Mageia Security
MGASA-2025-0001 - Updated ruby packages fix security vulnerabilities
Publication date: 04 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-35176 , CVE-2024-39908 , CVE-2024-41123 , CVE-2024-41946 , CVE-2024-43398 , CVE-2024-49761 Description The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. (CVE-2024-35176) The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. (CVE-2024-39908) The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. (CVE-2024-41123) The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. (CVE-2024-41946) The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. (CVE-2024-43398) The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). (CVE-2024-49761) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-35176 , CVE-2024-39908 , CVE-2024-41123 , CVE-2024-41946 , CVE-2024-43398 , CVE-2024-49761 Description The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. (CVE-2024-35176) The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. (CVE-2024-39908) The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. (CVE-2024-41123) The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. (CVE-2024-41946) The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. (CVE-2024-43398) The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). (CVE-2024-49761) References
- https://bugs.mageia.org/show_bug.cgi?id=33576
- https://www.ruby-lang.org/en/news/2024/05/16/dos-rexml-cve-2024-35176/
- https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908/
- https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123/
- https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946/
- https://www.ruby-lang.org/en/news/2024/08/22/dos-rexml-cve-2024-43398/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQWXWS2GDTKX4LYWHQOZ2PWXDEICDX2W/
- https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/
- https://ubuntu.com/security/notices/USN-7091-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35176
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39908
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41123
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41946
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43398
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49761
- ruby-3.1.5-46.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0002 - Updated nvidia-newfeature packages fix bugs
Publication date: 04 Jan 2025
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bug in i2c handling that caused the OpenRGB Application to set incorrect LED colors on some NVIDIA GPUs. https://github.com/NVIDIA/open-gpu-kernel-modules/issues/41 Changed the fallback preference from 10 BPC YUV422 to 8 BPC RGB + dithering when enabling HDR scanout with limited display bandwidth. Fixed a bug that could cause the nvidia-settings control panel to crash when using X11 forwarding on some systems. Added a new application profile key, "GLVidHeapReuseRatio", to control the amount of memory OpenGL may hold for later reuse, as well as some application profiles for several Wayland compositors using the new key to work around issues with excessive video memory usage. Fixed a bug that could lead to crashes when a Vulkan application waits on a VkFence created by importing a DRM syncobj. This solves some crashes observed with Unreal Engine and other applications on Wayland. Fixed a bug that could cause KDE Plasma 6 to crash when running as a Wayland compositor. Fixed a bug that would cause the driver stack to fail to load the correct state of a Quadro Sync board when GSP is enabled. This would lead to inaccuracies in reporting framelock state when using house sync or stereo signals. Updated the kernel module build process to use CONFIG_CC_VERSION_TEXT from the Linux kernel's Kconfig to detect the compiler used to build the kernel. This may help select the correct compiler on systems where the kernel was built with a compiler other than the default one. Fixed a bug that prevented kernel modules linked using precompiled kernel interface files from loading on recent Debian systems. Improved the ability of nvidia-modprobe to detect whether kernel modules are already loaded. This corrects an issue that prevented nvidia-persistenced from setting persistence mode on some systems. Please note, starting from this release it's provided also the package: dkms-nvidia-newfeature-open-565.77-1.mga9.nonfree This is an "alternative" package to 'dkms-nvidia-newfeature' which uses open source kernel modules instead of the closed source ones. Note that only NVidia cards of arch Turing and beyond are supported by this dkms-nvidia-newfeature-open Older NVidia cards, e.g. in the Maxwell or Pascal arch supports only the standard dkms-nvidia-newfeature. So for instance Quadro K620 is in the Maxwell arch and are not supported by the -open variant. GTX 1080 is in the Pascal arch and it's not supported. RTX 2070, GTX 1660 are in the Turing arch and are supported. Quadro RTX A6000 is in the Ampere arch and is supported, etc. Note also that such dkms-nvidia-newfeature-open package it's not installed automatically by the drakx11 utils, but could be installed manually (in that case the cards must be already configured by the utils). So only for the brave and with a minimal competence with manual package installing. References SRPMS 9/nonfree
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bug in i2c handling that caused the OpenRGB Application to set incorrect LED colors on some NVIDIA GPUs. https://github.com/NVIDIA/open-gpu-kernel-modules/issues/41 Changed the fallback preference from 10 BPC YUV422 to 8 BPC RGB + dithering when enabling HDR scanout with limited display bandwidth. Fixed a bug that could cause the nvidia-settings control panel to crash when using X11 forwarding on some systems. Added a new application profile key, "GLVidHeapReuseRatio", to control the amount of memory OpenGL may hold for later reuse, as well as some application profiles for several Wayland compositors using the new key to work around issues with excessive video memory usage. Fixed a bug that could lead to crashes when a Vulkan application waits on a VkFence created by importing a DRM syncobj. This solves some crashes observed with Unreal Engine and other applications on Wayland. Fixed a bug that could cause KDE Plasma 6 to crash when running as a Wayland compositor. Fixed a bug that would cause the driver stack to fail to load the correct state of a Quadro Sync board when GSP is enabled. This would lead to inaccuracies in reporting framelock state when using house sync or stereo signals. Updated the kernel module build process to use CONFIG_CC_VERSION_TEXT from the Linux kernel's Kconfig to detect the compiler used to build the kernel. This may help select the correct compiler on systems where the kernel was built with a compiler other than the default one. Fixed a bug that prevented kernel modules linked using precompiled kernel interface files from loading on recent Debian systems. Improved the ability of nvidia-modprobe to detect whether kernel modules are already loaded. This corrects an issue that prevented nvidia-persistenced from setting persistence mode on some systems. Please note, starting from this release it's provided also the package: dkms-nvidia-newfeature-open-565.77-1.mga9.nonfree This is an "alternative" package to 'dkms-nvidia-newfeature' which uses open source kernel modules instead of the closed source ones. Note that only NVidia cards of arch Turing and beyond are supported by this dkms-nvidia-newfeature-open Older NVidia cards, e.g. in the Maxwell or Pascal arch supports only the standard dkms-nvidia-newfeature. So for instance Quadro K620 is in the Maxwell arch and are not supported by the -open variant. GTX 1080 is in the Pascal arch and it's not supported. RTX 2070, GTX 1660 are in the Turing arch and are supported. Quadro RTX A6000 is in the Ampere arch and is supported, etc. Note also that such dkms-nvidia-newfeature-open package it's not installed automatically by the drakx11 utils, but could be installed manually (in that case the cards must be already configured by the utils). So only for the brave and with a minimal competence with manual package installing. References SRPMS 9/nonfree
- nvidia-newfeature-565.77-5.mga9.nonfree
- cuda-z-0.11.291-9.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGAA-2025-0001 - Updated nvidia-current, nvidia470, meta-task, mageia-repos & ldetect-lst packages fix bugs
Publication date: 04 Jan 2025
Type: bugfix
Affected Mageia releases : 9
Description Minor bug fixes and improvements. Note that starting from this version, dkms-nvidia-current-open-550.142-1.mga9.nonfree is provided as the alternative open-sourced Nvidia kernel module (this package is not automatically retrieved from drakx11). Note that while the nvidia-current package works for cards of series GTX 745 and beyond, these modules, as we already seen for nvidia-newfeature, work only for cards of series Turing and beyond. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Minor bug fixes and improvements. Note that starting from this version, dkms-nvidia-current-open-550.142-1.mga9.nonfree is provided as the alternative open-sourced Nvidia kernel module (this package is not automatically retrieved from drakx11). Note that while the nvidia-current package works for cards of series GTX 745 and beyond, these modules, as we already seen for nvidia-newfeature, work only for cards of series Turing and beyond. References SRPMS 9/core
- meta-task-9-3.mga9
- mageia-repos-9-3.mga9
- ldetect-lst-0.6.59-1.mga9
- nvidia-current-550.142-3.mga9.nonfree
- nvidia470-470.256.02-3.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGAA-2024-0241 - Updated openssh packages fix bug
Publication date: 30 Dec 2024
Type: bugfix
Affected Mageia releases : 9
Description ssh crashed with a segfault when using a dss key. This update fixes the issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description ssh crashed with a segfault when using a dss key. This update fixes the issue. References SRPMS 9/core
- openssh-9.3p1-2.3.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0240 - Updated php packages fix bugs
Publication date: 29 Dec 2024
Type: bugfix
Affected Mageia releases : 9
Description Updated PHP package fixes many segfaults, memory leaks and overflows. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Updated PHP package fixes many segfaults, memory leaks and overflows. References SRPMS 9/core
- php-8.2.27-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0397 - Updated emacs packages fix security vulnerability
Publication date: 24 Dec 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-53920 Description In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code). (CVE-2024-53920) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-53920 Description In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code). (CVE-2024-53920) References
- https://bugs.mageia.org/show_bug.cgi?id=33867
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/P4KYDPPUCZHJVNAEXLQAF43YKVZPVWFH/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53920
- emacs-29.4-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0396 - Updated mozjs78 packages fix security vulnerability
Publication date: 21 Dec 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50602 Description An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. (CVE-2024-50602) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50602 Description An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. (CVE-2024-50602) References
- https://bugs.mageia.org/show_bug.cgi?id=33864
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/X3V7QAWJ6AWA3YEKX4DEGJFLTQ6ASRC3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50602
- mozjs78-78.15.0-7.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0395 - Updated thunderbird packages fix security vulnerability
Publication date: 21 Dec 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50336 Description Matrix-js-sdk has insufficient MXC URI validation which could allow client-side path traversal. (CVE-2024-50336) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50336 Description Matrix-js-sdk has insufficient MXC URI validation which could allow client-side path traversal. (CVE-2024-50336) References
- https://bugs.mageia.org/show_bug.cgi?id=33852
- https://www.thunderbird.net/en-US/thunderbird/128.5.2esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-69/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50336
- thunderbird-128.5.2-1.mga9
- thunderbird-l10n-128.5.2-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0394 - Updated tomcat tomcat packages fix security vulnerabilities
Publication date: 21 Dec 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50379 , CVE-2024-54677 Description RCE due to TOCTOU issue in JSP compilation. (CVE-2024-50379) DoS in examples web application. (CVE-2024-54677) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50379 , CVE-2024-54677 Description RCE due to TOCTOU issue in JSP compilation. (CVE-2024-50379) DoS in examples web application. (CVE-2024-54677) References
- https://bugs.mageia.org/show_bug.cgi?id=33863
- https://www.openwall.com/lists/oss-security/2024/12/17/4
- https://www.openwall.com/lists/oss-security/2024/12/17/5
- https://www.openwall.com/lists/oss-security/2024/12/17/6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50379
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54677
- tomcat-9.0.98-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0239 - Updated wireless-regdb packages fix bug
Publication date: 21 Dec 2024
Type: bugfix
Affected Mageia releases : 9
Description Update regulatory info for Oman (OM) Better support for generating public certificates References
Type: bugfix
Affected Mageia releases : 9
Description Update regulatory info for Oman (OM) Better support for generating public certificates References
- https://bugs.mageia.org/show_bug.cgi?id=33809
- https://git.kernel.org/pub/scm/linux/kernel/git/wens/wireless-regdb.git
- wireless-regdb-20241007-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0238 - Updated guayadeque packages fix bugs
Publication date: 21 Dec 2024
Type: bugfix
Affected Mageia releases : 9
Description This version corrects some bugs, improves the GUI, corrects some errors in messages (in English) and in messages translations (in Catalan, French, German, Greek, Italian, Spanish that were filled with misinterpretations ) References
Type: bugfix
Affected Mageia releases : 9
Description This version corrects some bugs, improves the GUI, corrects some errors in messages (in English) and in messages translations (in Catalan, French, German, Greek, Italian, Spanish that were filled with misinterpretations ) References
- https://bugs.mageia.org/show_bug.cgi?id=33854
- https://github.com/thothix/guayadeque/releases/tag/v0.6.2
- https://github.com/thothix/guayadeque/releases/tag/v0.6.1
- https://github.com/thothix/guayadeque/releases/tag/v0.6.0
- guayadeque-0.6.2-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0393 - Updated kernel-linus packages fix security vulnerabilities
Publication date: 18 Dec 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-53079 , CVE-2024-53091 , CVE-2024-53093 , CVE-2024-53094 , CVE-2024-53095 , CVE-2024-53097 , CVE-2024-53099 , CVE-2024-53100 , CVE-2024-53101 , CVE-2024-53102 , CVE-2024-53106 , CVE-2024-53108 , CVE-2024-53109 , CVE-2024-53110 , CVE-2024-53112 , CVE-2024-53113 , CVE-2024-53119 , CVE-2024-53120 , CVE-2024-53121 , CVE-2024-53122 , CVE-2024-53123 , CVE-2024-53126 , CVE-2024-53127 , CVE-2024-53129 , CVE-2024-53130 , CVE-2024-53131 , CVE-2024-53134 , CVE-2024-53135 , CVE-2024-53136 , CVE-2024-53138 , CVE-2024-53139 , CVE-2024-53140 Description Vanilla upstream kernel version 6.6.65 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-53079 , CVE-2024-53091 , CVE-2024-53093 , CVE-2024-53094 , CVE-2024-53095 , CVE-2024-53097 , CVE-2024-53099 , CVE-2024-53100 , CVE-2024-53101 , CVE-2024-53102 , CVE-2024-53106 , CVE-2024-53108 , CVE-2024-53109 , CVE-2024-53110 , CVE-2024-53112 , CVE-2024-53113 , CVE-2024-53119 , CVE-2024-53120 , CVE-2024-53121 , CVE-2024-53122 , CVE-2024-53123 , CVE-2024-53126 , CVE-2024-53127 , CVE-2024-53129 , CVE-2024-53130 , CVE-2024-53131 , CVE-2024-53134 , CVE-2024-53135 , CVE-2024-53136 , CVE-2024-53138 , CVE-2024-53139 , CVE-2024-53140 Description Vanilla upstream kernel version 6.6.65 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=33846
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.62
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.63
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.64
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.65
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53079
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53091
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53093
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53094
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53095
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53097
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53099
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53100
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53101
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53102
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53106
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53108
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53109
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53110
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53112
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53113
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53120
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53121
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53122
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53123
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53126
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53127
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53129
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53130
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53131
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53134
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53136
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53139
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53140
- kernel-linus-6.6.65-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0392 - Updated kernel, kmod-xtables-addons, kmod-virtualbox & dwarves packages fix security vulnerabilities
Publication date: 18 Dec 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-53079 , CVE-2024-53091 , CVE-2024-53093 , CVE-2024-53094 , CVE-2024-53095 , CVE-2024-53097 , CVE-2024-53099 , CVE-2024-53100 , CVE-2024-53101 , CVE-2024-53102 , CVE-2024-53106 , CVE-2024-53108 , CVE-2024-53109 , CVE-2024-53110 , CVE-2024-53112 , CVE-2024-53113 , CVE-2024-53119 , CVE-2024-53120 , CVE-2024-53121 , CVE-2024-53122 , CVE-2024-53123 , CVE-2024-53126 , CVE-2024-53127 , CVE-2024-53129 , CVE-2024-53130 , CVE-2024-53131 , CVE-2024-53134 , CVE-2024-53135 , CVE-2024-53136 , CVE-2024-53138 , CVE-2024-53139 , CVE-2024-53140 Description Upstream kernel version 6.6.65 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-53079 , CVE-2024-53091 , CVE-2024-53093 , CVE-2024-53094 , CVE-2024-53095 , CVE-2024-53097 , CVE-2024-53099 , CVE-2024-53100 , CVE-2024-53101 , CVE-2024-53102 , CVE-2024-53106 , CVE-2024-53108 , CVE-2024-53109 , CVE-2024-53110 , CVE-2024-53112 , CVE-2024-53113 , CVE-2024-53119 , CVE-2024-53120 , CVE-2024-53121 , CVE-2024-53122 , CVE-2024-53123 , CVE-2024-53126 , CVE-2024-53127 , CVE-2024-53129 , CVE-2024-53130 , CVE-2024-53131 , CVE-2024-53134 , CVE-2024-53135 , CVE-2024-53136 , CVE-2024-53138 , CVE-2024-53139 , CVE-2024-53140 Description Upstream kernel version 6.6.65 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=33845
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.62
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.63
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.64
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.65
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53079
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53091
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53093
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53094
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53095
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53097
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53099
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53100
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53101
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53102
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53106
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53108
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53109
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53110
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53112
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53113
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53119
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53120
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53121
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53122
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53123
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53126
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53127
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53129
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53130
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53131
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53134
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53135
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53136
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53139
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53140
- kernel-6.6.65-2.mga9
- kmod-xtables-addons-3.24-69.mga9
- kmod-virtualbox-7.0.20-61.mga9
- dwarves-1.28-1.mga9
Categorías: Actualizaciones de Seguridad
