Mageia Security
MGASA-2025-0059 - Updated php-tcpdf packages fix security vulnerabilities
Publication date: 12 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-56519 , CVE-2024-56521 , CVE-2024-56522 , CVE-2024-56527 Description An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. (CVE-2024-56519) An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. (CVE-2024-56521) An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes. (CVE-2024-56522) An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. (CVE-2024-56527) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-56519 , CVE-2024-56521 , CVE-2024-56522 , CVE-2024-56527 Description An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. (CVE-2024-56519) An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. (CVE-2024-56521) An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes. (CVE-2024-56522) An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. (CVE-2024-56527) References
- https://bugs.mageia.org/show_bug.cgi?id=33898
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZX3ABLKKEVGN4M4BBUJFPBNWW5SHP7J3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56519
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56521
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56522
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56527
- php-tcpdf-6.5.0-1.3.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0058 - Updated subversion packages fix security vulnerability
Publication date: 12 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-46901 Description Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. (CVE-2024-46901) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-46901 Description Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. (CVE-2024-46901) References
- https://bugs.mageia.org/show_bug.cgi?id=33838
- https://www.openwall.com/lists/oss-security/2024/12/09/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46901
- subversion-1.14.2-2.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0057 - Updated ffmpeg packages fix security vulnerability
Publication date: 12 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-49528 Description A buffer overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via af_dialoguenhance.c:261:5 in the de_stereo component. (CVE-2023-49528) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-49528 Description A buffer overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via af_dialoguenhance.c:261:5 in the de_stereo component. (CVE-2023-49528) References
- https://bugs.mageia.org/show_bug.cgi?id=33430
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3BMDGSJN6WOKM5DG6WR4ITFVPI77UHH/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49528
- ffmpeg-5.1.6-1.1.mga9
- ffmpeg-5.1.6-1.1.mga9.tainted
Categorías: Actualizaciones de Seguridad
MGASA-2025-0056 - Updated python-setuptools packages fix security vulnerability
Publication date: 12 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-6345 Description Remote Code Execution in pypa/setuptools. (CVE-2024-6345) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-6345 Description Remote Code Execution in pypa/setuptools. (CVE-2024-6345) References
- https://bugs.mageia.org/show_bug.cgi?id=33536
- https://lists.suse.com/pipermail/sle-updates/2024-August/036709.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6345
- python-setuptools-65.5.0-3.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0055 - Updated python-pip packages fix security vulnerability
Publication date: 12 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-5752 Description Mercurial configuration injectable in repo revision when installing via pip. (CVE-2023-5752) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-5752 Description Mercurial configuration injectable in repo revision when installing via pip. (CVE-2023-5752) References
- https://bugs.mageia.org/show_bug.cgi?id=33542
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/LNQOIWP4YVW27J2PSFKW5GCWPMU7ZATV/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5752
- python-pip-23.0.1-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0054 - Updated python-twisted packages fix security vulnerabilities
Publication date: 12 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-46137 , CVE-2024-41671 , CVE-2024-41810 Description Twisted.web has disordered HTTP pipeline response. (CVE-2023-46137) Twisted.web has disordered HTTP pipeline response. (CVE-2024-41671) HTML injection in HTTP redirect body. (CVE-2024-41810) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-46137 , CVE-2024-41671 , CVE-2024-41810 Description Twisted.web has disordered HTTP pipeline response. (CVE-2023-46137) Twisted.web has disordered HTTP pipeline response. (CVE-2024-41671) HTML injection in HTTP redirect body. (CVE-2024-41810) References
- https://bugs.mageia.org/show_bug.cgi?id=33807
- https://ubuntu.com/security/notices/USN-6575-1
- https://ubuntu.com/security/notices/USN-6988-1
- https://ubuntu.com/security/notices/USN-6988-2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46137
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41671
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41810
- python-twisted-22.10.0-2.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0053 - Updated python-waitress packages fix security vulnerabilities
Publication date: 12 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-49768 , CVE-2024-49769 Description Waitress has a request processing race condition in HTTP pipelining with an invalid first request. (CVE-2024-49768) Waitress has a denial of service leading to high CPU usage/resource exhaustion. (CVE-2024-49769) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-49768 , CVE-2024-49769 Description Waitress has a request processing race condition in HTTP pipelining with an invalid first request. (CVE-2024-49768) Waitress has a denial of service leading to high CPU usage/resource exhaustion. (CVE-2024-49769) References
- https://bugs.mageia.org/show_bug.cgi?id=33819
- https://lists.suse.com/pipermail/sle-security-updates/2024-November/019754.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49768
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49769
- python-waitress-2.1.2-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0052 - Updated python-ansible-core packages fix security vulnerabilities
Publication date: 12 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-8775 , CVE-2024-9902 , CVE-2024-11079 Description Exposure of sensitive information in Ansible vault files due to improper logging. (CVE-2024-8775) Ansible-core user may read/write unauthorized content. (CVE-2024-9902) Unsafe tagging bypass via hostvars object in ansible-core. (CVE-2024-11079) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-8775 , CVE-2024-9902 , CVE-2024-11079 Description Exposure of sensitive information in Ansible vault files due to improper logging. (CVE-2024-8775) Ansible-core user may read/write unauthorized content. (CVE-2024-9902) Unsafe tagging bypass via hostvars object in ansible-core. (CVE-2024-11079) References
- https://bugs.mageia.org/show_bug.cgi?id=33828
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2Y6RFLPB54N7XR7AP7A2DEXGLBEDEQJU/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8775
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9902
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11079
- python-ansible-core-2.14.18-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0051 - Updated nginx packages fix security vulnerability
Publication date: 12 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23419 Description TLS Session Resumption Vulnerability. (CVE-2025-23419) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23419 Description TLS Session Resumption Vulnerability. (CVE-2025-23419) References
- https://bugs.mageia.org/show_bug.cgi?id=33994
- https://www.openwall.com/lists/oss-security/2025/02/05/8
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419
- nginx-1.26.3-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0050 - Updated python-jinja2 packages fix security vulnerability
Publication date: 12 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-56326 Description Jinja has a sandbox breakout through an indirect reference to a format method. (CVE-2024-56326) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-56326 Description Jinja has a sandbox breakout through an indirect reference to a format method. (CVE-2024-56326) References
- https://bugs.mageia.org/show_bug.cgi?id=33996
- https://lwn.net/Articles/1008460/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56326
- python-jinja2-3.1.5-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0049 - Updated calibre packages fix security vulnerabilities
Publication date: 12 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-46303 , CVE-2024-6781 , CVE-2024-6782 , CVE-2024-7008 , CVE-2024-7009 Description link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. (CVE-2023-46303) Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. (CVE-2024-6781) Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. (CVE-2024-6782) Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. (CVE-2024-7008) Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. (CVE-2024-7009) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-46303 , CVE-2024-6781 , CVE-2024-6782 , CVE-2024-7008 , CVE-2024-7009 Description link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. (CVE-2023-46303) Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. (CVE-2024-6781) Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. (CVE-2024-6782) Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. (CVE-2024-7008) Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. (CVE-2024-7009) References
- https://bugs.mageia.org/show_bug.cgi?id=33535
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTG4W7NKCI3YSS24S3XTWQKFDUAR6BN3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46303
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6781
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6782
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7008
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7009
- calibre-6.17.0-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0013 - Updated xapps, xviewer packages fix bug
Publication date: 12 Feb 2025
Type: bugfix
Affected Mageia releases : 9
Description A missing requires produces a xviewer crash. This update fixes the issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description A missing requires produces a xviewer crash. This update fixes the issue. References SRPMS 9/core
- xapps-2.6.1-1.1.mga9
- xviewer-3.2.11-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0048 - Updated thunderbird packages fix security vulnerabilities
Publication date: 09 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-11704 , CVE-2025-1009 , CVE-2025-1010 , CVE-2025-1011 , CVE-2025-1012 , CVE-2025-1013 , CVE-2025-1014 , CVE-2025-1015 , CVE-2025-0510 , CVE-2025-1016 , CVE-2025-1017 Description Use-after-free in XSLT. (CVE-2025-1009) Use-after-free in Custom Highlight. (CVE-2025-1010) A bug in WebAssembly code generation could result in a crash. (CVE-2025-1011) Use-after-free during concurrent delazification. (CVE-2025-1012) Potential double-free vulnerability in PKCS#7 decryption handling. (CVE-2024-11704) Potential opening of private browsing tabs in normal browsing windows. (CVE-2025-1013) Certificate length was not properly checked. (CVE-2025-1014) Unsanitized address book fields. (CVE-2025-1015) Address of e-mail sender can be spoofed by malicious email. (CVE-2025-0510) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7. (CVE-2025-1016) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. (CVE-2025-1017) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-11704 , CVE-2025-1009 , CVE-2025-1010 , CVE-2025-1011 , CVE-2025-1012 , CVE-2025-1013 , CVE-2025-1014 , CVE-2025-1015 , CVE-2025-0510 , CVE-2025-1016 , CVE-2025-1017 Description Use-after-free in XSLT. (CVE-2025-1009) Use-after-free in Custom Highlight. (CVE-2025-1010) A bug in WebAssembly code generation could result in a crash. (CVE-2025-1011) Use-after-free during concurrent delazification. (CVE-2025-1012) Potential double-free vulnerability in PKCS#7 decryption handling. (CVE-2024-11704) Potential opening of private browsing tabs in normal browsing windows. (CVE-2025-1013) Certificate length was not properly checked. (CVE-2025-1014) Unsanitized address book fields. (CVE-2025-1015) Address of e-mail sender can be spoofed by malicious email. (CVE-2025-0510) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7. (CVE-2025-1016) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. (CVE-2025-1017) References
- https://bugs.mageia.org/show_bug.cgi?id=33984
- https://www.thunderbird.net/en-US/thunderbird/128.7.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11704
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1009
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1010
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1011
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1012
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1014
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1015
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0510
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1016
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1017
- thunderbird-128.7.0-1.mga9
- thunderbird-l10n-128.7.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0047 - Updated mariadb packages fix security vulnerability
Publication date: 09 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-21490 Description Bug fix release which fixes some memory leaks and crashes. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-21490 Description Bug fix release which fixes some memory leaks and crashes. References
- https://bugs.mageia.org/show_bug.cgi?id=33989
- https://mariadb.com/kb/en/mariadb-10-11-11-release-notes/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21490
- mariadb-10.11.11-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0046 - Updated qtbase5 & qtbase6 packages fix security vulnerabilities
Publication date: 09 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-51714 , CVE-2024-25580 , CVE-2024-39936 Description network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. (CVE-2023-51714) A buffer overflow and application crash can occur via a crafted KTX image file. (CVE-2024-25580) Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed. (CVE-2024-39936) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-51714 , CVE-2024-25580 , CVE-2024-39936 Description network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. (CVE-2023-51714) A buffer overflow and application crash can occur via a crafted KTX image file. (CVE-2024-25580) Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed. (CVE-2024-39936) References
- https://bugs.mageia.org/show_bug.cgi?id=33159
- https://lwn.net/Articles/971686/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVCBTKX6LVBTP6UEJQZ2PENI2KATSRJK/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25580
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39936
- qtbase5-5.15.7-6.1.mga9
- qtbase6-6.4.1-5.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0045 - Updated rootcerts, nss & firefox packages fix security vulnerabilities
Publication date: 09 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1009 , CVE-2025-1010 , CVE-2025-1011 , CVE-2025-1012 , CVE-2024-11704 , CVE-2025-1013 , CVE-2025-1014 , CVE-2025-1016 , CVE-2025-1017 Description Use-after-free in XSLT. (CVE-2025-1009) Use-after-free in Custom Highlight. (CVE-2025-1010) A bug in WebAssembly code generation could result in a crash. (CVE-2025-1011) Use-after-free during concurrent delazification. (CVE-2025-1012) Potential double-free vulnerability in PKCS#7 decryption handling. (CVE-2024-11704) Potential opening of private browsing tabs in normal browsing windows. (CVE-2025-1013) Certificate length was not properly checked. (CVE-2025-1014) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7. (CVE-2025-1016) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. (CVE-2025-1017) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1009 , CVE-2025-1010 , CVE-2025-1011 , CVE-2025-1012 , CVE-2024-11704 , CVE-2025-1013 , CVE-2025-1014 , CVE-2025-1016 , CVE-2025-1017 Description Use-after-free in XSLT. (CVE-2025-1009) Use-after-free in Custom Highlight. (CVE-2025-1010) A bug in WebAssembly code generation could result in a crash. (CVE-2025-1011) Use-after-free during concurrent delazification. (CVE-2025-1012) Potential double-free vulnerability in PKCS#7 decryption handling. (CVE-2024-11704) Potential opening of private browsing tabs in normal browsing windows. (CVE-2025-1013) Certificate length was not properly checked. (CVE-2025-1014) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7. (CVE-2025-1016) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. (CVE-2025-1017) References
- https://bugs.mageia.org/show_bug.cgi?id=33983
- https://www.mozilla.org/en-US/firefox/128.7.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_108.html#mozilla-projects-nss-nss-3-108-release-notes
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1009
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1010
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1011
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1012
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11704
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1014
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1016
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1017
- rootcerts-20250130.00-1.mga9
- nss-3.108.0-1.mga9
- firefox-128.7.0-1.mga9
- firefox-l10n-128.7.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0044 - Updated xrdp packages fix security vulnerability
Publication date: 08 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-39917 Description xrdp allows an infinite number of login attempts. (CVE-2024-39917) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-39917 Description xrdp allows an infinite number of login attempts. (CVE-2024-39917) References
- https://bugs.mageia.org/show_bug.cgi?id=33985
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/FMYGECEBC7XEBNQ2ZHXYRQBLCMHHXKP5/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39917
- xrdp-0.9.23.1-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0043 - Updated libtasn1 packages fix security vulnerability
Publication date: 08 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-12133 Description When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-12133 Description When an input DER data contains a large number of SEQUENCE OF or SET OF elements, decoding the data and searching a specific element in it take quadratic time to complete. This could be utilized for a remote DoS attack by presenting a crafted certificate to the network peer. References
- https://bugs.mageia.org/show_bug.cgi?id=33993
- https://www.openwall.com/lists/oss-security/2025/02/06/6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12133
- libtasn1-4.20.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0042 - Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerability
Publication date: 07 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-21502 Description A difficult to exploit vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the Internet) and rely on the Java sandbox for security. (CVE-2025-21502) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-21502 Description A difficult to exploit vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the Internet) and rely on the Java sandbox for security. (CVE-2025-21502) References
- https://bugs.mageia.org/show_bug.cgi?id=33954
- https://access.redhat.com/errata/RHBA-2025:0418
- https://access.redhat.com/errata/RHSA-2025:0429
- https://access.redhat.com/errata/RHSA-2025:0422
- https://www.oracle.com/security-alerts/cpujan2025.html#AppendixJAVA
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21502
- java-17-openjdk-17.0.14.0.7-1.mga9
- java-11-openjdk-11.0.26.0.4-1.mga9
- java-1.8.0-openjdk-1.8.0.442.b06-1.mga9
- java-latest-openjdk-23.0.2.0.7-1.rolling.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0041 - Updated nodejs packages fix security vulnerabilities
Publication date: 07 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23083 , CVE-2025-23085 Description Worker permission bypass via InternalWorker leak in diagnostics. (CVE-2025-23083) GOAWAY HTTP/2 frames cause memory leak outside heap. (CVE-2025-23085) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23083 , CVE-2025-23085 Description Worker permission bypass via InternalWorker leak in diagnostics. (CVE-2025-23083) GOAWAY HTTP/2 frames cause memory leak outside heap. (CVE-2025-23085) References
- https://bugs.mageia.org/show_bug.cgi?id=33947
- https://nodejs.org/en/blog/vulnerability/january-2025-security-releases
- https://www.openwall.com/lists/oss-security/2025/01/21/5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23083
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23085
- nodejs-22.13.1-2.mga9
Categorías: Actualizaciones de Seguridad
