Mageia Security
MGASA-2025-0235 - Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities
Publication date: 10 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-38501 , CVE-2025-38553 , CVE-2025-38555 , CVE-2025-38560 , CVE-2025-38561 , CVE-2025-38562 , CVE-2025-38563 , CVE-2025-38565 , CVE-2025-38566 , CVE-2025-38568 , CVE-2025-38569 , CVE-2025-38571 , CVE-2025-38572 , CVE-2025-38574 , CVE-2025-38576 , CVE-2025-38577 , CVE-2025-38578 , CVE-2025-38579 , CVE-2025-38581 , CVE-2025-38583 , CVE-2025-38587 , CVE-2025-38588 , CVE-2025-38590 , CVE-2025-38601 , CVE-2025-38602 , CVE-2025-38604 , CVE-2025-38608 , CVE-2025-38609 , CVE-2025-38610 , CVE-2025-38611 , CVE-2025-38612 , CVE-2025-38615 , CVE-2025-38617 , CVE-2025-38618 , CVE-2025-38622 , CVE-2025-38623 , CVE-2025-38624 , CVE-2025-38625 , CVE-2025-38626 , CVE-2025-38630 , CVE-2025-38632 , CVE-2025-38634 , CVE-2025-38635 , CVE-2025-38639 , CVE-2025-38640 , CVE-2025-38644 , CVE-2025-38645 , CVE-2025-38646 , CVE-2025-38648 , CVE-2025-38650 , CVE-2025-38652 , CVE-2025-38653 , CVE-2025-38656 , CVE-2025-38659 , CVE-2025-38677 , CVE-2025-38679 , CVE-2025-38680 , CVE-2025-38681 , CVE-2025-38683 , CVE-2025-38684 , CVE-2025-38685 , CVE-2025-38687 , CVE-2025-38688 , CVE-2025-38691 , CVE-2025-38692 , CVE-2025-38693 , CVE-2025-38694 , CVE-2025-38695 , CVE-2025-38696 , CVE-2025-38697 , CVE-2025-38698 , CVE-2025-38699 , CVE-2025-38700 , CVE-2025-38701 , CVE-2025-38702 , CVE-2025-38706 , CVE-2025-38707 , CVE-2025-38708 , CVE-2025-38709 , CVE-2025-38711 , CVE-2025-38712 , CVE-2025-38713 , CVE-2025-38714 , CVE-2025-38715 , CVE-2025-38716 , CVE-2025-38718 , CVE-2025-38721 , CVE-2025-38723 , CVE-2025-38724 , CVE-2025-38725 , CVE-2025-38727 , CVE-2025-38728 , CVE-2025-38729 , CVE-2025-38730 , CVE-2025-38732 , CVE-2025-38734 , CVE-2025-38735 , CVE-2025-39673 , CVE-2025-39675 , CVE-2025-39676 , CVE-2025-39679 , CVE-2025-39681 , CVE-2025-39682 , CVE-2025-39683 , CVE-2025-39684 , CVE-2025-39685 , CVE-2025-39686 , CVE-2025-39687 , CVE-2025-39689 , CVE-2025-39691 , CVE-2025-39692 , CVE-2025-39693 , CVE-2025-39694 , CVE-2025-39701 , CVE-2025-39702 , CVE-2025-39703 , CVE-2025-39706 , CVE-2025-39709 , CVE-2025-39710 , CVE-2025-39711 , CVE-2025-39713 , CVE-2025-39714 , CVE-2025-39715 , CVE-2025-39716 , CVE-2025-39718 , CVE-2025-39719 , CVE-2025-39720 , CVE-2025-39721 , CVE-2025-39724 , CVE-2025-39730 , CVE-2025-39731 , CVE-2025-39734 Description Upstream kernel version 6.6.105 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel. The newer meta-task and mageia-repos packages are required to simplify the correct installation of the kernel-stable-userspace-headers (for backport kernel-stable) and back to kernel-userspace-headers (for 6.6 kernels) packages see https://bugs.mageia.org/show_bug.cgi?id=34545. For information about the vulnerabilities see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-38501 , CVE-2025-38553 , CVE-2025-38555 , CVE-2025-38560 , CVE-2025-38561 , CVE-2025-38562 , CVE-2025-38563 , CVE-2025-38565 , CVE-2025-38566 , CVE-2025-38568 , CVE-2025-38569 , CVE-2025-38571 , CVE-2025-38572 , CVE-2025-38574 , CVE-2025-38576 , CVE-2025-38577 , CVE-2025-38578 , CVE-2025-38579 , CVE-2025-38581 , CVE-2025-38583 , CVE-2025-38587 , CVE-2025-38588 , CVE-2025-38590 , CVE-2025-38601 , CVE-2025-38602 , CVE-2025-38604 , CVE-2025-38608 , CVE-2025-38609 , CVE-2025-38610 , CVE-2025-38611 , CVE-2025-38612 , CVE-2025-38615 , CVE-2025-38617 , CVE-2025-38618 , CVE-2025-38622 , CVE-2025-38623 , CVE-2025-38624 , CVE-2025-38625 , CVE-2025-38626 , CVE-2025-38630 , CVE-2025-38632 , CVE-2025-38634 , CVE-2025-38635 , CVE-2025-38639 , CVE-2025-38640 , CVE-2025-38644 , CVE-2025-38645 , CVE-2025-38646 , CVE-2025-38648 , CVE-2025-38650 , CVE-2025-38652 , CVE-2025-38653 , CVE-2025-38656 , CVE-2025-38659 , CVE-2025-38677 , CVE-2025-38679 , CVE-2025-38680 , CVE-2025-38681 , CVE-2025-38683 , CVE-2025-38684 , CVE-2025-38685 , CVE-2025-38687 , CVE-2025-38688 , CVE-2025-38691 , CVE-2025-38692 , CVE-2025-38693 , CVE-2025-38694 , CVE-2025-38695 , CVE-2025-38696 , CVE-2025-38697 , CVE-2025-38698 , CVE-2025-38699 , CVE-2025-38700 , CVE-2025-38701 , CVE-2025-38702 , CVE-2025-38706 , CVE-2025-38707 , CVE-2025-38708 , CVE-2025-38709 , CVE-2025-38711 , CVE-2025-38712 , CVE-2025-38713 , CVE-2025-38714 , CVE-2025-38715 , CVE-2025-38716 , CVE-2025-38718 , CVE-2025-38721 , CVE-2025-38723 , CVE-2025-38724 , CVE-2025-38725 , CVE-2025-38727 , CVE-2025-38728 , CVE-2025-38729 , CVE-2025-38730 , CVE-2025-38732 , CVE-2025-38734 , CVE-2025-38735 , CVE-2025-39673 , CVE-2025-39675 , CVE-2025-39676 , CVE-2025-39679 , CVE-2025-39681 , CVE-2025-39682 , CVE-2025-39683 , CVE-2025-39684 , CVE-2025-39685 , CVE-2025-39686 , CVE-2025-39687 , CVE-2025-39689 , CVE-2025-39691 , CVE-2025-39692 , CVE-2025-39693 , CVE-2025-39694 , CVE-2025-39701 , CVE-2025-39702 , CVE-2025-39703 , CVE-2025-39706 , CVE-2025-39709 , CVE-2025-39710 , CVE-2025-39711 , CVE-2025-39713 , CVE-2025-39714 , CVE-2025-39715 , CVE-2025-39716 , CVE-2025-39718 , CVE-2025-39719 , CVE-2025-39720 , CVE-2025-39721 , CVE-2025-39724 , CVE-2025-39730 , CVE-2025-39731 , CVE-2025-39734 Description Upstream kernel version 6.6.105 fixes bugs and vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel. The newer meta-task and mageia-repos packages are required to simplify the correct installation of the kernel-stable-userspace-headers (for backport kernel-stable) and back to kernel-userspace-headers (for 6.6 kernels) packages see https://bugs.mageia.org/show_bug.cgi?id=34545. For information about the vulnerabilities see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=34594
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.102
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.103
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.104
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.105
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38501
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38553
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38555
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38560
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38561
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38562
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38563
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38565
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38566
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38568
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38569
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38571
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38572
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38574
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38576
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38577
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38578
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38579
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38581
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38583
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38587
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38590
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38601
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38602
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38604
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38608
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38609
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38610
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38611
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38612
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38615
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38617
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38618
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38622
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38623
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38624
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38625
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38626
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38630
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38632
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38634
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38635
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38639
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38640
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38644
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38645
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38646
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38648
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38650
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38652
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38653
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38656
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38659
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38677
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38679
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38680
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38681
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38683
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38684
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38685
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38687
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38688
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38691
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38692
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38693
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38694
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38695
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38696
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38697
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38698
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38699
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38700
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38701
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38702
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38706
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38707
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38708
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38709
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38711
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38712
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38715
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38716
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38718
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38721
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38723
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38724
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38725
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38727
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38728
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38729
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38730
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38732
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38734
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38735
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39673
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39675
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39676
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39679
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39681
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39682
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39683
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39684
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39685
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39686
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39687
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39689
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39691
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39692
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39693
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39694
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39701
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39702
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39703
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39706
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39709
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39710
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39711
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39715
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39716
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39718
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39719
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39720
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39721
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39724
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39730
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39731
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39734
- kernel-6.6.105-1.mga9
- kmod-virtualbox-7.1.10-10.mga9
- kmod-xtables-addons-3.24-86.mga9
- mageia-repos-9-4.mga9
- meta-task-9-4.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0234 - Updated kernel-linus packages fix security vulnerabilities
Publication date: 09 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-38501 , CVE-2025-38553 , CVE-2025-38555 , CVE-2025-38560 , CVE-2025-38561 , CVE-2025-38562 , CVE-2025-38563 , CVE-2025-38565 , CVE-2025-38566 , CVE-2025-38568 , CVE-2025-38569 , CVE-2025-38571 , CVE-2025-38572 , CVE-2025-38574 , CVE-2025-38576 , CVE-2025-38577 , CVE-2025-38578 , CVE-2025-38579 , CVE-2025-38581 , CVE-2025-38583 , CVE-2025-38587 , CVE-2025-38588 , CVE-2025-38590 , CVE-2025-38601 , CVE-2025-38602 , CVE-2025-38604 , CVE-2025-38608 , CVE-2025-38609 , CVE-2025-38610 , CVE-2025-38611 , CVE-2025-38612 , CVE-2025-38615 , CVE-2025-38617 , CVE-2025-38618 , CVE-2025-38622 , CVE-2025-38623 , CVE-2025-38624 , CVE-2025-38625 , CVE-2025-38626 , CVE-2025-38630 , CVE-2025-38632 , CVE-2025-38634 , CVE-2025-38635 , CVE-2025-38639 , CVE-2025-38640 , CVE-2025-38644 , CVE-2025-38645 , CVE-2025-38646 , CVE-2025-38648 , CVE-2025-38650 , CVE-2025-38652 , CVE-2025-38653 , CVE-2025-38656 , CVE-2025-38659 , CVE-2025-38677 , CVE-2025-38679 , CVE-2025-38680 , CVE-2025-38681 , CVE-2025-38683 , CVE-2025-38684 , CVE-2025-38685 , CVE-2025-38687 , CVE-2025-38688 , CVE-2025-38691 , CVE-2025-38692 , CVE-2025-38693 , CVE-2025-38694 , CVE-2025-38695 , CVE-2025-38696 , CVE-2025-38697 , CVE-2025-38698 , CVE-2025-38699 , CVE-2025-38700 , CVE-2025-38701 , CVE-2025-38702 , CVE-2025-38706 , CVE-2025-38707 , CVE-2025-38708 , CVE-2025-38709 , CVE-2025-38711 , CVE-2025-38712 , CVE-2025-38713 , CVE-2025-38714 , CVE-2025-38715 , CVE-2025-38716 , CVE-2025-38718 , CVE-2025-38721 , CVE-2025-38723 , CVE-2025-38724 , CVE-2025-38725 , CVE-2025-38727 , CVE-2025-38728 , CVE-2025-38729 , CVE-2025-38730 , CVE-2025-38732 , CVE-2025-38734 , CVE-2025-38735 , CVE-2025-39673 , CVE-2025-39675 , CVE-2025-39676 , CVE-2025-39679 , CVE-2025-39681 , CVE-2025-39682 , CVE-2025-39683 , CVE-2025-39684 , CVE-2025-39685 , CVE-2025-39686 , CVE-2025-39687 , CVE-2025-39689 , CVE-2025-39691 , CVE-2025-39692 , CVE-2025-39693 , CVE-2025-39694 , CVE-2025-39701 , CVE-2025-39702 , CVE-2025-39703 , CVE-2025-39706 , CVE-2025-39709 , CVE-2025-39710 , CVE-2025-39711 , CVE-2025-39713 , CVE-2025-39714 , CVE-2025-39715 , CVE-2025-39716 , CVE-2025-39718 , CVE-2025-39719 , CVE-2025-39720 , CVE-2025-39721 , CVE-2025-39724 , CVE-2025-39730 , CVE-2025-39731 , CVE-2025-39734 Description Vanilla upstream kernel version 6.6.105 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-38501 , CVE-2025-38553 , CVE-2025-38555 , CVE-2025-38560 , CVE-2025-38561 , CVE-2025-38562 , CVE-2025-38563 , CVE-2025-38565 , CVE-2025-38566 , CVE-2025-38568 , CVE-2025-38569 , CVE-2025-38571 , CVE-2025-38572 , CVE-2025-38574 , CVE-2025-38576 , CVE-2025-38577 , CVE-2025-38578 , CVE-2025-38579 , CVE-2025-38581 , CVE-2025-38583 , CVE-2025-38587 , CVE-2025-38588 , CVE-2025-38590 , CVE-2025-38601 , CVE-2025-38602 , CVE-2025-38604 , CVE-2025-38608 , CVE-2025-38609 , CVE-2025-38610 , CVE-2025-38611 , CVE-2025-38612 , CVE-2025-38615 , CVE-2025-38617 , CVE-2025-38618 , CVE-2025-38622 , CVE-2025-38623 , CVE-2025-38624 , CVE-2025-38625 , CVE-2025-38626 , CVE-2025-38630 , CVE-2025-38632 , CVE-2025-38634 , CVE-2025-38635 , CVE-2025-38639 , CVE-2025-38640 , CVE-2025-38644 , CVE-2025-38645 , CVE-2025-38646 , CVE-2025-38648 , CVE-2025-38650 , CVE-2025-38652 , CVE-2025-38653 , CVE-2025-38656 , CVE-2025-38659 , CVE-2025-38677 , CVE-2025-38679 , CVE-2025-38680 , CVE-2025-38681 , CVE-2025-38683 , CVE-2025-38684 , CVE-2025-38685 , CVE-2025-38687 , CVE-2025-38688 , CVE-2025-38691 , CVE-2025-38692 , CVE-2025-38693 , CVE-2025-38694 , CVE-2025-38695 , CVE-2025-38696 , CVE-2025-38697 , CVE-2025-38698 , CVE-2025-38699 , CVE-2025-38700 , CVE-2025-38701 , CVE-2025-38702 , CVE-2025-38706 , CVE-2025-38707 , CVE-2025-38708 , CVE-2025-38709 , CVE-2025-38711 , CVE-2025-38712 , CVE-2025-38713 , CVE-2025-38714 , CVE-2025-38715 , CVE-2025-38716 , CVE-2025-38718 , CVE-2025-38721 , CVE-2025-38723 , CVE-2025-38724 , CVE-2025-38725 , CVE-2025-38727 , CVE-2025-38728 , CVE-2025-38729 , CVE-2025-38730 , CVE-2025-38732 , CVE-2025-38734 , CVE-2025-38735 , CVE-2025-39673 , CVE-2025-39675 , CVE-2025-39676 , CVE-2025-39679 , CVE-2025-39681 , CVE-2025-39682 , CVE-2025-39683 , CVE-2025-39684 , CVE-2025-39685 , CVE-2025-39686 , CVE-2025-39687 , CVE-2025-39689 , CVE-2025-39691 , CVE-2025-39692 , CVE-2025-39693 , CVE-2025-39694 , CVE-2025-39701 , CVE-2025-39702 , CVE-2025-39703 , CVE-2025-39706 , CVE-2025-39709 , CVE-2025-39710 , CVE-2025-39711 , CVE-2025-39713 , CVE-2025-39714 , CVE-2025-39715 , CVE-2025-39716 , CVE-2025-39718 , CVE-2025-39719 , CVE-2025-39720 , CVE-2025-39721 , CVE-2025-39724 , CVE-2025-39730 , CVE-2025-39731 , CVE-2025-39734 Description Vanilla upstream kernel version 6.6.105 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=34595
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.102
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.103
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.104
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.105
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38501
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38553
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38555
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38560
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38561
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38562
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38563
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38565
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38566
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38568
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38569
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38571
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38572
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38574
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38576
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38577
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38578
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38579
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38581
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38583
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38587
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38590
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38601
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38602
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38604
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38608
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38609
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38610
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38611
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38612
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38615
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38617
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38618
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38622
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38623
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38624
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38625
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38626
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38630
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38632
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38634
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38635
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38639
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38640
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38644
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38645
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38646
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38648
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38650
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38652
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38653
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38656
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38659
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38677
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38679
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38680
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38681
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38683
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38684
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38685
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38687
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38688
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38691
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38692
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38693
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38694
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38695
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38696
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38697
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38698
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38699
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38700
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38701
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38702
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38706
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38707
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38708
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38709
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38711
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38712
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38715
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38716
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38718
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38721
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38723
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38724
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38725
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38727
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38728
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38729
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38730
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38732
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38734
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38735
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39673
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39675
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39676
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39679
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39681
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39682
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39683
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39684
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39685
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39686
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39687
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39689
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39691
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39692
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39693
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39694
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39701
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39702
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39703
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39706
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39709
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39710
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39711
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39715
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39716
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39718
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39719
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39720
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39721
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39724
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39730
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39731
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39734
- kernel-linus-6.6.105-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0233 - Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerabilities
Publication date: 16 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-30749 , CVE-2025-30754 , CVE-2025-30761 , CVE-2025-50059 , CVE-2025-50106 Description Better Glyph drawing. (CVE-2025-30749) Enhance TLS protocol support. (CVE-2025-30754) Improve scripting supports. (CVE-2025-30761) Improve HTTP client header handling. (CVE-2025-50059) Better Glyph drawing redux. (CVE-2025-50106) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-30749 , CVE-2025-30754 , CVE-2025-30761 , CVE-2025-50059 , CVE-2025-50106 Description Better Glyph drawing. (CVE-2025-30749) Enhance TLS protocol support. (CVE-2025-30754) Improve scripting supports. (CVE-2025-30761) Improve HTTP client header handling. (CVE-2025-50059) Better Glyph drawing redux. (CVE-2025-50106) References
- https://bugs.mageia.org/show_bug.cgi?id=34487
- https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2025:10862
- https://access.redhat.com/errata/RHSA-2025:10865
- https://access.redhat.com/errata/RHSA-2025:10867
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30749
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30754
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30761
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50059
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50106
- java-1.8.0-openjdk-1.8.0.462.b08-1.mga9
- java-11-openjdk-11.0.28.0.6-1.mga9
- java-17-openjdk-17.0.16.0.8-1.mga9
- java-latest-openjdk-24.0.2.0.12-1.rolling.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0232 - Updated curl packages fix security vulnerability
Publication date: 11 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9086 Description curl is susceptible to an out-of-bounds read in the cookie handler that could either cause a crash or potentially make allow a clear-text site to override the contents of a secure cookie. This release also fixes a rare memory leak in HTTP trailers. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9086 Description curl is susceptible to an out-of-bounds read in the cookie handler that could either cause a crash or potentially make allow a clear-text site to override the contents of a secure cookie. This release also fixes a rare memory leak in HTTP trailers. References
- https://bugs.mageia.org/show_bug.cgi?id=34623
- https://curl.se/docs/CVE-2025-9086.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086
- curl-7.88.1-4.8.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0082 - Updated nvidia-current packages fix bugs
Publication date: 09 Sep 2025
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bugregression introduced in 580.65.06 that could cause Vulkan applications to hang on Wayland. Added support for NVIDIA Smooth Motion on GeForce RTX 40 Series GPUs. Fixed a bug that caused /sys/class/drm/.../enabled to always report "disabled" for NVIDIA GPU connectors. References SRPMS 9/nonfree
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bugregression introduced in 580.65.06 that could cause Vulkan applications to hang on Wayland. Added support for NVIDIA Smooth Motion on GeForce RTX 40 Series GPUs. Fixed a bug that caused /sys/class/drm/.../enabled to always report "disabled" for NVIDIA GPU connectors. References SRPMS 9/nonfree
- nvidia-current-580.82.07-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGASA-2025-0231 - Updated udisks2 packages fix a security vulnerability
Publication date: 08 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8067 Description Out-of-bounds read in udisks daemon. (CVE-2025-8067) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8067 Description Out-of-bounds read in udisks daemon. (CVE-2025-8067) References
- https://bugs.mageia.org/show_bug.cgi?id=34602
- https://www.openwall.com/lists/oss-security/2025/08/28/1
- https://www.openwall.com/lists/oss-security/2025/08/28/4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8067
- udisks2-2.10.1-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0230 - Updated postgresql15 & postgresql13 packages fix security vulnerabilities
Publication date: 08 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8713 , CVE-2025-8714 , CVE-2025-8715 Description PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table. (CVE-2025-8713) PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client. (CVE-2025-8714) PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server. (CVE-2025-8715) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8713 , CVE-2025-8714 , CVE-2025-8715 Description PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table. (CVE-2025-8713) PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client. (CVE-2025-8714) PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server. (CVE-2025-8715) References
- https://bugs.mageia.org/show_bug.cgi?id=34608
- https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715
- postgresql15-15.14-1.mga9
- postgresql13-13.22-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0229 - Updated python-django packages fix security vulnerability
Publication date: 08 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-57833 Description Potential SQL injection in FilteredRelation column aliases. (CVE-2025-57833) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-57833 Description Potential SQL injection in FilteredRelation column aliases. (CVE-2025-57833) References
- https://bugs.mageia.org/show_bug.cgi?id=34612
- https://www.openwall.com/lists/oss-security/2025/09/03/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833
- python-django-4.1.13-1.6.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0081 - Updated haproxy packages fix some bugs
Publication date: 08 Sep 2025
Type: bugfix
Affected Mageia releases : 9
Description Haproxy has a few medium and a few minor bugs fixed in the last upstream version 2.8.15 of branch 2.8. Fixed medium bug list: - backend: do not overwrite srv dst address on reuse (2) - backend: fix reuse with set-dst/set-dst-port - clock: make sure now_ms cannot be TICK_ETERNITY - debug: close a possible race between thread dump and panic() - fd: mark FD transferred to another process as FD_CLONED - filters: Handle filters registered on data with no payload callback - h3: trim whitespaces in header value prior to QPACK encoding - h3: trim whitespaces when parsing headers value - hlua/cli: fix cli applet UAF in hlua_applet_wakeup() - hlua: fix hlua_applet_{http,tcp}_fct() yield regression (lost data) - http-ana: Report 502 from req analyzer only during rsp forwarding - htx: wrong count computation in htx_xfer_blks() - mux-quic: do not attach on already closed stream - mux-quic: fix crash on RS/SS emission if already close local - peers: prevent learning expiration too far in futur from unsync node - sample: fix risk of overflow when replacing multiple regex back-refs - spoe: Don't wakeup idle applets in loop during stopping - ssl: chosing correct certificate using RSA-PSS with TLSv1.3 - startup: return to initial cwd only after check_config_validity() - thread: use pthread_self() not ha_pthread[tid] in set_affinity References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Haproxy has a few medium and a few minor bugs fixed in the last upstream version 2.8.15 of branch 2.8. Fixed medium bug list: - backend: do not overwrite srv dst address on reuse (2) - backend: fix reuse with set-dst/set-dst-port - clock: make sure now_ms cannot be TICK_ETERNITY - debug: close a possible race between thread dump and panic() - fd: mark FD transferred to another process as FD_CLONED - filters: Handle filters registered on data with no payload callback - h3: trim whitespaces in header value prior to QPACK encoding - h3: trim whitespaces when parsing headers value - hlua/cli: fix cli applet UAF in hlua_applet_wakeup() - hlua: fix hlua_applet_{http,tcp}_fct() yield regression (lost data) - http-ana: Report 502 from req analyzer only during rsp forwarding - htx: wrong count computation in htx_xfer_blks() - mux-quic: do not attach on already closed stream - mux-quic: fix crash on RS/SS emission if already close local - peers: prevent learning expiration too far in futur from unsync node - sample: fix risk of overflow when replacing multiple regex back-refs - spoe: Don't wakeup idle applets in loop during stopping - ssl: chosing correct certificate using RSA-PSS with TLSv1.3 - startup: return to initial cwd only after check_config_validity() - thread: use pthread_self() not ha_pthread[tid] in set_affinity References SRPMS 9/core
- haproxy-2.8.15-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0228 - Updated thunderbird packages fix vulnerabilities
Publication date: 05 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6424 , CVE-2025-6425 , CVE-2025-6429 , CVE-2025-6430 , CVE-2025-8027 , CVE-2025-8028 , CVE-2025-8029 , CVE-2025-8030 , CVE-2025-8031 , CVE-2025-8032 , CVE-2025-8033 , CVE-2025-8034 , CVE-2025-8035 , CVE-2025-9179 , CVE-2025-9180 , CVE-2025-9181 , CVE-2025--9185 Description Use-after-free in FontFaceSet. (CVE-2025-6424) The WebCompat WebExtension shipped exposed a persistent UUID. (CVE-2025-6425) Incorrect parsing of URLs could have allowed embedding of youtube.com. (CVE-2025-6429) Content-Disposition header ignored when a file is included in an embed or object tag. (CVE-2025-6430) JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8035) Sandbox escape due to invalid pointer in the Audio/Video: GMP component. (CVE-2025-9179) Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180) Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. (CVE-2025-9185). For the armv7hl architecture this package fixes additional vulnerabilities; see the links below: https://advisories.mageia.org/MGASA-2025-0197.html https://advisories.mageia.org/MGASA-2025-0168.html https://advisories.mageia.org/MGASA-2025-0151.html https://advisories.mageia.org/MGASA-2025-0126.html https://advisories.mageia.org/MGASA-2025-0093.html https://advisories.mageia.org/MGASA-2025-0048.html https://advisories.mageia.org/MGASA-2025-0010.html https://advisories.mageia.org/MGASA-2024-0395.html https://advisories.mageia.org/MGASA-2024-0384.html https://advisories.mageia.org/MGASA-2024-0365.html https://advisories.mageia.org/MGASA-2024-0350.html https://advisories.mageia.org/MGASA-2024-0336.html https://advisories.mageia.org/MGASA-2024-0332.html References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6424 , CVE-2025-6425 , CVE-2025-6429 , CVE-2025-6430 , CVE-2025-8027 , CVE-2025-8028 , CVE-2025-8029 , CVE-2025-8030 , CVE-2025-8031 , CVE-2025-8032 , CVE-2025-8033 , CVE-2025-8034 , CVE-2025-8035 , CVE-2025-9179 , CVE-2025-9180 , CVE-2025-9181 , CVE-2025--9185 Description Use-after-free in FontFaceSet. (CVE-2025-6424) The WebCompat WebExtension shipped exposed a persistent UUID. (CVE-2025-6425) Incorrect parsing of URLs could have allowed embedding of youtube.com. (CVE-2025-6429) Content-Disposition header ignored when a file is included in an embed or object tag. (CVE-2025-6430) JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8035) Sandbox escape due to invalid pointer in the Audio/Video: GMP component. (CVE-2025-9179) Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180) Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. (CVE-2025-9185). For the armv7hl architecture this package fixes additional vulnerabilities; see the links below: https://advisories.mageia.org/MGASA-2025-0197.html https://advisories.mageia.org/MGASA-2025-0168.html https://advisories.mageia.org/MGASA-2025-0151.html https://advisories.mageia.org/MGASA-2025-0126.html https://advisories.mageia.org/MGASA-2025-0093.html https://advisories.mageia.org/MGASA-2025-0048.html https://advisories.mageia.org/MGASA-2025-0010.html https://advisories.mageia.org/MGASA-2024-0395.html https://advisories.mageia.org/MGASA-2024-0384.html https://advisories.mageia.org/MGASA-2024-0365.html https://advisories.mageia.org/MGASA-2024-0350.html https://advisories.mageia.org/MGASA-2024-0336.html https://advisories.mageia.org/MGASA-2024-0332.html References
- https://bugs.mageia.org/show_bug.cgi?id=34415
- https://www.thunderbird.net/en-US/thunderbird/128.12.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-55/
- https://www.thunderbird.net/en-US/thunderbird/128.13.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/
- https://www.thunderbird.net/en-US/thunderbird/128.14.0esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6424
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6425
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6429
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6430
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8027
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8028
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8029
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8030
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8031
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8032
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8033
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8034
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8035
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9180
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9181
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025--9185
- thunderbird-128.14.0-1.mga9
- thunderbird-l10n-128.14.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0227 - Updated rootcerts, nspr, nss & firefox packages fix vulnerabilities
Publication date: 05 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8027 , CVE-2025-8028 , CVE-2025-8029 , CVE-2025-8030 , CVE-2025-8031 , CVE-2025-8032 , CVE-2025-8033 , CVE-2025-8034 , CVE-2025-8035 , CVE-2025-9179 , CVE-2025-9180 , CVE-2025-9181 , CVE-2025-9185 Description JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8035) Sandbox escape due to invalid pointer in the Audio/Video: GMP component. (CVE-2025-9179) Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180) Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. (CVE-2025-9185) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8027 , CVE-2025-8028 , CVE-2025-8029 , CVE-2025-8030 , CVE-2025-8031 , CVE-2025-8032 , CVE-2025-8033 , CVE-2025-8034 , CVE-2025-8035 , CVE-2025-9179 , CVE-2025-9180 , CVE-2025-9181 , CVE-2025-9185 Description JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8035) Sandbox escape due to invalid pointer in the Audio/Video: GMP component. (CVE-2025-9179) Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180) Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. (CVE-2025-9185) References
- https://bugs.mageia.org/show_bug.cgi?id=34552
- https://www.firefox.com/en-US/firefox/128.13.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/
- https://www.firefox.com/en-US/firefox/128.14.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_114.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8027
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8028
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8029
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8030
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8031
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8032
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8033
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8034
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8035
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9180
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9181
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9185
- firefox-128.14.0-1.4.mga9
- firefox-l10n-128.14.0-1.mga9
- nss-3.115.1-1.mga9
- nspr-4.37-1.mga9
- rootcerts-20250808.00-1.mga9
Categorías: Actualizaciones de Seguridad
