6.2-5.3.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0230 - Updated opencpn packages fix bugs
Publication date: 13 Nov 2024
Type: bugfix
Affected Mageia releases : 9
Description opencpn-5.10.2, a maintenance release for opencpn, has been released correcting some problems concerning, among others, the display of grib files. References
Type: bugfix
Affected Mageia releases : 9
Description opencpn-5.10.2, a maintenance release for opencpn, has been released correcting some problems concerning, among others, the display of grib files. References
- https://bugs.mageia.org/show_bug.cgi?id=33740
- https://github.com/OpenCPN/OpenCPN/releases/tag/Release_5.10.2
- https://github.com/OpenCPN/OpenCPN/releases/tag/Release_5.10.0
- opencpn-5.10.2-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0229 - Updated inxi packages makes glxinfo an optional requirement
Publication date: 13 Nov 2024
Type: bugfix
Affected Mageia releases : 9
Description Installing inxi on a server installs a lot of Xorg related libraries due to the requirement of glxinfo, whereas this is optional. This update fixes this issue and also updates to the current version. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Installing inxi on a server installs a lot of Xorg related libraries due to the requirement of glxinfo, whereas this is optional. This update fixes this issue and also updates to the current version. References SRPMS 9/core
- inxi-3.3.36-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0362 - Updated expat packages fix security vulnerability
Publication date: 12 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50602 Description An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. (CVE-2024-50602) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50602 Description An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. (CVE-2024-50602) References
- https://bugs.mageia.org/show_bug.cgi?id=33739
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.358428
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50602
- expat-2.6.4-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0361 - Updated php-tcpdf packages fix security vulnerability
Publication date: 12 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-22641 Description TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. (CVE-2024-22641) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-22641 Description TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. (CVE-2024-22641) References
- https://bugs.mageia.org/show_bug.cgi?id=33731
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WGK7LQSJONZPU3VOQTQ36UN6OAD6ZM4H/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22641
- php-tcpdf-6.5.0-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0360 - Updated curl packages fix security vulnerability
Publication date: 12 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-9681 Description When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with hosts like x.example.com as well as example.com where the first host is a subdomain of the second host. This flaw also affects the curl command line tool. When triggered, this is a potential minor DoS security problem when trying to use HTTPS when that no longer works or a cleartext transmission of data that was otherwise intended to possibly be protected. This update fixes the issue so subdomains cannot affect the HSTS cache of a parent domain. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-9681 Description When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with hosts like x.example.com as well as example.com where the first host is a subdomain of the second host. This flaw also affects the curl command line tool. When triggered, this is a potential minor DoS security problem when trying to use HTTPS when that no longer works or a cleartext transmission of data that was otherwise intended to possibly be protected. This update fixes the issue so subdomains cannot affect the HSTS cache of a parent domain. References
- https://bugs.mageia.org/show_bug.cgi?id=33730
- https://curl.se/docs/CVE-2024-9681.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681
- curl-7.88.1-4.4.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0359 - Updated qbittorrent packages fix security vulnerabilities
Publication date: 12 Nov 2024
Type: security
Affected Mageia releases : 9
Description qBittorrent, on all platforms, did not verify any SSL certificates in its DownloadManager class from 2010 until October 2024. If it failed to verify a cert, it simply logged an error and proceeded. References
Type: security
Affected Mageia releases : 9
Description qBittorrent, on all platforms, did not verify any SSL certificates in its DownloadManager class from 2010 until October 2024. If it failed to verify a cert, it simply logged an error and proceeded. References
- https://bugs.mageia.org/show_bug.cgi?id=33712
- https://www.openwall.com/lists/oss-security/2024/10/30/4
- https://www.openwall.com/lists/oss-security/2024/10/31/3
- qbittorrent-4.6.7-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0358 - Updated mpg123 packages fix security vulnerability
Publication date: 12 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10573 Description An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution may not be dismissed. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector. (CVE-2024-10573) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10573 Description An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution may not be dismissed. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector. (CVE-2024-10573) References
- https://bugs.mageia.org/show_bug.cgi?id=33711
- https://www.openwall.com/lists/oss-security/2024/10/30/2
- https://www.openwall.com/lists/oss-security/2024/10/30/3
- https://www.openwall.com/lists/oss-security/2024/10/31/4
- https://www.openwall.com/lists/oss-security/2024/11/01/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10573
- mpg123-1.31.3-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0357 - Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerability
Publication date: 12 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-9632 Description Due to an improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially-crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. (CVE-2024-9632) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-9632 Description Due to an improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially-crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. (CVE-2024-9632) References
- https://bugs.mageia.org/show_bug.cgi?id=33710
- https://www.openwall.com/lists/oss-security/2024/10/29/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9632
- x11-server-21.1.8-7.6.mga9
- x11-server-xwayland-22.1.9-1.6.mga9
- tigervnc-1.13.1-2.6.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0356 - Updated networkmanager-libreswan packages fix security vulnerability
Publication date: 12 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-9050 Description A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the "leftupdown" key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration. (CVE-2024-9050) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-9050 Description A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the "leftupdown" key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration. (CVE-2024-9050) References
- https://bugs.mageia.org/show_bug.cgi?id=33709
- https://www.openwall.com/lists/oss-security/2024/10/25/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9050
- networkmanager-libreswan-1.2.24-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0355 - Updated openssl packages fix security vulnerability
Publication date: 12 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-9143 Description Low-level invalid GF(2^m) parameters lead to OOB memory accesses. (CVE-2024-9143) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-9143 Description Low-level invalid GF(2^m) parameters lead to OOB memory accesses. (CVE-2024-9143) References
- https://bugs.mageia.org/show_bug.cgi?id=33650
- https://openssl-library.org/news/secadv/20241016.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9143
- openssl-3.0.15-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0228 - Updated kde-pdf-servicemenu packages fix bug
Publication date: 12 Nov 2024
Type: bugfix
Affected Mageia releases : 9
Description The current version is not working; this update fixes the issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description The current version is not working; this update fixes the issue. References SRPMS 9/core
- kde-pdf-servicemenu-2.3-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0227 - Updated mariadb packages fix many crashes
Publication date: 12 Nov 2024
Type: bugfix
Affected Mageia releases : 9
Description A new release of MariaDB fixes many crashes, e.g. in InnoDB, optimizer and galera. For details see the changelog. References
Type: bugfix
Affected Mageia releases : 9
Description A new release of MariaDB fixes many crashes, e.g. in InnoDB, optimizer and galera. For details see the changelog. References
- https://bugs.mageia.org/show_bug.cgi?id=33718
- https://mariadb.com/kb/en/mariadb-10-11-10-release-notes/
- mariadb-10.11.10-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0354 - Updated quictls packages fix security vulnerability
Publication date: 09 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-9143 Description Invalid low-level GF(2^m) parameters can lead to an OOB memory access. (CVE-2024-9143) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-9143 Description Invalid low-level GF(2^m) parameters can lead to an OOB memory access. (CVE-2024-9143) References
- https://bugs.mageia.org/show_bug.cgi?id=33736
- https://openssl-library.org/news/secadv/20241016.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9143
- quictls-3.0.15-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0353 - Updated htmldoc packages fix security vulnerabilities
Publication date: 09 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45508 , CVE-2024-46478 Description HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. (CVE-2024-45508) HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. (CVE-2024-46478) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45508 , CVE-2024-46478 Description HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. (CVE-2024-45508) HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. (CVE-2024-46478) References
- https://bugs.mageia.org/show_bug.cgi?id=33737
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RNU4P4P7ZCF5TYOAPMGGBX2KSE6IHZFT/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45508
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46478
- htmldoc-1.9.15-3.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0352 - Updated libheif packages fix security vulnerability
Publication date: 09 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-41311 Description In Libheif, insufficient checks in ImageOverlay::parse() while decoding a HEIF file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. (CVE-2024-41311) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-41311 Description In Libheif, insufficient checks in ImageOverlay::parse() while decoding a HEIF file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. (CVE-2024-41311) References
- https://bugs.mageia.org/show_bug.cgi?id=33662
- https://ubuntu.com/security/notices/USN-7082-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41311
- libheif-1.16.2-1.2.mga9.tainted
- libheif-1.16.2-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0351 - Updated python-werkzeug packages fix security vulnerability
Publication date: 09 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-49767 Description Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parsing `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-49767 Description Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parsing `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue. References
- https://bugs.mageia.org/show_bug.cgi?id=33732
- https://ubuntu.com/security/notices/USN-7093-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49767
- python-werkzeug-3.0.6-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0350 - Updated thunderbird packages fix security vulnerabilities
Publication date: 09 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10458 , CVE-2024-10459 , CVE-2024-10460 , CVE-2024-10461 , CVE-2024-10462 , CVE-2024-10463 , CVE-2024-10464 , CVE-2024-10465 , CVE-2024-10466 , CVE-2024-10467 Description Permission leak via embed or object elements. (CVE-2024-10458) Use-after-free in layout with accessibility. (CVE-2024-10459) Confusing display of origin for external protocol handler prompt. (CVE-2024-10460) XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response. (CVE-2024-10461) Origin of permission prompt could be spoofed by long URL. (CVE-2024-10462) Cross origin video frame leak. (CVE-2024-10463) History interface could have been used to cause a Denial of Service condition in the browser. (CVE-2024-10464) Clipboard "paste" button persisted across tabs. (CVE-2024-10465) DOM push subscription message could hang Firefox. (CVE-2024-10466) Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4. (CVE-2024-10467) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10458 , CVE-2024-10459 , CVE-2024-10460 , CVE-2024-10461 , CVE-2024-10462 , CVE-2024-10463 , CVE-2024-10464 , CVE-2024-10465 , CVE-2024-10466 , CVE-2024-10467 Description Permission leak via embed or object elements. (CVE-2024-10458) Use-after-free in layout with accessibility. (CVE-2024-10459) Confusing display of origin for external protocol handler prompt. (CVE-2024-10460) XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response. (CVE-2024-10461) Origin of permission prompt could be spoofed by long URL. (CVE-2024-10462) Cross origin video frame leak. (CVE-2024-10463) History interface could have been used to cause a Denial of Service condition in the browser. (CVE-2024-10464) Clipboard "paste" button persisted across tabs. (CVE-2024-10465) DOM push subscription message could hang Firefox. (CVE-2024-10466) Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4. (CVE-2024-10467) References
- https://bugs.mageia.org/show_bug.cgi?id=33714
- https://www.thunderbird.net/en-US/thunderbird/128.3.3esr/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/128.4.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10458
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10459
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10460
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10461
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10462
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10463
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10464
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10465
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10466
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10467
- thunderbird-128.4.0-1.mga9
- thunderbird-l10n-128.4.0-1.mga9
Categorías: Actualizaciones de Seguridad
