Actualizaciones de Seguridad

Publication date: 26 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-12361 Description FFmpeg NULL Pointer Dereference. (CVE-2024-12361) References

• https://bugs.mageia.org/show_bug.cgi?id=34130
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJNUZFKKYTUNYVVV4IRSNIJAOCMVCKVS/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12361

SRPMS 9/core

• ffmpeg-5.1.6-1.5.mga9

9/tainted

• ffmpeg-5.1.6-1.5.mga9.tainted

Publication date: 24 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-24912 Description hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail. (CVE-2025-24912) References

• https://bugs.mageia.org/show_bug.cgi?id=34117
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24912

SRPMS 9/core

• hostapd-2.11-1.1.mga9
• wpa_supplicant-2.11-1.1.mga9

Publication date: 24 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-58088 , CVE-2025-21838 , CVE-2025-21844 , CVE-2025-21846 , CVE-2025-21847 , CVE-2025-21848 , CVE-2025-21853 , CVE-2025-21854 , CVE-2025-21855 , CVE-2025-21856 , CVE-2025-21857 , CVE-2025-21858 , CVE-2025-21859 , CVE-2025-21862 , CVE-2025-21863 , CVE-2025-21864 , CVE-2025-21865 , CVE-2025-21866 Description Vanilla upstream kernel version 6.6.83 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References

• https://bugs.mageia.org/show_bug.cgi?id=34115
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21838
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21854
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21856
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21857
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21858
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21859
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21862
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21865
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21866

SRPMS 9/core

• kernel-linus-6.6.83-1.mga9

Publication date: 24 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-58088 , CVE-2025-21838 , CVE-2025-21844 , CVE-2025-21846 , CVE-2025-21847 , CVE-2025-21848 , CVE-2025-21853 , CVE-2025-21854 , CVE-2025-21855 , CVE-2025-21856 , CVE-2025-21857 , CVE-2025-21858 , CVE-2025-21859 , CVE-2025-21862 , CVE-2025-21863 , CVE-2025-21864 , CVE-2025-21865 , CVE-2025-21866 Description Upstream kernel version 6.6.83 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links. References

• https://bugs.mageia.org/show_bug.cgi?id=34114
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58088
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21838
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21844
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21846
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21847
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21848
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21853
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21854
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21855
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21856
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21857
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21858
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21859
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21862
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21863
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21864
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21865
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21866

SRPMS 9/core

• kernel-6.6.83-1.mga9
• kmod-virtualbox-7.0.24-68.mga9
• kmod-xtables-addons-3.24-74.mga9

Publication date: 22 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-55549 , CVE-2025-24855 Description xsltGetInheritedNsList in libxslt has a use-after-free issue related to exclusion of result prefixes (CVE-2024-55549). numbers.c in libxslt has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal (CVE-2025-24855). References

• https://bugs.mageia.org/show_bug.cgi?id=34113
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/ZKCQGOW24ZBKSYCIKDUG4KKITEGCJKY2/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55549
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24855

SRPMS 9/core

• libxslt-1.1.38-1.1.mga9

Publication date: 22 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-8176 Description Improper restriction of xml entity expansion depth in libexpat. (CVE-2024-8176) References

• https://bugs.mageia.org/show_bug.cgi?id=34111
• https://www.openwall.com/lists/oss-security/2025/03/14/5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8176

SRPMS 9/core

• expat-2.7.0-1.mga9

Publication date: 21 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-32661 Description FreeRDP rdp_write_logon_info_v1 NULL access. (CVE-2024-32661) References

• https://bugs.mageia.org/show_bug.cgi?id=34086
• https://ubuntu.com/security/notices/USN-7341-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32661

SRPMS 9/core

• freerdp-2.11.7-1.1.mga9

Publication date: 21 Mar 2025
Type: bugfix
Affected Mageia releases : 9
Description An incorrect path caused gforthmi to fail to operate by default on x86_64 and aarch64. This update fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34109

SRPMS 9/core

• gforth-0.7.3-10.1.mga9

Publication date: 19 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-29768 Description Vim vulnerable to potential data loss with zip.vim and special crafted zip files. (CVE-2025-29768) References

• https://bugs.mageia.org/show_bug.cgi?id=34097
• https://www.openwall.com/lists/oss-security/2025/03/12/4
• https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29768

SRPMS 9/core

• vim-9.1.1202-1.mga9

Publication date: 19 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-28366 Description The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. References

• https://bugs.mageia.org/show_bug.cgi?id=34116
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28366

SRPMS 9/core

• mosquitto-2.0.21-1.mga9

Publication date: 19 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2004-56337 , CVE-2025-24813 Description Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: - running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true) - running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false) - running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can. (CVE-2004-56337) Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue (CVE-2025-24813). References

• https://bugs.mageia.org/show_bug.cgi?id=34112
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/WQRQ6JSFISH4LSDOH7IDJHNYPKMGUF5X/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-56337
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24813

SRPMS 9/core

• tomcat-9.0.102-1.mga9

Publication date: 19 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1920 , CVE-2025-2135 , CVE-2025-2136 , CVE-2025-2137 Description High CVE-2025-1920: Type Confusion in V8. High CVE-2025-2135: Type Confusion in V8. High CVE-2025-24201: Out of bounds write in GPU on Mac. Medium CVE-2025-2136: Use after free in Inspector. Medium CVE-2025-2137: Out of bounds read in V8. References

• https://bugs.mageia.org/show_bug.cgi?id=34099
• https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1920
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2135
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2136
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2137

SRPMS 9/tainted

• chromium-browser-stable-134.0.6998.88-1.mga9.tainted

Publication date: 18 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1080 Description Macro URL arbitrary script execution. (CVE-2025-1080) References

• https://bugs.mageia.org/show_bug.cgi?id=34068
• https://lists.debian.org/debian-security-announce/2025/msg00035.html
• https://www.libreoffice.org/about-us/security/advisories/cve-2025-1080/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1080

SRPMS 9/core

• libreoffice-24.2.7.2-1.1.mga9

Publication date: 17 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-25724 Description list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale. (CVE-2025-25724 References

• https://bugs.mageia.org/show_bug.cgi?id=34102
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2VPBSF65DTMKEEGFEJY6QEGJSZY7TSKV/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25724

SRPMS 9/core

• libarchive-3.6.2-5.4.mga9

Publication date: 17 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-13176 Description Timing side-channel in ECDSA signature computation. (CVE-2024-13176) References

• https://bugs.mageia.org/show_bug.cgi?id=34106
• https://openssl-library.org/news/secadv/20250120.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176

SRPMS 9/core

• quictls-3.0.15-1.2.mga9

Publication date: 17 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1219 , CVE-2025-1736 , CVE-2025-1861 , CVE-2025-1734 , CVE-2025-1217 Description Bugs and security with streams have been fixed. References

• https://bugs.mageia.org/show_bug.cgi?id=34091
• https://www.php.net/ChangeLog-8.php#8.2.28
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1219
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1217
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1734
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1861
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1736
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1219
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1736
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1861
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1734
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1217

SRPMS 9/core

• php-8.2.28-1.mga9

Publication date: 17 Mar 2025
Type: bugfix
Affected Mageia releases : 9
Description A Python console inside a document does not work. References

• https://bugs.mageia.org/show_bug.cgi?id=34104

SRPMS 9/core

• texmacs-2.1.2-1.1.mga9

Publication date: 17 Mar 2025
Type: bugfix
Affected Mageia releases : 9
Description Haproxy has two major, a few medium and a few minor bugs fixed in the last upstream version 2.8.14 of branch 2.8. Fixed major bug list: - quic: reject too large CRYPTO frames - quic: fix wrong packet building due to already acked frames Fixed medium bug list: - checks: make sure to always apply offsets to now_ms in expiration - debug: don't set the STUCK flag from debug_handler() - debug: on panic, make the target thread automatically allocate its buf - event_hdl: fix uninitialized value in async mode when no data is provided - h3: Increase max number of headers when sending headers - h3: Properly limit the number of headers received - http-ana: Don't release too early the L7 buffer - http-ana: Reset request flag about data sent to perform a L7 retry - mailers: make sure to always apply offsets to now_ms in expiration - mux-h1: Fix how timeouts are applied on H1 connections - mux-h1/mux-h2: Reject upgrades with payload on H2 side only - mux-h1: Properly close H1C if an error is reported before sending data - mux-h2: Check the number of headers in HEADERS frame after decoding - mux-h2: Don't send RST_STREAM frame for streams with no ID - mux-h2: Increase max number of headers when encoding HEADERS frames - pattern: prevent uninitialized reads in pat_match_{str,beg} - pools/memprofile: always clean stale pool info on pool_destroy() - queue: always dequeue the backend when redistributing the last server - queue: Make process_srv_queue return the number of streams - queue: make sure never to queue when there's no more served conns - queues: Do not use pendconn_grab_from_px(). - queues: Make sure we call process_srv_queue() when leaving - quic: handle retransmit for standalone FIN STREAM - quic: prevent crash due to CRYPTO parsing error - quic: support wait-for-handshake - resolvers: Insert a non-executed resulution in front of the wait list - sock: Remove FD_POLL_HUP during connect() if FD_POLL_ERR is not set - stconn: Don't forward shut for SC in connecting state - stconn: Only consider I/O timers to update stream's expiration date - stconn: Really report blocked send if sends are blocked by an error - stktable: fix missing lock on some table converters - stream: make stream_shutdown() async-safe References

• https://bugs.mageia.org/show_bug.cgi?id=34105
• https://www.haproxy.org/download/2.8/src/CHANGELOG

SRPMS 9/core

• haproxy-2.8.14-1.mga9

Publication date: 16 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-27363 Description An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files which may result in arbitrary code execution. References

• https://bugs.mageia.org/show_bug.cgi?id=34095
• https://www.openwall.com/lists/oss-security/2025/03/13/1
• https://gitlab.freedesktop.org/freetype/freetype/-/issues/1322
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27363

SRPMS 9/core

• freetype2-2.13.0-1.2.mga9

9/tainted

• freetype2-2.13.0-1.2.mga9.tainted

Publication date: 16 Mar 2025
Type: bugfix
Affected Mageia releases : 9
Description xfce4-weather-plugin only shows "no data" due to an API access mismatch. References

• https://bugs.mageia.org/show_bug.cgi?id=34094

SRPMS 9/core

• xfce4-weather-plugin-0.11.3-1.mga9