Mageia Security

Publication date: 31 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46561 , CVE-2025-46562 , CVE-2025-46563 , CVE-2025-46564 Description Limited unauthenticated file read in /flag. (CVE-2025-46561) New version check over unencrypted channel. (CVE-2025-46562) SSRF with information leak and limited unauthenticated file write. (CVE-2025-46563) Unauthenticated file read in /js may lead to RCE. (CVE-2025-46564) Mageia internal bug: deluge-daemon.service was not working; the update fixes this issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34274
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46561
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46562
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46563
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46564

SRPMS 9/core

• deluge-2.2.0-1.5.mga9

Publication date: 31 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4373 Description Buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar. (CVE-2025-4373) References

• https://bugs.mageia.org/show_bug.cgi?id=34310
• https://ubuntu.com/security/notices/USN-7532-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4373

SRPMS 9/core

• glib2.0-2.76.3-1.4.mga9

Publication date: 31 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5278 Description Heap buffer under-read in gnu coreutils sort via key specification. (CVE-2025-5278) References

• https://bugs.mageia.org/show_bug.cgi?id=34313
• https://www.openwall.com/lists/oss-security/2025/05/27/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278

SRPMS 9/core

• coreutils-9.1-1.1.mga9

Publication date: 31 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-21605 Description Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client. (CVE-2025-21605) References

• https://bugs.mageia.org/show_bug.cgi?id=34243
• https://lists.suse.com/pipermail/sle-updates/2025-April/039118.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21605

SRPMS 9/core

• redis-7.0.14-1.3.mga9

Publication date: 28 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48708 Description gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. (CVE-2025-48708) References

• https://bugs.mageia.org/show_bug.cgi?id=34307
• https://www.openwall.com/lists/oss-security/2025/05/23/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48708

SRPMS 9/core

• ghostscript-10.05.1-1.mga9

Publication date: 28 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-26540 Description A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg::_load_analyze. (CVE-2024-26540) References

• https://bugs.mageia.org/show_bug.cgi?id=34214
• https://ubuntu.com/security/notices/USN-7437-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26540

SRPMS 9/core

• cimg-3.2.5-1.1.mga9

Publication date: 27 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3875 , CVE-2025-3877 , CVE-2025-3909 , CVE-2025-3932 , CVE-2025-4918 , CVE-2025-4919 Description Sender Spoofing via Malformed From Header in Thunderbird. (CVE-2025-3875) Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. (CVE-2025-3877) JavaScript Execution via Spoofed PDF Attachment and file:/// Link. (CVE-2025-3909) Tracking Links in Attachments Bypassed Remote Content Blocking. (CVE-2025-3932) Out-of-bounds access when resolving Promise objects. (CVE-2025-4918) Out-of-bounds access when optimizing linear sums. (CVE-2025-4919) References

• https://bugs.mageia.org/show_bug.cgi?id=34288
• https://www.thunderbird.net/en-US/thunderbird/128.10.1esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/
• https://www.thunderbird.net/en-US/thunderbird/128.10.2esr/releasenotes/
• https://www.thunderbird.net/en-US/thunderbird/128.10.2esr/releasenotes/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3875
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3877
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3909
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3932
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4918
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4919

SRPMS 9/core

• thunderbird-128.10.2-1.mga9
• thunderbird-l10n-128.10.2-1.mga9

Publication date: 27 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-29088 Description In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect. (CVE-2025-29088) References

• https://bugs.mageia.org/show_bug.cgi?id=34217
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DUNGXGTRJGRYS2XF6QS2CZPSWAF5HHVJ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29088

SRPMS 9/core

• sqlite3-3.40.1-1.2.mga9

Publication date: 27 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-22247 Description VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. (CVE-2025-22247) References

• https://bugs.mageia.org/show_bug.cgi?id=34271
• https://www.openwall.com/lists/oss-security/2025/05/12/2
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDQBVVMNJB6EXDLSUNBCHZTNRBLXJEFU/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22247

SRPMS 9/core

• open-vm-tools-12.3.5-2.1.mga9

Publication date: 27 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4918 , CVE-2025-4919 Description Out-of-bounds access when resolving Promise objects. (CVE-2025-4918) Out-of-bounds access when optimizing linear sums. (CVE-2025-4919) References

• https://bugs.mageia.org/show_bug.cgi?id=34287
• https://www.mozilla.org/en-US/firefox/128.10.1/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-37/
• https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_111.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4918
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4919

SRPMS 9/core

• rootcerts-20250424.00-1.mga9
• nss-3.111.0-1.mga9
• firefox-128.10.1-2.mga9
• firefox-l10n-128.10.1-1.mga9

Publication date: 26 May 2025
Type: bugfix
Affected Mageia releases : 9
Description aegisub crashes when run in a Wayland session. This update fixes the reported issue. References

• https://bugs.mageia.org/show_bug.cgi?id=33330
• https://github.com/TypesettingTools/Aegisub/issues/233

SRPMS 9/core

• aegisub-3.4.2-1.mga9

Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4802 Description An untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library versions 2.27 to 2.38 allows attacker-controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). (CVE-2025-4802) References

• https://bugs.mageia.org/show_bug.cgi?id=34286
• https://www.openwall.com/lists/oss-security/2025/05/16/7
• https://www.openwall.com/lists/oss-security/2025/05/17/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802

SRPMS 9/core

• glibc-2.36-56.mga9

Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47268 Description ping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication. (CVE-2025-47268 References

• https://bugs.mageia.org/show_bug.cgi?id=34297
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LHFUD3TRXO7AHOVSFWLKP2MKB77PEQBK/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47268

SRPMS 9/core

• iputils-20221126-1.1.mga9

Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4638 Description Improper Pointer Arithmetic in pcl. (CVE-2025-4638) References

• https://bugs.mageia.org/show_bug.cgi?id=34301
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPTP7IW7Z54KXHWHH6JSVJ75RDCVQ4Z7/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4638

SRPMS 9/core

• zsync-0.6.2-11.1.mga9

Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23165 , CVE-2025-23166 , CVE-2025-23167 Description Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo& args) when args[0] is a string. (CVE-2025-23165) Improper error handling in async cryptographic operations crashes process. (CVE-2025-23166) Improper HTTP header block termination in llhttp. (CVE-2025-23167) References

• https://bugs.mageia.org/show_bug.cgi?id=34278
• https://nodejs.org/en/blog/vulnerability/may-2025-security-releases
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23165
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23166
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23167

SRPMS 9/core

• nodejs-22.16.0-1.mga9

Publication date: 23 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-28956 , CVE-2025-20103 , CVE-2025-20054 , CVE-2024-43420 , CVE-2025-20623 , CVE-2024-45332 , CVE-2025-24495 , CVE-2025-20012 Description Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-28956) Insufficient resource pool in the core management mechanism for some Intel® Processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-20103) Uncaught exception in the core management mechanism for some Intel® Processors may allow an authenticated user to potentially enable denial of service via local access. (CVE-2025-20054) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom® processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-43420) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel® Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2025-20623) Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2024-45332) Incorrect initialization of resource in the branch prediction unit for some Intel® Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2025-24495) Incorrect behavior order for some Intel® Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. (CVE-2025-20012) References

• https://bugs.mageia.org/show_bug.cgi?id=34279
• https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28956
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20103
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20054
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43420
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20623
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45332
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24495
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20012

SRPMS 9/nonfree

• microcode-0.20250512-1.mga9.nonfree

Publication date: 23 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4096 , CVE-2025-4050 , CVE-2025-4051 , CVE-2025-4052 , CVE-2025-4372 , CVE-2025-4664 , CVE-2025-4609 Description Heap buffer overflow in HTML. (CVE-2025-4096) Out of bounds memory access in DevTools. (CVE-2025-4050) Insufficient data validation in DevTools. (CVE-2025-4051) Inappropriate implementation in DevTools. (CVE-2025-4052) Use after free in WebAudio. (CVE-2025-4372) Insufficient policy enforcement in Loader. (CVE-2025-4664) Incorrect handle provided in unspecified circumstances in Mojo. (CVE-2025-4609) References

• https://bugs.mageia.org/show_bug.cgi?id=34235
• https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html
• https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html
• https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4096
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4050
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4051
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4052
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4372
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4664
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4609

SRPMS 9/tainted

• chromium-browser-stable-136.0.7103.113-1.mga9.tainted

Publication date: 23 May 2025
Type: bugfix
Affected Mageia releases : 9
Description A missing runtime requirement meant that elisa couldn't play web radio stations. This update fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34281

SRPMS 9/core

• elisa-23.04.3-1.1.mga9

Publication date: 23 May 2025
Type: bugfix
Affected Mageia releases : 9
Description In SkinDeep, GL_LINES causes GL_INVALID_OPERATION with radeonsi and llvmpipe radv: UB and artifacts when copying a `COMBINED_IMAGE_SAMPLER` with an immutable sampler RADV: Dynamic state multiple viewport corruption [drm:amdgpu_uvd_cs_pass2 [amdgpu]] *ERROR* )Handle 0x48780001 already in use! glGetInternalformativ returns incorrect information for GL_STENCIL_INDEX8 RadeonSI: Psychonauts rendering regression since !29895 [r600g] Rejected CS when using dolphin’s GPU texture decoder radeonsi: Assertion `src_bit_size == bit_size’ failed. when running without MESA_GLSL_DISABLE_IO_OPT=1 radeonsi vdpau + Packed YUY2 = assert Indiana Jones and The Great Circle, Graphical corruption on 9070 XT. glPushAttrib/glPopAttrib broken with glColorMaterial and ligthing radv: Flickering in Kingdom Come: Deliverance II RADV regression causes severe glitches in Hunt Showdown 1896 on Polaris Z-Fighting in Tomb Raider IV - VI Remastered Linux RADV:RX 9070:Mesa-25.0.5 GTA 5 Enhanced GPU HANG [anv] VK_ERROR_DEVICE_LOST on Linux 6.13.8 while playing Dota 2 on Intel Graphics References

• https://bugs.mageia.org/show_bug.cgi?id=34282
• https://docs.mesa3d.org/relnotes/25.0.6.html

SRPMS 9/core

• mesa-25.0.6-2.mga9

9/tainted

• mesa-25.0.6-2.mga9.tainted

Publication date: 23 May 2025
Type: bugfix
Affected Mageia releases : 9
Description The developer has fixed many bugs since our current release. This update provides the latest commit. References

• https://bugs.mageia.org/show_bug.cgi?id=34289
• https://github.com/EionRobb/purple-discord/

SRPMS 9/core

• purple-discord-0-1.20250517git99a5f5f.mga9