Principal » Lector de Feeds » Fuentes

Mageia Security

Feed
Mageia Advisories
URL: https://advisories.mageia.org
Updated: hace 9 horas 44 minutos

MGASA-2025-0231 - Updated udisks2 packages fix a security vulnerability

8 Septiembre, 2025 - 20:35
Publication date: 08 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8067 Description Out-of-bounds read in udisks daemon. (CVE-2025-8067) References SRPMS 9/core
  • udisks2-2.10.1-1.2.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0230 - Updated postgresql15 & postgresql13 packages fix security vulnerabilities

8 Septiembre, 2025 - 20:35
Publication date: 08 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8713 , CVE-2025-8714 , CVE-2025-8715 Description PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table. (CVE-2025-8713) PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client. (CVE-2025-8714) PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server. (CVE-2025-8715) References SRPMS 9/core
  • postgresql15-15.14-1.mga9
  • postgresql13-13.22-1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0229 - Updated python-django packages fix security vulnerability

8 Septiembre, 2025 - 20:35
Publication date: 08 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-57833 Description Potential SQL injection in FilteredRelation column aliases. (CVE-2025-57833) References SRPMS 9/core
  • python-django-4.1.13-1.6.mga9
Categorías: Actualizaciones de Seguridad

MGAA-2025-0081 - Updated haproxy packages fix some bugs

8 Septiembre, 2025 - 20:35
Publication date: 08 Sep 2025
Type: bugfix
Affected Mageia releases : 9
Description Haproxy has a few medium and a few minor bugs fixed in the last upstream version 2.8.15 of branch 2.8. Fixed medium bug list: - backend: do not overwrite srv dst address on reuse (2) - backend: fix reuse with set-dst/set-dst-port - clock: make sure now_ms cannot be TICK_ETERNITY - debug: close a possible race between thread dump and panic() - fd: mark FD transferred to another process as FD_CLONED - filters: Handle filters registered on data with no payload callback - h3: trim whitespaces in header value prior to QPACK encoding - h3: trim whitespaces when parsing headers value - hlua/cli: fix cli applet UAF in hlua_applet_wakeup() - hlua: fix hlua_applet_{http,tcp}_fct() yield regression (lost data) - http-ana: Report 502 from req analyzer only during rsp forwarding - htx: wrong count computation in htx_xfer_blks() - mux-quic: do not attach on already closed stream - mux-quic: fix crash on RS/SS emission if already close local - peers: prevent learning expiration too far in futur from unsync node - sample: fix risk of overflow when replacing multiple regex back-refs - spoe: Don't wakeup idle applets in loop during stopping - ssl: chosing correct certificate using RSA-PSS with TLSv1.3 - startup: return to initial cwd only after check_config_validity() - thread: use pthread_self() not ha_pthread[tid] in set_affinity References SRPMS 9/core
  • haproxy-2.8.15-1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0228 - Updated thunderbird packages fix vulnerabilities

5 Septiembre, 2025 - 19:30
Publication date: 05 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6424 , CVE-2025-6425 , CVE-2025-6429 , CVE-2025-6430 , CVE-2025-8027 , CVE-2025-8028 , CVE-2025-8029 , CVE-2025-8030 , CVE-2025-8031 , CVE-2025-8032 , CVE-2025-8033 , CVE-2025-8034 , CVE-2025-8035 , CVE-2025-9179 , CVE-2025-9180 , CVE-2025-9181 , CVE-2025--9185 Description Use-after-free in FontFaceSet. (CVE-2025-6424) The WebCompat WebExtension shipped exposed a persistent UUID. (CVE-2025-6425) Incorrect parsing of URLs could have allowed embedding of youtube.com. (CVE-2025-6429) Content-Disposition header ignored when a file is included in an embed or object tag. (CVE-2025-6430) JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8035) Sandbox escape due to invalid pointer in the Audio/Video: GMP component. (CVE-2025-9179) Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180) Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. (CVE-2025-9185). For the armv7hl architecture this package fixes additional vulnerabilities; see the links below: https://advisories.mageia.org/MGASA-2025-0197.html https://advisories.mageia.org/MGASA-2025-0168.html https://advisories.mageia.org/MGASA-2025-0151.html https://advisories.mageia.org/MGASA-2025-0126.html https://advisories.mageia.org/MGASA-2025-0093.html https://advisories.mageia.org/MGASA-2025-0048.html https://advisories.mageia.org/MGASA-2025-0010.html https://advisories.mageia.org/MGASA-2024-0395.html https://advisories.mageia.org/MGASA-2024-0384.html https://advisories.mageia.org/MGASA-2024-0365.html https://advisories.mageia.org/MGASA-2024-0350.html https://advisories.mageia.org/MGASA-2024-0336.html https://advisories.mageia.org/MGASA-2024-0332.html References SRPMS 9/core
  • thunderbird-128.14.0-1.mga9
  • thunderbird-l10n-128.14.0-1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0227 - Updated rootcerts, nspr, nss & firefox packages fix vulnerabilities

5 Septiembre, 2025 - 19:30
Publication date: 05 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8027 , CVE-2025-8028 , CVE-2025-8029 , CVE-2025-8030 , CVE-2025-8031 , CVE-2025-8032 , CVE-2025-8033 , CVE-2025-8034 , CVE-2025-8035 , CVE-2025-9179 , CVE-2025-9180 , CVE-2025-9181 , CVE-2025-9185 Description JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8035) Sandbox escape due to invalid pointer in the Audio/Video: GMP component. (CVE-2025-9179) Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180) Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. (CVE-2025-9185) References SRPMS 9/core
  • firefox-128.14.0-1.4.mga9
  • firefox-l10n-128.14.0-1.mga9
  • nss-3.115.1-1.mga9
  • nspr-4.37-1.mga9
  • rootcerts-20250808.00-1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0226 - Updated vim packages fix vulnerabilities

2 Septiembre, 2025 - 16:16
Publication date: 02 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53905 , CVE-2025-53906 Description Path traversal issue with tar.vim and special crafted tar archives in Vim < 9.1.1552. (CVE-2025-53905) Path traversal issue with zip.vim and special crafted zip archives in Vim < v9.1.1551. (CVE-2025-53906) References SRPMS 9/core
  • vim-9.1.1552-1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0225 - Updated gnutls packages fix vulnerabilities

2 Septiembre, 2025 - 16:16
Publication date: 02 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6395 , CVE-2025-32988 , CVE-2025-32989 , CVE-2025-32990 Description null pointer dereference in _gnutls_figure_common_ciphersuite(). (CVE-2025-6395) Vulnerability in gnutls othername san export. (CVE-2025-32988) Vulnerability in gnutls sct extension parsing. (CVE-2025-32989) Vulnerability in gnutls certtool template parsing. (CVE-2025-32990) References SRPMS 9/core
  • gnutls-3.8.4-1.2.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0224 - Updated aide packages fix vulnerabilities

2 Septiembre, 2025 - 16:16
Publication date: 02 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-54389 , CVE-2025-54409 Description Improper output neutralization (potential AIDE detection bypass). (CVE-2025-54389) Null pointer dereference after reading incorrectly encoded xattr attributes from database (local DoS). (CVE-2025-54409) References SRPMS 9/core
  • aide-0.18.6-1.1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0223 - Updated tomcat packages fix vulnerabilities

2 Septiembre, 2025 - 16:16
Publication date: 02 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-52434 , CVE-2025-52520 , CVE-2025-53506 , CVE-2025-48989 Description APR/Native Connector crash leading to DoS. (CVE-2025-52434) DoS via integer overflow in multipart file upload. (CVE-2025-52520) DoS via excessive h2 streams at connection start. (CVE-2025-53506) H2 DoS - Made You Reset. (CVE-2025-48989) References SRPMS 9/core
  • tomcat-9.0.108-1.mga9
Categorías: Actualizaciones de Seguridad

MGAA-2025-0080 - Updated slurm packages fix bug

2 Septiembre, 2025 - 16:16
Publication date: 02 Sep 2025
Type: bugfix
Affected Mageia releases : 9
Description This update fixes a packaging issue allowing for conflicting libraries to be installed. References SRPMS 9/core
  • slurm-23.11.11-1.2.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0222 - Updated ceph packages fix vulnerability

1 Septiembre, 2025 - 19:20
Publication date: 01 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-52555 Description Security regression (CVE-2025-52555) that would have allowed an user to read, write and execute to any directory owned by root as long as they chmod 777 it. References SRPMS 9/core
  • ceph-18.2.7-2.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0221 - Updated golang packages fix vulnerabilities

1 Septiembre, 2025 - 19:20
Publication date: 01 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47906 , CVE-2025-47907 Description LookPath may return unexpected paths, CVE-2025-47906. incorrect results returned from Rows.Scan, CVE-2025-47907. These packages fix the issues for the compiler only; applications using the functions still need to be rebuilt. References SRPMS 9/core
  • golang-1.24.6-1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0220 - Updated glibc packages fix vulnerability

1 Septiembre, 2025 - 19:20
Publication date: 01 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8058 Description Double-free after allocation failure in regcomp. (CVE-2025-8058) References SRPMS 9/core
  • glibc-2.36-57.mga9
Categorías: Actualizaciones de Seguridad

MGAA-2025-0079 - Updated rocksdb packages fix bug

1 Septiembre, 2025 - 19:20
Publication date: 01 Sep 2025
Type: bugfix
Affected Mageia releases : 9
Description Thia update adds support to LZ4 and other compression formats. References SRPMS 9/core
  • rocksdb-7.7.8-1.2.mga9
Categorías: Actualizaciones de Seguridad

MGAA-2025-0078 - Updated nvidia-current packages fix bug

29 Agosto, 2025 - 07:01
Publication date: 29 Aug 2025
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bug that could cause Vulkan applications to hang when destroying swapchains after a lost device event. Fixed a bug that could allow atomic commit and other DRM operations to return success status despite having failed due to handling an interrupt. Fixed a bug that could cause GTK 4 applications to crash when using the Vulkan backend on Wayland. Fixed a bug that could intermittently cause llama.cpp to crash on exit when using the Vulkan backend. Other bugs are also fixed; see the references. References SRPMS 9/nonfree
  • nvidia-current-580.76.05-2.mga9.nonfree
Categorías: Actualizaciones de Seguridad

MGAA-2025-0077 - Updated nvidia-current packages fix bug

18 Agosto, 2025 - 19:22
Publication date: 18 Aug 2025
Type: bugfix
Affected Mageia releases : 9
Description This update brings the latest bugs fixed by Nvidia. Note additional information provided by them. References SRPMS 9/nonfree
  • nvidia-current-570.181-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad

MGAA-2025-0076 - Updated opencpn-radar-plugin packages fix bug

15 Agosto, 2025 - 03:13
Publication date: 15 Aug 2025
Type: bugfix
Affected Mageia releases : 9
Description Our current version of opencpn-radar-plugin (5.5.0) doesn't work with opencpn itself updated to version-5.10.2. This new version of opencpn-radar-plugin (5.5.4) corrects this problem. References SRPMS 9/core
  • opencpn-radar-plugin-5.5.4-3.mga9
Categorías: Actualizaciones de Seguridad

MGAA-2025-0075 - Updated Pdfarranger packages fix bugs

15 Agosto, 2025 - 03:13
Publication date: 15 Aug 2025
Type: bugfix
Affected Mageia releases : 9
Description This update brings new features and bugs fixed by upstream, see the references for more information. References SRPMS 9/core
  • pdfarranger-1.12.1-1.mga9
Categorías: Actualizaciones de Seguridad

MGASA-2025-0219 - Updated kernel, kmod-virtualbox, kmod-xtables-addons & wireless-regdb packages fix security vulnerabilities

11 Agosto, 2025 - 23:03
Publication date: 11 Aug 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-38083 , CVE-2025-38084 , CVE-2025-38085 , CVE-2025-38086 , CVE-2025-38087 , CVE-2025-38088 , CVE-2025-38089 , CVE-2025-38090 , CVE-2025-38100 , CVE-2025-38102 , CVE-2025-38103 , CVE-2025-38107 , CVE-2025-38108 , CVE-2025-38109 , CVE-2025-38110 , CVE-2025-38111 , CVE-2025-38112 , CVE-2025-38113 , CVE-2025-38115 , CVE-2025-38117 , CVE-2025-38118 , CVE-2025-38119 , CVE-2025-38120 , CVE-2025-38122 , CVE-2025-38123 , CVE-2025-38124 , CVE-2025-38126 , CVE-2025-38127 , CVE-2025-38131 , CVE-2025-38135 , CVE-2025-38136 , CVE-2025-38138 , CVE-2025-38142 , CVE-2025-38143 , CVE-2025-38145 , CVE-2025-38146 , CVE-2025-38147 , CVE-2025-38148 , CVE-2025-38149 , CVE-2025-38151 , CVE-2025-38153 , CVE-2025-38154 , CVE-2025-38155 , CVE-2025-38157 , CVE-2025-38158 , CVE-2025-38159 , CVE-2025-38160 , CVE-2025-38161 , CVE-2025-38163 , CVE-2025-38165 , CVE-2025-38166 , CVE-2025-38167 , CVE-2025-38170 , CVE-2025-38173 , CVE-2025-38174 , CVE-2025-38180 , CVE-2025-38181 , CVE-2025-38182 , CVE-2025-38183 , CVE-2025-38184 , CVE-2025-38185 , CVE-2025-38190 , CVE-2025-38191 , CVE-2025-38192 , CVE-2025-38193 , CVE-2025-38194 , CVE-2025-38195 , CVE-2025-38197 , CVE-2025-38198 , CVE-2025-38200 , CVE-2025-38202 , CVE-2025-38208 , CVE-2025-38211 , CVE-2025-38212 , CVE-2025-38213 , CVE-2025-38214 , CVE-2025-38215 , CVE-2025-38217 , CVE-2025-38218 , CVE-2025-38219 , CVE-2025-38220 , CVE-2025-38222 , CVE-2025-38225 , CVE-2025-38226 , CVE-2025-38227 , CVE-2025-38229 , CVE-2025-38231 , CVE-2025-38236 , CVE-2025-38239 , CVE-2025-38244 , CVE-2025-38245 , CVE-2025-38249 , CVE-2025-38251 , CVE-2025-38255 , CVE-2025-38257 , CVE-2025-38258 , CVE-2025-38259 , CVE-2025-38260 , CVE-2025-38262 , CVE-2025-38263 , CVE-2025-38265 , CVE-2025-38273 , CVE-2025-38274 , CVE-2025-38275 , CVE-2025-38277 , CVE-2025-38278 , CVE-2025-38280 , CVE-2025-38282 , CVE-2025-38283 , CVE-2025-38285 , CVE-2025-38286 , CVE-2025-38290 , CVE-2025-38293 , CVE-2025-38295 , CVE-2025-38298 , CVE-2025-38300 , CVE-2025-38304 , CVE-2025-38305 , CVE-2025-38307 , CVE-2025-38310 , CVE-2025-38312 , CVE-2025-38313 , CVE-2025-38319 , CVE-2025-38320 , CVE-2025-38321 , CVE-2025-38323 , CVE-2025-38324 , CVE-2025-38326 , CVE-2025-38328 , CVE-2025-38331 , CVE-2025-38332 , CVE-2025-38334 , CVE-2025-38336 , CVE-2025-38337 , CVE-2025-38338 , CVE-2025-38342 , CVE-2025-38343 , CVE-2025-38344 , CVE-2025-38345 , CVE-2025-38346 , CVE-2025-38347 , CVE-2025-38348 , CVE-2025-38349 , CVE-2025-38350 , CVE-2025-38352 , CVE-2025-38354 , CVE-2025-38362 , CVE-2025-38363 , CVE-2025-38364 , CVE-2025-38365 , CVE-2025-38368 , CVE-2025-38369 , CVE-2025-38371 , CVE-2025-38375 , CVE-2025-38376 , CVE-2025-38377 , CVE-2025-38379 , CVE-2025-38380 , CVE-2025-38382 , CVE-2025-38384 , CVE-2025-38385 , CVE-2025-38386 , CVE-2025-38387 , CVE-2025-38389 , CVE-2025-38391 , CVE-2025-38393 , CVE-2025-38395 , CVE-2025-38396 , CVE-2025-38399 , CVE-2025-38400 , CVE-2025-38401 , CVE-2025-38403 , CVE-2025-38404 , CVE-2025-38406 , CVE-2025-38409 , CVE-2025-38410 , CVE-2025-38412 , CVE-2025-38415 , CVE-2025-38416 , CVE-2025-38418 , CVE-2025-38419 , CVE-2025-38420 , CVE-2025-38422 , CVE-2025-38424 , CVE-2025-38425 , CVE-2025-38427 , CVE-2025-38428 , CVE-2025-38429 , CVE-2025-38430 , CVE-2025-38436 , CVE-2025-38437 , CVE-2025-38439 , CVE-2025-38441 , CVE-2025-38443 , CVE-2025-38444 , CVE-2025-38445 , CVE-2025-38448 , CVE-2025-38449 , CVE-2025-38451 , CVE-2025-38455 , CVE-2025-38456 , CVE-2025-38457 , CVE-2025-38458 , CVE-2025-38459 , CVE-2025-38460 , CVE-2025-38461 , CVE-2025-38462 , CVE-2025-38463 , CVE-2025-38464 , CVE-2025-38465 , CVE-2025-38466 , CVE-2025-38467 , CVE-2025-38468 , CVE-2025-38469 , CVE-2025-38470 , CVE-2025-38471 , CVE-2025-38472 , CVE-2025-38473 , CVE-2025-38474 , CVE-2025-38476 , CVE-2025-38477 , CVE-2025-38478 , CVE-2025-38480 , CVE-2025-38481 , CVE-2025-38482 , CVE-2025-38483 , CVE-2025-38485 , CVE-2025-38487 , CVE-2025-38488 , CVE-2025-38489 , CVE-2025-38490 , CVE-2025-38493 , CVE-2025-38494 , CVE-2025-38495 , CVE-2025-38496 , CVE-2025-38497 , CVE-2025-38498 Description Upstream kernel version 6.6.101 fixes bugs and vulnerabilities. The kmod-virtualbox, kmod-xtables-addons & wireless-regdb packages have been updated to work with this new kernel. For information about the vulnerabilities see the links. References SRPMS 9/core
  • kernel-6.6.101-1.mga9
  • kmod-virtualbox-7.1.10-7.mga9
  • kmod-xtables-addons-3.24-83.mga9
  • wireless-regdb-20250710-1.mga9
Categorías: Actualizaciones de Seguridad