Mageia Security
MGASA-2024-0380 - Updated dcmtk packages fix security vulnerability
Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-27628 Description A buffer overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. (CVE-2024-27628) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-27628 Description A buffer overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. (CVE-2024-27628) References
- https://bugs.mageia.org/show_bug.cgi?id=33798
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/U3LXLFP2Q7LBLGBNWEPO3O2ZZ2JPCYEU/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27628
- dcmtk-3.6.7-4.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0379 - Updated tomcat packages fix security vulnerabilities
Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-52316 , CVE-2024-52318 Description Authentication bypass when using Jakarta Authentication API. (CVE-2024-52316) Incorrect JSP tag recycling leads to XSS. (CVE-2024-52318) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-52316 , CVE-2024-52318 Description Authentication bypass when using Jakarta Authentication API. (CVE-2024-52316) Incorrect JSP tag recycling leads to XSS. (CVE-2024-52318) References
- https://bugs.mageia.org/show_bug.cgi?id=33781
- https://www.openwall.com/lists/oss-security/2024/11/18/2
- https://www.openwall.com/lists/oss-security/2024/11/18/4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52318
- tomcat-9.0.97-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0378 - Updated wget packages fix security vulnerability
Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10524 Description Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. (CVE-2024-10524) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10524 Description Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. (CVE-2024-10524) References
- https://bugs.mageia.org/show_bug.cgi?id=33780
- https://www.openwall.com/lists/oss-security/2024/11/18/6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10524
- wget-1.21.4-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0377 - Updated microcode packages fix security vulnerabilities
Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-21853 , CVE-2024-23918 , CVE-2024-21820 Description Improper Finite State Machines (FSMs) in the Hardware logic in some 4th and 5th Generation Intel® Xeon® Processors may allow an authorized user to potentially enable denial of service via local access. (CVE-2024-21853) Improper conditions check in some Intel® Xeon® processor memory controller configurations when using Intel® SGX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-23918) Incorrect default permissions in some Intel® Xeon® processor memory controller configurations when using Intel® SGX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-21820) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-21853 , CVE-2024-23918 , CVE-2024-21820 Description Improper Finite State Machines (FSMs) in the Hardware logic in some 4th and 5th Generation Intel® Xeon® Processors may allow an authorized user to potentially enable denial of service via local access. (CVE-2024-21853) Improper conditions check in some Intel® Xeon® processor memory controller configurations when using Intel® SGX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-23918) Incorrect default permissions in some Intel® Xeon® processor memory controller configurations when using Intel® SGX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-21820) References
- https://bugs.mageia.org/show_bug.cgi?id=33770
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20241112
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21853
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23918
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21820
- microcode-0.20241112-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGASA-2024-0376 - Updated golang packages fix security vulnerabilities
Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34155 , CVE-2024-34156 , CVE-2024-34158 Description Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.CVE-2024-34158 References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34155 , CVE-2024-34156 , CVE-2024-34158 Description Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.CVE-2024-34158 References
- https://bugs.mageia.org/show_bug.cgi?id=33526
- https://www.openwall.com/lists/oss-security/2024/09/05/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158
- golang-1.22.9-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0375 - Updated php packages fix security vulnerabilities
Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-8932 , CVE-2024-8929 , CVE-2024-11236 , CVE-2024-11233 , CVE-2024-11234 Description Some heap errors, segmentation faults and security vulnerabilities have been found and corrected. It is advised to install this update. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-8932 , CVE-2024-8929 , CVE-2024-11236 , CVE-2024-11233 , CVE-2024-11234 Description Some heap errors, segmentation faults and security vulnerabilities have been found and corrected. It is advised to install this update. References
- https://bugs.mageia.org/show_bug.cgi?id=33793
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8932
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8929
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11236
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11233
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11234
- php-8.2.26-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0374 - Updated zbar packages fix security vulnerabilities
Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-40889 , CVE-2023-40890 Description A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. CVE-2023-40889 A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. CVE-2023-40890 References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-40889 , CVE-2023-40890 Description A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. CVE-2023-40889 A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. CVE-2023-40890 References
- https://bugs.mageia.org/show_bug.cgi?id=33790
- https://ubuntu.com/security/notices/USN-7118-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40889
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40890
- zbar-0.23.93-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0373 - Updated libsndfile packages fix security vulnerability
Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50612 Description libsndfile suffers from an out-of-bounds read in ogg_vorbis.c vorbis_analysis_wrote. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50612 Description libsndfile suffers from an out-of-bounds read in ogg_vorbis.c vorbis_analysis_wrote. References
- https://bugs.mageia.org/show_bug.cgi?id=33789
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PYXWUCWTDAITTQHM72BGA2ENVXC7G5M/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50612
- libsndfile-1.2.0-3.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0372 - Updated postgresql15 & postgresql13 packages fix security vulnerabilities
Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10976 , CVE-2024-10977 , CVE-2024-10978 , CVE-2024-10979 Description PostgreSQL row security below e.g. subqueries disregards user ID changes. (CVE-2024-10976) PostgreSQL libpq retains an error message from man-in-the-middle. (CVE-2024-10977) PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID. (CVE-2024-10978) PostgreSQL PL/Perl environment variable changes execute arbitrary code. (CVE-2024-10979) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10976 , CVE-2024-10977 , CVE-2024-10978 , CVE-2024-10979 Description PostgreSQL row security below e.g. subqueries disregards user ID changes. (CVE-2024-10976) PostgreSQL libpq retains an error message from man-in-the-middle. (CVE-2024-10977) PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID. (CVE-2024-10978) PostgreSQL PL/Perl environment variable changes execute arbitrary code. (CVE-2024-10979) References
- https://bugs.mageia.org/show_bug.cgi?id=33779
- https://www.postgresql.org/about/news/postgresql-171-165-159-1414-1317-and-1221-released-2955/
- https://www.postgresql.org/about/news/postgresql-172-166-1510-1415-1318-and-1222-released-2965/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10976
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10977
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10978
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10979
- postgresql15-15.10-1.mga9
- postgresql13-13.18-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0371 - Updated rapidjson packages fix security vulnerability
Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-38517 Description Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege. (CVE-2024-38517) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-38517 Description Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege. (CVE-2024-38517) References
- https://bugs.mageia.org/show_bug.cgi?id=33803
- https://ubuntu.com/security/notices/USN-7125-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38517
- rapidjson-1.1.0-6.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0370 - Updated opendmarc packages fix security vulnerability
Publication date: 22 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-25768 Description Fix null pointer dereference in opendmarc_policy.c. (CVE-2024-25768) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-25768 Description Fix null pointer dereference in opendmarc_policy.c. (CVE-2024-25768) References
- https://bugs.mageia.org/show_bug.cgi?id=33756
- https://github.com/trusteddomainproject/OpenDMARC/issues/256
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25768
- opendmarc-1.4.2-2.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0369 - Updated kernel, kmod-xtables-addons, kmod-virtualbox & bluez packages fix security vulnerabilities
Publication date: 22 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50103 , CVE-2024-50108 , CVE-2024-50110 , CVE-2024-50111 , CVE-2024-50112 , CVE-2024-50115 , CVE-2024-50116 , CVE-2024-50117 , CVE-2024-50120 , CVE-2024-50121 , CVE-2024-50124 , CVE-2024-50125 , CVE-2024-50126 , CVE-2024-50127 , CVE-2024-50128 , CVE-2024-50130 , CVE-2024-50131 , CVE-2024-50133 , CVE-2024-50134 , CVE-2024-50135 , CVE-2024-50136 , CVE-2024-50139 , CVE-2024-50140 , CVE-2024-50141 , CVE-2024-50142 , CVE-2024-50143 , CVE-2024-50145 , CVE-2024-50147 , CVE-2024-50148 , CVE-2024-50150 , CVE-2024-50151 , CVE-2024-50152 , CVE-2024-50153 , CVE-2024-50154 , CVE-2024-50155 , CVE-2024-50156 , CVE-2024-50158 , CVE-2024-50159 , CVE-2024-50160 , CVE-2024-50162 , CVE-2024-50163 , CVE-2024-50164 , CVE-2024-50166 , CVE-2024-50167 , CVE-2024-50168 , CVE-2024-50169 , CVE-2024-50170 , CVE-2024-50171 , CVE-2024-50172 , CVE-2024-50205 , CVE-2024-50208 , CVE-2024-50209 , CVE-2024-50210 , CVE-2024-50211 , CVE-2024-50215 , CVE-2024-50216 , CVE-2024-50218 , CVE-2024-50219 , CVE-2024-50222 , CVE-2024-50223 , CVE-2024-50224 , CVE-2024-50226 , CVE-2024-50228 , CVE-2024-50229 , CVE-2024-50230 , CVE-2024-50231 , CVE-2024-50232 , CVE-2024-50233 , CVE-2024-50234 , CVE-2024-50235 , CVE-2024-50236 , CVE-2024-50237 , CVE-2024-50239 , CVE-2024-50240 , CVE-2024-50242 , CVE-2024-50243 , CVE-2024-50244 , CVE-2024-50245 , CVE-2024-50246 , CVE-2024-50247 , CVE-2024-50248 , CVE-2024-50249 , CVE-2024-50250 , CVE-2024-50251 , CVE-2024-50252 , CVE-2024-50255 , CVE-2024-50256 , CVE-2024-50257 , CVE-2024-50258 , CVE-2024-50259 , CVE-2024-50261 , CVE-2024-50262 Description Upstream kernel version 6.6.61 fixes bugs and vulnerabilities. The bluez, kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50103 , CVE-2024-50108 , CVE-2024-50110 , CVE-2024-50111 , CVE-2024-50112 , CVE-2024-50115 , CVE-2024-50116 , CVE-2024-50117 , CVE-2024-50120 , CVE-2024-50121 , CVE-2024-50124 , CVE-2024-50125 , CVE-2024-50126 , CVE-2024-50127 , CVE-2024-50128 , CVE-2024-50130 , CVE-2024-50131 , CVE-2024-50133 , CVE-2024-50134 , CVE-2024-50135 , CVE-2024-50136 , CVE-2024-50139 , CVE-2024-50140 , CVE-2024-50141 , CVE-2024-50142 , CVE-2024-50143 , CVE-2024-50145 , CVE-2024-50147 , CVE-2024-50148 , CVE-2024-50150 , CVE-2024-50151 , CVE-2024-50152 , CVE-2024-50153 , CVE-2024-50154 , CVE-2024-50155 , CVE-2024-50156 , CVE-2024-50158 , CVE-2024-50159 , CVE-2024-50160 , CVE-2024-50162 , CVE-2024-50163 , CVE-2024-50164 , CVE-2024-50166 , CVE-2024-50167 , CVE-2024-50168 , CVE-2024-50169 , CVE-2024-50170 , CVE-2024-50171 , CVE-2024-50172 , CVE-2024-50205 , CVE-2024-50208 , CVE-2024-50209 , CVE-2024-50210 , CVE-2024-50211 , CVE-2024-50215 , CVE-2024-50216 , CVE-2024-50218 , CVE-2024-50219 , CVE-2024-50222 , CVE-2024-50223 , CVE-2024-50224 , CVE-2024-50226 , CVE-2024-50228 , CVE-2024-50229 , CVE-2024-50230 , CVE-2024-50231 , CVE-2024-50232 , CVE-2024-50233 , CVE-2024-50234 , CVE-2024-50235 , CVE-2024-50236 , CVE-2024-50237 , CVE-2024-50239 , CVE-2024-50240 , CVE-2024-50242 , CVE-2024-50243 , CVE-2024-50244 , CVE-2024-50245 , CVE-2024-50246 , CVE-2024-50247 , CVE-2024-50248 , CVE-2024-50249 , CVE-2024-50250 , CVE-2024-50251 , CVE-2024-50252 , CVE-2024-50255 , CVE-2024-50256 , CVE-2024-50257 , CVE-2024-50258 , CVE-2024-50259 , CVE-2024-50261 , CVE-2024-50262 Description Upstream kernel version 6.6.61 fixes bugs and vulnerabilities. The bluez, kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=33775
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.59
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.60
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.61
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50103
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50108
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50110
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50111
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50112
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50115
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50116
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50117
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50120
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50121
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50124
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50125
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50126
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50127
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50128
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50130
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50131
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50133
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50134
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50135
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50136
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50139
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50140
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50141
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50142
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50143
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50145
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50147
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50148
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50150
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50151
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50152
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50153
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50154
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50155
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50156
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50158
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50159
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50160
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50162
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50163
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50164
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50166
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50167
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50168
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50169
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50170
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50171
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50172
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50205
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50208
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50209
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50210
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50211
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50215
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50216
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50218
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50219
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50222
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50223
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50224
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50226
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50228
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50229
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50230
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50231
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50232
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50233
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50234
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50235
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50236
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50237
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50239
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50240
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50242
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50243
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50244
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50245
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50246
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50247
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50248
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50249
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50250
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50251
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50252
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50255
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50256
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50257
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50258
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50259
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50261
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50262
- kernel-6.6.61-1.mga9
- kmod-virtualbox-7.0.20-58.mga9
- kmod-xtables-addons-3.24-66.mga9
- bluez-5.79-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0368 - Updated kernel-linus packages fix security vulnerabilities
Publication date: 22 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50103 , CVE-2024-50108 , CVE-2024-50110 , CVE-2024-50111 , CVE-2024-50112 , CVE-2024-50115 , CVE-2024-50116 , CVE-2024-50117 , CVE-2024-50120 , CVE-2024-50121 , CVE-2024-50124 , CVE-2024-50125 , CVE-2024-50126 , CVE-2024-50127 , CVE-2024-50128 , CVE-2024-50130 , CVE-2024-50131 , CVE-2024-50133 , CVE-2024-50134 , CVE-2024-50135 , CVE-2024-50136 , CVE-2024-50139 , CVE-2024-50140 , CVE-2024-50141 , CVE-2024-50142 , CVE-2024-50143 , CVE-2024-50145 , CVE-2024-50147 , CVE-2024-50148 , CVE-2024-50150 , CVE-2024-50151 , CVE-2024-50152 , CVE-2024-50153 , CVE-2024-50154 , CVE-2024-50155 , CVE-2024-50156 , CVE-2024-50158 , CVE-2024-50159 , CVE-2024-50160 , CVE-2024-50162 , CVE-2024-50163 , CVE-2024-50164 , CVE-2024-50166 , CVE-2024-50167 , CVE-2024-50168 , CVE-2024-50169 , CVE-2024-50170 , CVE-2024-50171 , CVE-2024-50172 , CVE-2024-50205 , CVE-2024-50208 , CVE-2024-50209 , CVE-2024-50210 , CVE-2024-50211 , CVE-2024-50215 , CVE-2024-50216 , CVE-2024-50218 , CVE-2024-50219 , CVE-2024-50222 , CVE-2024-50223 , CVE-2024-50224 , CVE-2024-50226 , CVE-2024-50228 , CVE-2024-50229 , CVE-2024-50230 , CVE-2024-50231 , CVE-2024-50232 , CVE-2024-50233 , CVE-2024-50234 , CVE-2024-50235 , CVE-2024-50236 , CVE-2024-50237 , CVE-2024-50239 , CVE-2024-50240 , CVE-2024-50242 , CVE-2024-50243 , CVE-2024-50244 , CVE-2024-50245 , CVE-2024-50246 , CVE-2024-50247 , CVE-2024-50248 , CVE-2024-50249 , CVE-2024-50250 , CVE-2024-50251 , CVE-2024-50252 , CVE-2024-50255 , CVE-2024-50256 , CVE-2024-50257 , CVE-2024-50258 , CVE-2024-50259 , CVE-2024-50261 , CVE-2024-50262 Description Vanilla upstream kernel version 6.6.61 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50103 , CVE-2024-50108 , CVE-2024-50110 , CVE-2024-50111 , CVE-2024-50112 , CVE-2024-50115 , CVE-2024-50116 , CVE-2024-50117 , CVE-2024-50120 , CVE-2024-50121 , CVE-2024-50124 , CVE-2024-50125 , CVE-2024-50126 , CVE-2024-50127 , CVE-2024-50128 , CVE-2024-50130 , CVE-2024-50131 , CVE-2024-50133 , CVE-2024-50134 , CVE-2024-50135 , CVE-2024-50136 , CVE-2024-50139 , CVE-2024-50140 , CVE-2024-50141 , CVE-2024-50142 , CVE-2024-50143 , CVE-2024-50145 , CVE-2024-50147 , CVE-2024-50148 , CVE-2024-50150 , CVE-2024-50151 , CVE-2024-50152 , CVE-2024-50153 , CVE-2024-50154 , CVE-2024-50155 , CVE-2024-50156 , CVE-2024-50158 , CVE-2024-50159 , CVE-2024-50160 , CVE-2024-50162 , CVE-2024-50163 , CVE-2024-50164 , CVE-2024-50166 , CVE-2024-50167 , CVE-2024-50168 , CVE-2024-50169 , CVE-2024-50170 , CVE-2024-50171 , CVE-2024-50172 , CVE-2024-50205 , CVE-2024-50208 , CVE-2024-50209 , CVE-2024-50210 , CVE-2024-50211 , CVE-2024-50215 , CVE-2024-50216 , CVE-2024-50218 , CVE-2024-50219 , CVE-2024-50222 , CVE-2024-50223 , CVE-2024-50224 , CVE-2024-50226 , CVE-2024-50228 , CVE-2024-50229 , CVE-2024-50230 , CVE-2024-50231 , CVE-2024-50232 , CVE-2024-50233 , CVE-2024-50234 , CVE-2024-50235 , CVE-2024-50236 , CVE-2024-50237 , CVE-2024-50239 , CVE-2024-50240 , CVE-2024-50242 , CVE-2024-50243 , CVE-2024-50244 , CVE-2024-50245 , CVE-2024-50246 , CVE-2024-50247 , CVE-2024-50248 , CVE-2024-50249 , CVE-2024-50250 , CVE-2024-50251 , CVE-2024-50252 , CVE-2024-50255 , CVE-2024-50256 , CVE-2024-50257 , CVE-2024-50258 , CVE-2024-50259 , CVE-2024-50261 , CVE-2024-50262 Description Vanilla upstream kernel version 6.6.61 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=33776
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.59
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.60
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.61
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50103
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50108
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50110
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50111
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50112
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50115
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50116
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50117
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50120
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50121
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50124
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50125
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50126
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50127
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50128
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50130
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50131
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50133
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50134
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50135
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50136
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50139
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50140
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50141
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50142
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50143
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50145
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50147
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50148
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50150
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50151
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50152
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50153
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50154
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50155
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50156
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50158
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50159
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50160
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50162
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50163
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50164
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50166
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50167
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50168
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50169
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50170
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50171
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50172
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50205
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50208
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50209
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50210
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50211
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50215
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50216
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50218
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50219
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50222
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50223
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50224
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50226
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50228
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50229
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50230
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50231
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50232
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50233
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50234
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50235
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50236
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50237
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50239
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50240
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50242
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50243
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50244
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50245
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50246
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50247
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50248
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50249
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50250
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50251
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50252
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50255
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50256
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50257
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50258
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50259
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50261
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50262
- kernel-linus-6.6.61-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0367 - Updated radare2 packages fix security vulnerability
Publication date: 22 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-48241 Description An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function. (CVE-2024-48241) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-48241 Description An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function. (CVE-2024-48241) References
- https://bugs.mageia.org/show_bug.cgi?id=33755
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFYOSKZAUGT7XKZWLV56ZMYJVZ6EHY42/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48241
- radare2-5.8.8-1.3.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0366 - Updated kanboard packages fix security vulnerability
Publication date: 22 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-36813 Description In versions prior to 1.2.31 an authenticated user is able to perform a SQL injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations the code improperly uses the PicoDB library to update/insert new information. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-36813 Description In versions prior to 1.2.31 an authenticated user is able to perform a SQL injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations the code improperly uses the PicoDB library to update/insert new information. References
- https://bugs.mageia.org/show_bug.cgi?id=32113
- https://www.debian.org/security/2023/dsa-5454
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36813
- kanboard-1.2.42-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0232 - Updated mesa & libdrm packages fix bugs
Publication date: 22 Nov 2024
Type: bugfix
Affected Mageia releases : 9
Description brw_fs_opt_copy_propagation incorrectly handles size changes of uniforms. nouveau paraview msaa corruption 23.1 bisected regression. Missing xshmfence dependency for X11 WSI on macOS. [AMDGPU RDNA3] Black square artifacts in viewport renders in Blender. radv: test_sm67_sample_cmp_level test in vkd3d-proton fails [ANV] LNL tiled corruption in background traci Blackops3-trace-dx11-1080p-high. [anv] Possible regression in e3814dee1ac0f90771b921a4f6f5aed10f06e8d4 Confidential issue #12092 References
Type: bugfix
Affected Mageia releases : 9
Description brw_fs_opt_copy_propagation incorrectly handles size changes of uniforms. nouveau paraview msaa corruption 23.1 bisected regression. Missing xshmfence dependency for X11 WSI on macOS. [AMDGPU RDNA3] Black square artifacts in viewport renders in Blender. radv: test_sm67_sample_cmp_level test in vkd3d-proton fails [ANV] LNL tiled corruption in background traci Blackops3-trace-dx11-1080p-high. [anv] Possible regression in e3814dee1ac0f90771b921a4f6f5aed10f06e8d4 Confidential issue #12092 References
- https://bugs.mageia.org/show_bug.cgi?id=33774
- https://docs.mesa3d.org/relnotes/24.2.6.html#changes
- https://docs.mesa3d.org/relnotes/24.2.7.html#changes
- mesa-24.2.7-1.mga9
- libdrm-2.4.123-1.mga9
- mesa-24.2.7-1.mga9.tainted
Categorías: Actualizaciones de Seguridad
MGASA-2024-0365 - Updated thunderbird packages fix security vulnerability
Publication date: 20 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-11159 Description Potential disclosure of plaintext in OpenPGP encrypted message. (CVE-2024-11159) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-11159 Description Potential disclosure of plaintext in OpenPGP encrypted message. (CVE-2024-11159) References
- https://bugs.mageia.org/show_bug.cgi?id=33763
- https://www.thunderbird.net/en-US/thunderbird/128.4.2esr/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/128.4.3esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-61/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11159
- thunderbird-128.4.3-1.mga9
- thunderbird-l10n-128.4.3-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0231 - Updated nvidia-current packages fix bug
Publication date: 16 Nov 2024
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bug which could cause applications using GBM to crash when running with nvidia-drm.modeset=0 References SRPMS 9/nonfree
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bug which could cause applications using GBM to crash when running with nvidia-drm.modeset=0 References SRPMS 9/nonfree
- nvidia-current-550.127.05-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGASA-2024-0364 - Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk & java-latest-openjdk packages fix security vulnerabilities
Publication date: 13 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-48161 , CVE-2024-21208 , CVE-2024-21210 , CVE-2024-21217 , CVE-2024-21235 Description giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function. (CVE-2023-48161) Array indexing integer overflow. (CVE-2024-21210) HTTP client improper handling of maxHeaderSize. (CVE-2024-21208) Unbounded allocation leads to out-of-memory error. (CVE-2024-21217) Integer conversion error leads to incorrect range check. (CVE-2024-21235) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-48161 , CVE-2024-21208 , CVE-2024-21210 , CVE-2024-21217 , CVE-2024-21235 Description giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function. (CVE-2023-48161) Array indexing integer overflow. (CVE-2024-21210) HTTP client improper handling of maxHeaderSize. (CVE-2024-21208) Unbounded allocation leads to out-of-memory error. (CVE-2024-21217) Integer conversion error leads to incorrect range check. (CVE-2024-21235) References
- https://bugs.mageia.org/show_bug.cgi?id=33648
- https://access.redhat.com/errata/RHSA-2024:8117
- https://access.redhat.com/errata/RHSA-2024:8121
- https://access.redhat.com/errata/RHSA-2024:8124
- https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixJAVA
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48161
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21208
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21210
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21217
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21235
- java-17-openjdk-17.0.13.0.11-1.mga9
- java-11-openjdk-11.0.25.0.9-1.mga9
- java-1.8.0-openjdk-1.8.0.432.b06-1.mga9
- java-latest-openjdk-23.0.1.0.11-2.rolling.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0363 - Updated libarchive packages fix security vulnerability
Publication date: 13 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-20696 Description A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed. (CVE-2024-20696) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-20696 Description A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed. (CVE-2024-20696) References
- https://bugs.mageia.org/show_bug.cgi?id=33757
- https://lists.debian.org/debian-security-announce/2024/msg00220.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20696
- libarchive-3.6.2-5.3.mga9
Categorías: Actualizaciones de Seguridad
- « primera
- ‹ anterior
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- siguiente ›
- última »
