Mageia Security

Feed
Mageia Advisories
Updated: hace 20 horas 7 minutos

MGAA-2025-0023 - Updated gnome-boxes packages fix bug

28 Febrero, 2025 - 19:35
Publication date: 28 Feb 2025
Type: bugfix
Affected Mageia releases : 9
Description gnome-boxes can't redirect usb ports to guest systems, this is due missing requiriment on spice-gtk. This update fixes the issue. References SRPMS 9/core
  • gnome-boxes-44.2-1.1.mga9

MGASA-2025-0083 - Updated radare2 packages fix security vulnerabilities

28 Febrero, 2025 - 08:28
Publication date: 28 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1378 Description A vulnerability, which was classified as problematic, was found in radare2. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. References SRPMS 9/core
  • radare2-5.8.8-1.5.mga9

MGASA-2025-0082 - Updated libcap packages fix security vulnerability

26 Febrero, 2025 - 21:10
Publication date: 26 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1390 Description pam_cap: Fix potential configuration parsing error. (CVE-2025-1390) References SRPMS 9/core
  • libcap-2.52-5.1.mga9

MGASA-2025-0081 - Updated proftpd packages fix security vulnerability

26 Febrero, 2025 - 21:10
Publication date: 26 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-57392 Description A buffer overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a denial of service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port. (CVE-2024-57392) References SRPMS 9/core
  • proftpd-1.3.8c-1.1.mga9

MGASA-2025-0079 - Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

26 Febrero, 2025 - 07:28

MGASA-2025-0077 - Updated iniparser packages fix security vulnerability

26 Febrero, 2025 - 07:28
Publication date: 26 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0633 Description A heap-based buffer overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows an attacker to read out-of-bounds memory. (CVE-2025-0633) References SRPMS 9/core
  • iniparser-4.1-4.1.mga9

MGASA-2025-0076 - Updated dcmtk packages fix security vulnerabilities

25 Febrero, 2025 - 22:40
Publication date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-25472 , CVE-2025-25474 , CVE-2025-25475 Description A buffer overflow in DCMTK allows attackers to cause a Denial of Service (DoS) via a crafted DCM file (CVE-2025-25472). DCMTK was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h (CVE-2025-25474). A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file (CVE-2025-25475). References SRPMS 9/core
  • dcmtk-3.6.7-4.4.mga9

MGAA-2025-0022 - Updated autohint-onoff, enki, pyzo & meteo-qt packages fix bug

25 Febrero, 2025 - 22:40
Publication date: 25 Feb 2025
Type: bugfix
Affected Mageia releases : 9
Description These packages have a bogus requirement on python3-sip; trying to install these packages will cause conflicts if you have applications that require python3-sip6. This update fixes the issue. References SRPMS 9/core
  • autohint-onoff-2.0-1.1.mga9
  • enki-22.08.0-1.1.mga9
  • pyzo-4.12.0-2.1.mga9
  • meteo-qt-3.3-2.1.mga9

MGASA-2025-0075 - Updated emacs packages fix a security vulnerability

25 Febrero, 2025 - 17:58
Publication date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1244 Description A command injection flaw was found which could allow a remote, unauthenticated attacker to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. References SRPMS 9/core
  • emacs-29.4-1.3.mga9

MGASA-2025-0074 - Updated vim packages fix security vulnerability

25 Febrero, 2025 - 17:58
Publication date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-26603 Description A heap use-after-free was found in str_to_reg() in Vim < 9.1.1115. (CVE-2025-26603) References SRPMS 9/core
  • vim-9.1.1122-1.mga9

MGASA-2025-0073 - Updated libxml2 packages fix security vulnerabilities

25 Febrero, 2025 - 17:58
Publication date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-56171 , CVE-2025-24928 , CVE-2025-27113 Description The updated packages fix security vulnerabilities: Use-after-free in xmlSchemaIDCFillNodeTables. (CVE-2024-56171) Stack-buffer-overflow in xmlSnprintfElements. (CVE-2025-24928) Null-deref in xmlPatMatch. (CVE-2025-27113) References SRPMS 9/core
  • libxml2-2.10.4-1.6.mga9

MGASA-2025-0072 - Updated krb5 packages fix security vulnerability

25 Febrero, 2025 - 17:58
Publication date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-24528 Description Overflow when calculating ulog block size. (CVE-2025-24528) References SRPMS 9/core
  • krb5-1.20.1-1.4.mga9

MGASA-2025-0071 - Updated gnutls packages fix security vulnerability

25 Febrero, 2025 - 17:58
Publication date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-12243 Description Gnutls impacted by inefficient DER decoding in libtasn1 leading to remote DoS. (CVE-2024-12243) References SRPMS 9/core
  • gnutls-3.8.4-1.1.mga9

MGAA-2025-0021 - Updated gtk+3.0 & lxpanel packages fix bug

25 Febrero, 2025 - 17:58
Publication date: 25 Feb 2025
Type: bugfix
Affected Mageia releases : 9
Description The updated packages fix a bug in GTK3 tooltips. References SRPMS 9/core
  • gtk+3.0-3.24.38-1.2.mga9
  • lxpanel-0.11.0-0.git20250215.1.mga9