Mageia Security
MGASA-2026-0155 - Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities
Publication date: 26 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-33999 , CVE-2026-34000 , CVE-2026-34001 , CVE-2026-34002 , CVE-2026-34003 Description XKB Integer Underflow in XkbSetCompatMap(). (CVE-2026-33999) XKB Out-of-bounds Read in CheckSetGeom(). (CVE-2026-34000) XSYNC Use-after-free in miSyncTriggerFence(). (CVE-2026-34001) XKB Out-of-bounds read in CheckModifierMap(). (CVE-2026-34002) XKB Buffer overflow in CheckKeyTypes(). (CVE-2026-34003) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-33999 , CVE-2026-34000 , CVE-2026-34001 , CVE-2026-34002 , CVE-2026-34003 Description XKB Integer Underflow in XkbSetCompatMap(). (CVE-2026-33999) XKB Out-of-bounds Read in CheckSetGeom(). (CVE-2026-34000) XSYNC Use-after-free in miSyncTriggerFence(). (CVE-2026-34001) XKB Out-of-bounds read in CheckModifierMap(). (CVE-2026-34002) XKB Buffer overflow in CheckKeyTypes(). (CVE-2026-34003) References
- https://bugs.mageia.org/show_bug.cgi?id=35366
- https://www.openwall.com/lists/oss-security/2026/04/14/8
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JGQLR43Z7T6IISLCOC2Q4WB3D4YWB4QS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RULWKTYNOMHH3NTJ36SDNJVWKXYJ4VVO/
- https://www.cve.org/CVERecord?id=CVE-2026-33999
- https://www.cve.org/CVERecord?id=CVE-2026-34000
- https://www.cve.org/CVERecord?id=CVE-2026-34001
- https://www.cve.org/CVERecord?id=CVE-2026-34002
- https://www.cve.org/CVERecord?id=CVE-2026-34003
- x11-server-21.1.8-7.10.mga9
- x11-server-xwayland-22.1.9-1.10.mga9
- tigervnc-1.13.1-2.11.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0154 - Updated perl-Imager packages fix security vulnerabilities
Publication date: 26 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8669 Description Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. (CVE-2026-8669) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8669 Description Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. (CVE-2026-8669) References
- https://bugs.mageia.org/show_bug.cgi?id=35541
- https://www.openwall.com/lists/oss-security/2026/05/15/17
- https://www.cve.org/CVERecord?id=CVE-2026-8669
- perl-Imager-1.19.0-2.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0153 - Updated ffmpeg packages fix security vulnerabilities
Publication date: 26 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-30997 , CVE-2026-40962 Description An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. (CVE-2026-30997) FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. (CVE-2026-40962) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-30997 , CVE-2026-40962 Description An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. (CVE-2026-30997) FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. (CVE-2026-40962) References
- https://bugs.mageia.org/show_bug.cgi?id=35546
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4TOCC22G6AHEU62PA7DQARAPJYTW6XSE/
- https://excellent-oatmeal-319.notion.site/CVE-2026-30997-Out-of-Bounds-Access-a7929817b9794568b2f7774397c7d65f
- https://www.cve.org/CVERecord?id=CVE-2026-30997
- https://www.cve.org/CVERecord?id=CVE-2026-40962
- ffmpeg-5.1.9-1.mga9
- ffmpeg-5.1.9-1.mga9.tainted
Categorías: Actualizaciones de Seguridad
MGASA-2026-0152 - Updated bind packages fix security vulnerabilities
Publication date: 19 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13878 , CVE-2026-1519 Description It was discovered that bind contained a vulnerability where a Malformed BRID/HHIT record can cause named to terminate unexpectedly (CVE-2025-13878). If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (CVE-2026-1519). References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13878 , CVE-2026-1519 Description It was discovered that bind contained a vulnerability where a Malformed BRID/HHIT record can cause named to terminate unexpectedly (CVE-2025-13878). If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (CVE-2026-1519). References
- https://bugs.mageia.org/show_bug.cgi?id=35283
- https://bugs.mageia.org/show_bug.cgi?id=35049
- https://www.openwall.com/lists/oss-security/2026/01/21/3
- https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries
- https://kb.isc.org/docs/cve-2026-1519
- https://www.cve.org/CVERecord?id=CVE-2025-13878
- https://www.cve.org/CVERecord?id=CVE-2026-1519
- bind-9.18.47-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0151 - Updated postgresql15 packages fix security vulnerabilities
Publication date: 19 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-6472 , CVE-2026-6473 , CVE-2026-6474 , CVE-2026-6475 , CVE-2026-6476 , CVE-2026-6477 , CVE-2026-6478 , CVE-2026-6479 , CVE-2026-6575 , CVE-2026-6637 , CVE-2026-6638 Description PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege. (CVE-2026-6472) PostgreSQL server undersizes allocations, via integer wraparound. (CVE-2026-6473) PostgreSQL timeofday() can disclose portions of server memory. (CVE-2026-6474) PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice. (CVE-2026-6475) PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory. (CVE-2026-6477) PostgreSQL discloses MD5-hashed passwords via covert timing channel. (CVE-2026-6478) PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion. (CVE-2026-6479) PostgreSQL refint allows stack buffer overflow and SQL injection. (CVE-2026-6637) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-6472 , CVE-2026-6473 , CVE-2026-6474 , CVE-2026-6475 , CVE-2026-6476 , CVE-2026-6477 , CVE-2026-6478 , CVE-2026-6479 , CVE-2026-6575 , CVE-2026-6637 , CVE-2026-6638 Description PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege. (CVE-2026-6472) PostgreSQL server undersizes allocations, via integer wraparound. (CVE-2026-6473) PostgreSQL timeofday() can disclose portions of server memory. (CVE-2026-6474) PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice. (CVE-2026-6475) PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory. (CVE-2026-6477) PostgreSQL discloses MD5-hashed passwords via covert timing channel. (CVE-2026-6478) PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion. (CVE-2026-6479) PostgreSQL refint allows stack buffer overflow and SQL injection. (CVE-2026-6637) References
- https://bugs.mageia.org/show_bug.cgi?id=35534
- https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
- https://www.cve.org/CVERecord?id=CVE-2026-6472
- https://www.cve.org/CVERecord?id=CVE-2026-6473
- https://www.cve.org/CVERecord?id=CVE-2026-6474
- https://www.cve.org/CVERecord?id=CVE-2026-6475
- https://www.cve.org/CVERecord?id=CVE-2026-6476
- https://www.cve.org/CVERecord?id=CVE-2026-6477
- https://www.cve.org/CVERecord?id=CVE-2026-6478
- https://www.cve.org/CVERecord?id=CVE-2026-6479
- https://www.cve.org/CVERecord?id=CVE-2026-6575
- https://www.cve.org/CVERecord?id=CVE-2026-6637
- https://www.cve.org/CVERecord?id=CVE-2026-6638
- postgresql15-15.18-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0150 - Updated perl-libwww-perl & perl-HTTP-Message packages fix security vulnerabilities
Publication date: 19 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8368 Description LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8368 Description LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects References
- https://bugs.mageia.org/show_bug.cgi?id=35524
- https://www.openwall.com/lists/oss-security/2026/05/12/7
- https://www.cve.org/CVERecord?id=CVE-2026-8368
- perl-libwww-perl-6.830.0-1.mga9
- perl-HTTP-Message-7.10.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0149 - Updated perl-WWW-Mechanize-Cached, perl-File-XDG & perl-Path-Tiny packages fix security vulnerabilities
Publication date: 18 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8612 Description WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8612 Description WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. References
- https://bugs.mageia.org/show_bug.cgi?id=35533
- https://www.openwall.com/lists/oss-security/2026/05/15/1
- https://metacpan.org/release/OALDERS/WWW-Mechanize-Cached-2.00/changes
- https://www.cve.org/CVERecord?id=CVE-2026-8612
- perl-WWW-Mechanize-Cached-2.0.0-1.mga9
- perl-Path-Tiny-0.150.0-1.mga9
- perl-File-XDG-1.30.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0148 - Updated perl-YAML-Syck package fixes security vulnerability
Publication date: 18 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-5089 Description YAML::Syck versions before 1.38 for Perl have an out-of-bounds read. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-5089 Description YAML::Syck versions before 1.38 for Perl have an out-of-bounds read. References
- https://bugs.mageia.org/show_bug.cgi?id=35525
- https://www.openwall.com/lists/oss-security/2026/05/12/16
- https://metacpan.org/release/TODDR/YAML-Syck-1.45/source/Changes
- https://www.cve.org/CVERecord?id=CVE-2026-5089
- perl-YAML-Syck-1.450.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0147 - Updated rclone packages fix security vulnerabilities
Publication date: 18 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-41179 , CVE-2026-41176 , CVE-2026-32282 , CVE-2026-32289 , CVE-2026-33810 , CVE-2026-27144 , CVE-2026-27143 , CVE-2026-32288 , CVE-2026-32283 , CVE-2026-27140 , CVE-2026-32280 , CVE-2026-32281 , CVE-2026-33186 , CVE-2026-27137 , CVE-2026-27138 , CVE-2026-25679 , CVE-2026-27142 , CVE-2026-1229 , CVE-2026-27141 , CVE-2025-68121 , CVE-2025-61729 , CVE-2025-58181 , CVE-2025-30204 , CVE-2025-22869 , CVE-2025-22870 , CVE-2024-45337 , CVE-2024-45338 , CVE-2024-52522 , CVE-2023-45288 , CVE-2024-35255 , CVE-2023-48795 Description This update bring new features, bugs and vulnerabilities fixed in rclone and golang components used to build it. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-41179 , CVE-2026-41176 , CVE-2026-32282 , CVE-2026-32289 , CVE-2026-33810 , CVE-2026-27144 , CVE-2026-27143 , CVE-2026-32288 , CVE-2026-32283 , CVE-2026-27140 , CVE-2026-32280 , CVE-2026-32281 , CVE-2026-33186 , CVE-2026-27137 , CVE-2026-27138 , CVE-2026-25679 , CVE-2026-27142 , CVE-2026-1229 , CVE-2026-27141 , CVE-2025-68121 , CVE-2025-61729 , CVE-2025-58181 , CVE-2025-30204 , CVE-2025-22869 , CVE-2025-22870 , CVE-2024-45337 , CVE-2024-45338 , CVE-2024-52522 , CVE-2023-45288 , CVE-2024-35255 , CVE-2023-48795 Description This update bring new features, bugs and vulnerabilities fixed in rclone and golang components used to build it. References
- https://bugs.mageia.org/show_bug.cgi?id=33808
- https://rclone.org/changelog/#v1-73-5-2026-04-19
- https://rclone.org/changelog/#v1-73-4-2026-04-08
- https://rclone.org/changelog/#v1-73-3-2026-03-23
- https://rclone.org/changelog/#v1-73-2-2026-03-06
- https://rclone.org/changelog/#v1-73-1-2026-02-17
- https://rclone.org/changelog/#v1-73-0-2026-01-30
- https://rclone.org/changelog/#v1-72-1-2025-12-10
- https://rclone.org/changelog/#v1-72-0-2025-11-21
- https://rclone.org/changelog/#v1-71-2-2025-10-20
- https://rclone.org/changelog/#v1-71-1-2025-09-24
- https://rclone.org/changelog/#v1-71-0-2025-08-22
- https://rclone.org/changelog/#v1-70-3-2025-07-09
- https://rclone.org/changelog/#v1-70-2-2025-06-27
- https://rclone.org/changelog/#v1-70-1-2025-06-19
- https://rclone.org/changelog/#v1-70-0-2025-06-17
- https://rclone.org/changelog/#v1-69-3-2025-05-21
- https://rclone.org/changelog/#v1-69-2-2025-05-01
- https://rclone.org/changelog/#v1-69-1-2025-02-14
- https://rclone.org/changelog/#v1-69-0-2025-01-12
- https://rclone.org/changelog/#v1-68-2-2024-11-15
- https://rclone.org/changelog/#v1-68-1-2024-09-24
- https://rclone.org/changelog/#v1-68-0-2024-09-08
- https://rclone.org/changelog/#v1-67-0-2024-06-14
- https://rclone.org/changelog/#v1-66-0-2024-03-10
- https://rclone.org/changelog/#v1-65-2-2024-01-24
- https://rclone.org/changelog/#v1-65-1-2024-01-08
- https://rclone.org/changelog/#v1-65-0-2023-11-26
- https://rclone.org/changelog/#v1-64-2-2023-10-19
- https://rclone.org/changelog/#v1-64-1-2023-10-17
- https://rclone.org/changelog/#v1-64-0-2023-09-11
- https://rclone.org/changelog/#v1-63-1-2023-07-17
- https://rclone.org/changelog/#v1-63-0-2023-06-30
- https://rclone.org/changelog/#v1-62-2-2023-03-16
- https://www.cve.org/CVERecord?id=CVE-2026-41179
- https://www.cve.org/CVERecord?id=CVE-2026-41176
- https://www.cve.org/CVERecord?id=CVE-2026-32282
- https://www.cve.org/CVERecord?id=CVE-2026-32289
- https://www.cve.org/CVERecord?id=CVE-2026-33810
- https://www.cve.org/CVERecord?id=CVE-2026-27144
- https://www.cve.org/CVERecord?id=CVE-2026-27143
- https://www.cve.org/CVERecord?id=CVE-2026-32288
- https://www.cve.org/CVERecord?id=CVE-2026-32283
- https://www.cve.org/CVERecord?id=CVE-2026-27140
- https://www.cve.org/CVERecord?id=CVE-2026-32280
- https://www.cve.org/CVERecord?id=CVE-2026-32281
- https://www.cve.org/CVERecord?id=CVE-2026-33186
- https://www.cve.org/CVERecord?id=CVE-2026-27137
- https://www.cve.org/CVERecord?id=CVE-2026-27138
- https://www.cve.org/CVERecord?id=CVE-2026-25679
- https://www.cve.org/CVERecord?id=CVE-2026-27142
- https://www.cve.org/CVERecord?id=CVE-2026-1229
- https://www.cve.org/CVERecord?id=CVE-2026-27141
- https://www.cve.org/CVERecord?id=CVE-2025-68121
- https://www.cve.org/CVERecord?id=CVE-2025-61729
- https://www.cve.org/CVERecord?id=CVE-2025-58181
- https://www.cve.org/CVERecord?id=CVE-2025-30204
- https://www.cve.org/CVERecord?id=CVE-2025-22869
- https://www.cve.org/CVERecord?id=CVE-2025-22870
- https://www.cve.org/CVERecord?id=CVE-2024-45337
- https://www.cve.org/CVERecord?id=CVE-2024-45338
- https://www.cve.org/CVERecord?id=CVE-2024-52522
- https://www.cve.org/CVERecord?id=CVE-2023-45288
- https://www.cve.org/CVERecord?id=CVE-2024-35255
- https://www.cve.org/CVERecord?id=CVE-2023-48795
- rclone-1.73.5-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0146 - Updated haproxy packages fix security vulnerability
Publication date: 16 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-33555 Description The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. (CVE-2026-33555) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-33555 Description The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. (CVE-2026-33555) References
- https://bugs.mageia.org/show_bug.cgi?id=35416
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/B3PXHUYDTDFG5IIQSPNJLLIEQV4Z5WK6/
- https://www.cve.org/CVERecord?id=CVE-2026-33555
- haproxy-2.8.18-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0145 - Updated firefox & thunderbird packages fix security vulnerabilities
Publication date: 16 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-62813 , CVE-2026-32776 , CVE-2026-32777 , CVE-2026-32778 , CVE-2026-8090 , CVE-2026-8092 , CVE-2026-8094 Description LZ4 compression library issue. (CVE-2025-62813) libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. (CVE-2026-32776) libexpat before 2.7.5 allows an infinite loop while parsing DTD content. (CVE-2026-32777) libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. (CVE-2026-32778) Use-after-free in the DOM: Networking component. (CVE-2026-8090) Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2, Firefox 150.0.2, Thunderbird ESR 140.10.2 and Thunderbird 150.0.2. (CVE-2026-8092) Another issue in the WebRTC component. (CVE-2026-8094) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-62813 , CVE-2026-32776 , CVE-2026-32777 , CVE-2026-32778 , CVE-2026-8090 , CVE-2026-8092 , CVE-2026-8094 Description LZ4 compression library issue. (CVE-2025-62813) libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. (CVE-2026-32776) libexpat before 2.7.5 allows an infinite loop while parsing DTD content. (CVE-2026-32777) libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. (CVE-2026-32778) Use-after-free in the DOM: Networking component. (CVE-2026-8090) Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2, Firefox 150.0.2, Thunderbird ESR 140.10.2 and Thunderbird 150.0.2. (CVE-2026-8092) Another issue in the WebRTC component. (CVE-2026-8094) References
- https://bugs.mageia.org/show_bug.cgi?id=35508
- https://www.firefox.com/en-US/firefox/140.10.2/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/140.10.2esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-44/
- https://www.cve.org/CVERecord?id=CVE-2025-62813
- https://www.cve.org/CVERecord?id=CVE-2026-32776
- https://www.cve.org/CVERecord?id=CVE-2026-32777
- https://www.cve.org/CVERecord?id=CVE-2026-32778
- https://www.cve.org/CVERecord?id=CVE-2026-8090
- https://www.cve.org/CVERecord?id=CVE-2026-8092
- https://www.cve.org/CVERecord?id=CVE-2026-8094
- firefox-140.10.2-1.mga9
- firefox-l10n-140.10.2-1.mga9
- thunderbird-140.10.2-1.mga9
- thunderbird-l10n-140.10.2-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0144 - Updated dpkg packages fix security vulnerabilities
Publication date: 16 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2219 Description It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU). References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2219 Description It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU). References
- https://bugs.mageia.org/show_bug.cgi?id=35489
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3QFBK2ZJ4T5BTAWBSDBQLVRZQKJEAJEX/
- https://www.cve.org/CVERecord?id=CVE-2026-2219
- dpkg-1.22.22-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0143 - Updated golang packages fix security vulnerabilities
Publication date: 16 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-27142 , CVE-2026-25679 , CVE-2026-27139 , CVE-2026-27140 , CVE-2026-27143 , CVE-2026-27144 , CVE-2026-32280 , CVE-2026-32281 , CVE-2026-32282 , CVE-2026-32283 , CVE-2026-32288 , CVE-2026-32289 Description We are moving to a supported branch as ver. 1.24 reaches EOL. This update comes with the security vulnerabilities fixed in the 1.25 branch. Please see the links for details. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-27142 , CVE-2026-25679 , CVE-2026-27139 , CVE-2026-27140 , CVE-2026-27143 , CVE-2026-27144 , CVE-2026-32280 , CVE-2026-32281 , CVE-2026-32282 , CVE-2026-32283 , CVE-2026-32288 , CVE-2026-32289 Description We are moving to a supported branch as ver. 1.24 reaches EOL. This update comes with the security vulnerabilities fixed in the 1.25 branch. Please see the links for details. References
- https://bugs.mageia.org/show_bug.cgi?id=35181
- https://www.openwall.com/lists/oss-security/2026/05/08/20
- https://www.cve.org/CVERecord?id=CVE-2026-27142
- https://www.cve.org/CVERecord?id=CVE-2026-25679
- https://www.cve.org/CVERecord?id=CVE-2026-27139
- https://www.cve.org/CVERecord?id=CVE-2026-27140
- https://www.cve.org/CVERecord?id=CVE-2026-27143
- https://www.cve.org/CVERecord?id=CVE-2026-27144
- https://www.cve.org/CVERecord?id=CVE-2026-32280
- https://www.cve.org/CVERecord?id=CVE-2026-32281
- https://www.cve.org/CVERecord?id=CVE-2026-32282
- https://www.cve.org/CVERecord?id=CVE-2026-32283
- https://www.cve.org/CVERecord?id=CVE-2026-32288
- https://www.cve.org/CVERecord?id=CVE-2026-32289
- golang-1.25.10-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0142 - Updated samba packages fix security vulnerabilities
Publication date: 16 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2018-14628 , CVE-2025-10230 , CVE-2025-9640 Description An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. (CVE-2018-14628) Command injection in wins server hook script. (CVE-2025-10230) vfs_streams_xattr uninitialized memory write possible. (CVE-2025-9640) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2018-14628 , CVE-2025-10230 , CVE-2025-9640 Description An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. (CVE-2018-14628) Command injection in wins server hook script. (CVE-2025-10230) vfs_streams_xattr uninitialized memory write possible. (CVE-2025-9640) References
- https://bugs.mageia.org/show_bug.cgi?id=34672
- https://www.openwall.com/lists/oss-security/2025/10/15/2
- https://www.cve.org/CVERecord?id=CVE-2018-14628
- https://www.cve.org/CVERecord?id=CVE-2025-10230
- https://www.cve.org/CVERecord?id=CVE-2025-9640
- samba-4.17.12-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0141 - Updated libreoffice packages fix security vulnerability
Publication date: 15 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-4430 Description Heap Buffer Overflow in AgileEngine. (CVE-2026-4430) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-4430 Description Heap Buffer Overflow in AgileEngine. (CVE-2026-4430) References
- https://bugs.mageia.org/show_bug.cgi?id=35496
- https://lists.debian.org/debian-security-announce/2026/msg00162.html
- https://www.libreoffice.org/security/#cve-2026-4430
- https://www.cve.org/CVERecord?id=CVE-2026-4430
- libreoffice-24.2.7.2-1.4.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0140 - Updated perl-HTTP-Tiny packages fix security vulnerability
Publication date: 15 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-7010 Description HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. (CVE-2026-7010) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-7010 Description HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. (CVE-2026-7010) References
- https://bugs.mageia.org/show_bug.cgi?id=35521
- https://www.openwall.com/lists/oss-security/2026/05/11/17
- https://metacpan.org/release/HAARG/HTTP-Tiny-0.093-TRIAL/changes
- https://www.cve.org/CVERecord?id=CVE-2026-7010
- perl-HTTP-Tiny-0.82.0-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0139 - Updated tomcat packages fix security vulnerability
Publication date: 15 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-41284 , CVE-2026-41293 , CVE-2026-42498 , CVE-2026-43512 , CVE-2026-43513 , CVE-2026-43514 , CVE-2026-43515 Description Unbounded read in WebDAV LOCK and PROPFIND handling. (CVE-2026-41284) HTTP/2 request headers not validated. (CVE-2026-41293) WebSocket authentication header exposure. (CVE-2026-42498) Digest authenticator will authenticate any unknown user. (CVE-2026-43512) LockOutRealm treats user names as case-sensitive. (CVE-2026-43513) AJP secret compared in non-constant time. (CVE-2026-43514) Security constraints not correctly applied. (CVE-2026-43515) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-41284 , CVE-2026-41293 , CVE-2026-42498 , CVE-2026-43512 , CVE-2026-43513 , CVE-2026-43514 , CVE-2026-43515 Description Unbounded read in WebDAV LOCK and PROPFIND handling. (CVE-2026-41284) HTTP/2 request headers not validated. (CVE-2026-41293) WebSocket authentication header exposure. (CVE-2026-42498) Digest authenticator will authenticate any unknown user. (CVE-2026-43512) LockOutRealm treats user names as case-sensitive. (CVE-2026-43513) AJP secret compared in non-constant time. (CVE-2026-43514) Security constraints not correctly applied. (CVE-2026-43515) References
- https://bugs.mageia.org/show_bug.cgi?id=35523
- https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.118
- https://www.openwall.com/lists/oss-security/2026/05/12/8
- https://www.openwall.com/lists/oss-security/2026/05/12/9
- https://www.openwall.com/lists/oss-security/2026/05/12/10
- https://www.openwall.com/lists/oss-security/2026/05/12/11
- https://www.openwall.com/lists/oss-security/2026/05/12/12
- https://www.openwall.com/lists/oss-security/2026/05/12/13
- https://www.openwall.com/lists/oss-security/2026/05/12/14
- https://www.cve.org/CVERecord?id=CVE-2026-41284
- https://www.cve.org/CVERecord?id=CVE-2026-41293
- https://www.cve.org/CVERecord?id=CVE-2026-42498
- https://www.cve.org/CVERecord?id=CVE-2026-43512
- https://www.cve.org/CVERecord?id=CVE-2026-43513
- https://www.cve.org/CVERecord?id=CVE-2026-43514
- https://www.cve.org/CVERecord?id=CVE-2026-43515
- tomcat-9.0.118-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0138 - Updated awstats packages fix security vulnerability
Publication date: 15 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-63261 Description AWStats is vulnerable to Command Injection via the open function. (CVE-2025-63261) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-63261 Description AWStats is vulnerable to Command Injection via the open function. (CVE-2025-63261) References
- https://bugs.mageia.org/show_bug.cgi?id=35407
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GP4DGW2LGHINXKYPZWR2WJ5DMROGGO66/
- https://www.cve.org/CVERecord?id=CVE-2025-63261
- awstats-7.9-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0137 - Updated perl-XML-LibXML packages fix security vulnerability
Publication date: 14 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8177 Description XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. (CVE-2026-8177) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8177 Description XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. (CVE-2026-8177) References
- https://bugs.mageia.org/show_bug.cgi?id=35507
- https://www.openwall.com/lists/oss-security/2026/05/10/8
- https://github.com/cpan-authors/XML-LibXML/issues/146
- https://www.cve.org/CVERecord?id=CVE-2026-8177
- perl-XML-LibXML-2.20.800-3.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2026-0136 - Updated perl-Net-CIDR-Lite packages fix security vulnerabilities
Publication date: 14 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-45190 , CVE-2026-45191 Description Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. (CVE-2026-45190) Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. (CVE-2026-45191) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-45190 , CVE-2026-45191 Description Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. (CVE-2026-45190) Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. (CVE-2026-45191) References
- https://bugs.mageia.org/show_bug.cgi?id=35506
- https://www.openwall.com/lists/oss-security/2026/05/10/6
- https://www.openwall.com/lists/oss-security/2026/05/10/7
- https://www.cve.org/CVERecord?id=CVE-2026-45190
- https://www.cve.org/CVERecord?id=CVE-2026-45191
- perl-Net-CIDR-Lite-0.240.0-1.mga9
Categorías: Actualizaciones de Seguridad
