Mageia Security

Publication date: 13 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40928 Description JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact. (CVE-2025-40928) References

• https://bugs.mageia.org/show_bug.cgi?id=34628
• https://www.openwall.com/lists/oss-security/2025/09/08/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40928

SRPMS 9/core

• perl-JSON-XS-4.30.0-5.1.mga9

Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47287 Description Tornado vulnerable to excessive logging caused by malformed multipart form data. (CVE-2025-47287) References

• https://bugs.mageia.org/show_bug.cgi?id=34343
• https://ubuntu.com/security/notices/USN-7547-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47287

SRPMS 9/core

• python-tornado-6.3.2-1.2.mga9

Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-50181 Description Urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation. (CVE-2025-50181) References

• https://bugs.mageia.org/show_bug.cgi?id=34401
• https://ubuntu.com/security/notices/USN-7599-1
• https://ubuntu.com/security/notices/USN-7599-2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50181

SRPMS 9/core

• python-urllib3-1.26.20-1.1.mga9
• python-pip-23.0.1-1.2.mga9

Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0938 , CVE-2025-1795 , CVE-2024-9287 , CVE-2025-4516 , CVE-2024-12718 , CVE-2025-4138 , CVE-2025-4330 , CVE-2025-4435 , CVE-2025-4517 , CVE-2025-8194 Description URL parser allowed square brackets in domain names. (CVE-2025-0938) Mishandling of comma during folding and unicode-encoding of email headers. (CVE-2025-1795) Virtual environment (venv) activation scripts don't quote paths. (CVE-2024-9287) Use-after-free in "unicode_escape" decoder with error handler. (CVE-2025-4516) Bypass extraction filter to modify file metadata outside extraction directory. (CVE-2024-12718) Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory. (CVE-2025-4138) Extraction filter bypass for linking outside extraction directory. (CVE-2025-4330) Tarfile extracts filtered members when errorlevel=0. (CVE-2025-4435) Arbitrary writes via tarfile realpath overflow. (CVE-2025-4517) Tarfile infinite loop during parsing with negative member offset. (CVE-2025-8194) References

• https://bugs.mageia.org/show_bug.cgi?id=34285
• https://bugs.mageia.org/show_bug.cgi?id=34007
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FRAYUVWW2DYX7RTRPVFLFADRHABRVQN/
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NNC4GZYGFZ76A7NUZ5BG2CMGVR32LXCG/
• https://ubuntu.com/security/notices/USN-7488-1
• https://www.openwall.com/lists/oss-security/2025/05/16/4
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUW6UXZQE7B4PPK3PK3NZAWP5PVOU5L3/
• https://www.openwall.com/lists/oss-security/2025/06/24/1
• https://www.openwall.com/lists/oss-security/2025/07/28/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0938
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1795
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9287
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4516
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12718
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4138
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4330
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4435
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4517
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8194

SRPMS 9/core

• python3-3.10.18-1.4.mga9

Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1860 Description Data::Entropy for Perl uses insecure rand() function for cryptographic functions. (CVE-2025-1860) References

• https://bugs.mageia.org/show_bug.cgi?id=34212
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/77JMVPALVOSZWBL54FOO42D3RMLW2DLP/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1860

SRPMS 9/core

• perl-Data-Entropy-0.7.0-10.1.mga9

Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2011-10007 Description File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name. (CVE-2011-10007) References

• https://bugs.mageia.org/show_bug.cgi?id=34352
• https://www.openwall.com/lists/oss-security/2025/06/05/4
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IU76LFGXLXKYPWUGOA3WJD5MKZXGVV6/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-10007

SRPMS 9/core

• perl-File-Find-Rule-0.340.0-5.1.mga9

Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40907 Description FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. (CVE-2025-40907) References

• https://bugs.mageia.org/show_bug.cgi?id=34355
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVJG5HEXJS2X62ZHSO26DXTMOVBYTU4V/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40907

SRPMS 9/core

• perl-FCGI-0.820.0-3.1.mga9

Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-31484 , CVE-2023-31486 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. (CVE-2023-31484) HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. (CVE-2023-31486) References

• https://bugs.mageia.org/show_bug.cgi?id=31852
• https://www.openwall.com/lists/oss-security/2023/04/29/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31486

SRPMS 9/core

• perl-CPAN-2.340.0-1.1.mga9
• perl-HTTP-Tiny-0.82.0-1.1.mga9

Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40908 Description YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified. (CVE-2025-40908) References

• https://bugs.mageia.org/show_bug.cgi?id=34448
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/HKC72252CNE2PZENAI7UN24YB5X2Z5EK/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40908

SRPMS 9/core

• perl-YAML-LibYAML-0.860.0-1.1.mga9

Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-31484 , CVE-2024-56406 , CVE-2025-40909 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. (CVE-2023-31484) Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes. (CVE-2024-56406) Perl threads have a working directory race condition where file operations may target unintended paths. (CVE-2025-40909) References

• https://bugs.mageia.org/show_bug.cgi?id=34209
• https://bugs.mageia.org/show_bug.cgi?id=31852
• https://www.openwall.com/lists/oss-security/2023/04/29/1
• https://ubuntu.com/security/notices/USN-6112-1
• https://openwall.com/lists/oss-security/2025/04/13/3
• https://lists.debian.org/debian-security-announce/2025/msg00064.html
• https://ubuntu.com/security/notices/USN-7434-1
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USJDDXS5I35D7CEPDILLJIEUAZOXW7YF/
• https://www.openwall.com/lists/oss-security/2025/05/22/2
• https://www.openwall.com/lists/oss-security/2025/05/23/1
• https://openwall.com/lists/oss-security/2025/05/30/4
• https://www.openwall.com/lists/oss-security/2025/06/02/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56406
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40909

SRPMS 9/core

• perl-5.36.0-1.2.mga9

Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-11411 Description Several multi-vendor cache poisoning vulnerabilities have been discovered in caching resolvers for non-DNSSEC protected data. Unbound is vulnerable for some of these cases that could lead to domain hijacking (CVE-2025-11411). References

• https://bugs.mageia.org/show_bug.cgi?id=34700
• https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11411

SRPMS 9/core

• unbound-1.24.1-1.mga9

Publication date: 12 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description Fixed an issue that caused the vfio-pci module to soft lockup after powering off a VM with passed-through NVIDIA GPUs. Fixed a recent regression which prevented HDMI FRL from working after hot unplugging and replugging a display. Fixed a bug that caused Rage2 to crash when loading the game menu: https://forums.developer.nvidia.com/t/rage-2-crashes-when-entering-the-m ap-seems-nvidia-specific-problem/169063 Fixed a bug that caused Metro Exodus EE to crash: https://forums.developer.nvidia.com/t/580-release-feedback-discussion/34 1205/53 Fixed a bug that allowed VRR to be enabled on some modes where it isn't actually possible, leading to a black screen. Fixed a bug that could cause some HDMI displays to remain blank after unplugging and re-plugging the display. Fixed an issue that would prevent large resolution or high References

• https://bugs.mageia.org/show_bug.cgi?id=34733
• https://www.nvidia.com/en-us/drivers/details/257493/

SRPMS 9/nonfree

• nvidia-current-580.105.08-1.mga9.nonfree

Publication date: 10 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-62291 Description Buffer Overflow When Handling EAP-MSCHAPv2 Failure Requests. (CVE-2025-62291) References

• https://bugs.mageia.org/show_bug.cgi?id=34705
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/QVE27CU4U3DGHAD4EVF75YM3RK423ZQS/
• https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-(cve-2025-62291).html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62291

SRPMS 9/core

• strongswan-5.9.14-1.1.mga9

Publication date: 10 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description Simgear, flightgear and flightgear-data updated to bug fix release 2024.1.3 References

• https://bugs.mageia.org/show_bug.cgi?id=34725
• https://www.flightgear.org/download/releases/2024-1-3/

SRPMS 9/core

• flightgear-2024.1.3-2.mga9
• simgear-2024.1.3-1.mga9
• flightgear-data-2024.1.3-1.mga9

Publication date: 09 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31133 , CVE-2025-52565 , CVE-2025-52881 Description The way masked paths are implemented in runc can be exploited to cause the host system to crash or halt (CVE-2025-31133) and a flaw in /dev/console bind-mounts can lead to container escape (CVE-2025-52565). Also, arbitrary write gadgets and procfs write redirects could be used to engineer container escape and denial of service (CVE-2025-52881). References

• https://bugs.mageia.org/show_bug.cgi?id=34719
• https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2
• https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm
• https://www.openwall.com/lists/oss-security/2025/11/05/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881

SRPMS 9/core

• opencontainers-runc-1.2.8-2.1.mga9

Publication date: 09 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-31143 , CVE-2024-31144 , CVE-2024-31145 , CVE-2024-31146 , CVE-2024-45817 , CVE-2024-45818 , CVE-2024-45819 , CVE-2024-53240 , CVE-2024-53241 , CVE-2025-1713 , CVE-2024-28956 , CVE-2025-27462 , CVE-2025-27463 , CVE-2025-27464 , CVE-2025-27465 , CVE-2024-36350 , CVE-2024-36357 Description Double unlock in x86 guest IRQ handling. (CVE-2024-31143) Xapi: Metadata injection attack against backup/restore functionality. (CVE-2024-31144) Error handling in x86 IOMMU identity mapping. (CVE-2024-31145) PCI device pass-through with shared resources. (CVE-2024-31146) x86: Deadlock in vlapic_error(). (CVE-2024-45817) Deadlock in x86 HVM standard VGA handling. (CVE-2024-45818) libxl leaks data to PVH guests via ACPI tables. (CVE-2024-45819) Backend can crash Linux netfront. (CVE-2024-53240) Xen hypercall page unsafe against speculative attacks. (CVE-2024-53241) Deadlock potential with VT-d and legacy PCI device pass-through. (CVE-2025-1713) x86: Indirect Target Selection. (CVE-2024-28956) x86: Incorrect stubs exception handling for flags recovery. (CVE-2025-27465) TSA-SQ (TSA in the Store Queues). (CVE-2024-36350) TSA-L1 (TSA in the L1 data cache). (CVE-2024-36357) A NULL pointer dereference in the updating of the reference TSC area. (CVE-2025-27466) A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. (CVE-2025-58142) A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. (CVE-2025-58143) An assertion is wrong there, where the case actually needs handling. A NULL pointer de-reference could result on a release build. (CVE-2025-58144) The P2M lock isn't held until a page reference was actually obtained (or the attempt to do so has failed). Otherwise the page can not only change type, but even ownership in between, thus allowing domain boundaries to be violated. (CVE-2025-58145) XAPI UTF-8 string handling. (CVE-2025-58146) Hypercalls using the HV_VP_SET Sparse format can cause vpmask_set() to write out of bounds when converting the bitmap to Xen's format. (CVE-2025-58147) Hypercalls using any input format can cause send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild vCPU pointer.(CVE-2025-58148) Incorrect removal of permissions on PCI device unplug. (CVE-2025-58149) References

• https://bugs.mageia.org/show_bug.cgi?id=33401
• https://www.openwall.com/lists/oss-security/2024/07/16/3
• https://www.openwall.com/lists/oss-security/2024/07/16/4
• https://www.openwall.com/lists/oss-security/2024/08/14/2
• https://www.openwall.com/lists/oss-security/2024/08/14/3
• https://www.openwall.com/lists/oss-security/2024/09/24/1
• https://www.openwall.com/lists/oss-security/2024/11/12/2
• https://www.openwall.com/lists/oss-security/2024/11/12/1
• https://www.openwall.com/lists/oss-security/2024/12/17/1
• https://www.openwall.com/lists/oss-security/2024/12/17/2
• https://www.openwall.com/lists/oss-security/2025/02/27/1
• https://www.openwall.com/lists/oss-security/2025/05/12/4
• https://www.openwall.com/lists/oss-security/2025/05/12/5
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KEACKX57LEHS2YKZ4PO5DYNOQRGQSDO2/
• https://www.openwall.com/lists/oss-security/2025/05/27/1
• https://www.openwall.com/lists/oss-security/2025/07/01/1
• https://www.openwall.com/lists/oss-security/2025/07/08/2
• https://www.openwall.com/lists/oss-security/2025/08/28/2
• https://www.openwall.com/lists/oss-security/2025/09/09/1
• https://www.openwall.com/lists/oss-security/2025/09/09/2
• https://www.openwall.com/lists/oss-security/2025/09/09/3
• https://www.openwall.com/lists/oss-security/2025/10/21/1
• https://www.openwall.com/lists/oss-security/2025/10/24/1
• https://www.openwall.com/lists/oss-security/2025/11/05/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31143
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31144
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31145
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31146
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45817
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45818
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45819
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53240
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1713
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28956
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27462
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27463
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27464
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27465
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357

SRPMS 9/core

• xen-4.17.5-1.git20251028.1.mga9

Publication date: 09 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49794 , CVE-2025-49795 , CVE-2025-49796 , CVE-2025-6021 , CVE-2025-6170 , CVE-2025-7424 , CVE-2025-7425 Description Heap use after free (UAF) leads to Denial of service (DoS). (CVE-2025-49794) Null pointer dereference leads to Denial of service (DoS). (CVE-2025-49795) Type confusion leads to Denial of service (DoS). (CVE-2025-49796) Integer Overflow Leading to Buffer Overflow in xmlBuildQName(). (CVE-2025-6021) Stack-based Buffer Overflow in xmllint Shell. (CVE-2025-6170) Type confusion in xmlNode.psvi between stylesheet and source nodes. (CVE-2025-7424) Heap-use-after-free in xmlFreeID caused by `atype` corruption. (CVE-2025-7425) References

• https://bugs.mageia.org/show_bug.cgi?id=34378
• https://www.openwall.com/lists/oss-security/2025/06/16/6
• https://www.openwall.com/lists/oss-security/2025/07/11/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49795
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7424
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7425

SRPMS 9/core

• libxml2-2.10.4-1.8.mga9
• libxslt-1.1.38-1.2.mga9

Publication date: 09 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description Changes in arte.tv make the current version of qrte fail to work. This update fixes the issue. Errata: the package's changelog makes reference to an invalid bug number. References

• https://bugs.mageia.org/show_bug.cgi?id=34703
• https://bugs.launchpad.net/qarte/+bug/2129714

SRPMS 9/core

• qarte-5.14.0-1.mga9

Publication date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53057 , CVE-2025-53066 Description Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2025-53057) Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2025-53066) References

• https://bugs.mageia.org/show_bug.cgi?id=34697
• https://access.redhat.com/errata/RHSA-2025:18815
• https://access.redhat.com/errata/RHSA-2025:18818
• https://access.redhat.com/errata/RHSA-2025:18821
• https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixJAVA
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53057
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53066

SRPMS 9/core

• java-1.8.0-openjdk-1.8.0.472.b08-1.mga9
• java-11-openjdk-11.0.29.0.7-1.mga9
• java-17-openjdk-17.0.17.0.10-1.mga9
• java-latest-openjdk-25.0.1.0.8-1.rolling.1.mga9

Publication date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6965 Description Integer Truncation on SQLite. (CVE-2025-6965) References

• https://bugs.mageia.org/show_bug.cgi?id=34626
• https://www.openwall.com/lists/oss-security/2025/09/06/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965

SRPMS 9/core

• sqlite3-3.40.1-1.3.mga9