Mageia Security
MGAA-2025-0059 - Updated libvirt packages fix bug
Publication date: 13 Jun 2025
Type: bugfix
Affected Mageia releases : 9
Description libvirtd, virtlockd & virtlogd services fail after start due to bad key naming in service files. This update fixes the issue and brings other fixes and enhancements performed by upstream since our current version. Please note that we have disabled the nbdki backend. References
Type: bugfix
Affected Mageia releases : 9
Description libvirtd, virtlockd & virtlogd services fail after start due to bad key naming in service files. This update fixes the issue and brings other fixes and enhancements performed by upstream since our current version. Please note that we have disabled the nbdki backend. References
- https://bugs.mageia.org/show_bug.cgi?id=33024
- https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html
- https://github.com/libvirt/libvirt/blob/v9.10.0/NEWS.rst
- libvirt-9.10.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0186 - Updated mariadb packages fix security vulnerabilities
Publication date: 11 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-52969 , CVE-2023-52970 , CVE-2023-52971 , CVE-2025-30693 , CVE-2025-30722 Description MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2 - CVE-2023-52969. MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where - CVE-2023-52970. MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan - CVE-2023-52971. Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H) - CVE-2025-30693. Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N) - CVE-2025-30722 References
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-52969 , CVE-2023-52970 , CVE-2023-52971 , CVE-2025-30693 , CVE-2025-30722 Description MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2 - CVE-2023-52969. MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where - CVE-2023-52970. MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan - CVE-2023-52971. Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H) - CVE-2025-30693. Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N) - CVE-2025-30722 References
- https://bugs.mageia.org/show_bug.cgi?id=34342
- https://mariadb.com/kb/en/mariadb-11-4-7-release-notes/
- https://mariadb.com/kb/en/mariadb-11-4-6-release-notes/
- https://ubuntu.com/security/notices/USN-7548-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52969
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52970
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52971
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722
- mariadb-11.4.7-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0185 - Updated roundcubemail packages fix security vulnerability
Publication date: 11 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49113 Description A Post-Auth RCE was announced and fixed in the latest release. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49113 Description A Post-Auth RCE was announced and fixed in the latest release. References
- https://bugs.mageia.org/show_bug.cgi?id=34341
- https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
- https://www.openwall.com/lists/oss-security/2025/06/02/1
- https://www.openwall.com/lists/oss-security/2025/06/02/3
- https://lists.debian.org/debian-security-announce/2025/msg00098.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49113
- roundcubemail-1.6.11-2.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0058 - Updated noip packages fix bug
Publication date: 10 Jun 2025
Type: bugfix
Affected Mageia releases : 9
Description The current version is no longer supported, and does not update the IP direction for your domain in no-ip.com. This update fixes the issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description The current version is no longer supported, and does not update the IP direction for your domain in no-ip.com. This update fixes the issue. References SRPMS 9/core
- noip-3.3.0-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0184 - Updated golang packages fix security vulnerabilities
Publication date: 09 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4673 , CVE-2025-0913 , CVE-2025-22874 Description Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673. os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location - CVE-2025-0913. crypto/x509: usage of ExtKeyUsageAny disables policy validation. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon - CVE-2025-22874. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4673 , CVE-2025-0913 , CVE-2025-22874 Description Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673. os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location - CVE-2025-0913. crypto/x509: usage of ExtKeyUsageAny disables policy validation. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon - CVE-2025-22874. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink. References
- https://bugs.mageia.org/show_bug.cgi?id=34353
- https://www.openwall.com/lists/oss-security/2025/06/05/5
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0913
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22874
- golang-1.24.4-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0183 - Updated kernel-linus packages fix security vulnerabilities
Publication date: 09 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-37797 , CVE-2025-37799 , CVE-2025-37800 , CVE-2025-37801 , CVE-2025-37803 , CVE-2025-37804 , CVE-2025-37805 , CVE-2025-37808 , CVE-2025-37810 , CVE-2025-37811 , CVE-2025-37812 , CVE-2025-37813 , CVE-2025-37815 , CVE-2025-37817 , CVE-2025-37818 , CVE-2025-37819 , CVE-2025-37820 , CVE-2025-37823 , CVE-2025-37824 , CVE-2025-37828 , CVE-2025-37829 , CVE-2025-37830 , CVE-2025-37831 , CVE-2025-37836 , CVE-2025-37878 , CVE-2025-37879 , CVE-2025-37881 , CVE-2025-37883 , CVE-2025-37884 , CVE-2025-37885 , CVE-2025-37886 , CVE-2025-37887 , CVE-2025-37890 , CVE-2025-37891 , CVE-2025-37897 , CVE-2025-37901 , CVE-2025-37903 , CVE-2025-37905 , CVE-2025-37909 , CVE-2025-37911 , CVE-2025-37912 , CVE-2025-37913 , CVE-2025-37914 , CVE-2025-37915 , CVE-2025-37916 , CVE-2025-37917 , CVE-2025-37918 , CVE-2025-37921 , CVE-2025-37922 , CVE-2025-37923 , CVE-2025-37924 , CVE-2025-37927 , CVE-2025-37928 , CVE-2025-37929 , CVE-2025-37930 , CVE-2025-37932 , CVE-2025-37933 , CVE-2025-37935 , CVE-2025-37936 , CVE-2025-37938 , CVE-2025-37947 , CVE-2025-37948 , CVE-2025-37949 , CVE-2025-37951 , CVE-2025-37952 , CVE-2025-37953 , CVE-2025-37954 , CVE-2025-37956 , CVE-2025-37959 , CVE-2025-37961 , CVE-2025-37962 , CVE-2025-37963 , CVE-2025-37964 , CVE-2025-37969 , CVE-2025-37970 , CVE-2025-37972 , CVE-2025-37973 , CVE-2025-37983 , CVE-2025-37985 , CVE-2025-37988 , CVE-2025-37989 , CVE-2025-37990 , CVE-2025-37991 , CVE-2025-37992 Description Vanilla upstream kernel version 6.6.93 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-37797 , CVE-2025-37799 , CVE-2025-37800 , CVE-2025-37801 , CVE-2025-37803 , CVE-2025-37804 , CVE-2025-37805 , CVE-2025-37808 , CVE-2025-37810 , CVE-2025-37811 , CVE-2025-37812 , CVE-2025-37813 , CVE-2025-37815 , CVE-2025-37817 , CVE-2025-37818 , CVE-2025-37819 , CVE-2025-37820 , CVE-2025-37823 , CVE-2025-37824 , CVE-2025-37828 , CVE-2025-37829 , CVE-2025-37830 , CVE-2025-37831 , CVE-2025-37836 , CVE-2025-37878 , CVE-2025-37879 , CVE-2025-37881 , CVE-2025-37883 , CVE-2025-37884 , CVE-2025-37885 , CVE-2025-37886 , CVE-2025-37887 , CVE-2025-37890 , CVE-2025-37891 , CVE-2025-37897 , CVE-2025-37901 , CVE-2025-37903 , CVE-2025-37905 , CVE-2025-37909 , CVE-2025-37911 , CVE-2025-37912 , CVE-2025-37913 , CVE-2025-37914 , CVE-2025-37915 , CVE-2025-37916 , CVE-2025-37917 , CVE-2025-37918 , CVE-2025-37921 , CVE-2025-37922 , CVE-2025-37923 , CVE-2025-37924 , CVE-2025-37927 , CVE-2025-37928 , CVE-2025-37929 , CVE-2025-37930 , CVE-2025-37932 , CVE-2025-37933 , CVE-2025-37935 , CVE-2025-37936 , CVE-2025-37938 , CVE-2025-37947 , CVE-2025-37948 , CVE-2025-37949 , CVE-2025-37951 , CVE-2025-37952 , CVE-2025-37953 , CVE-2025-37954 , CVE-2025-37956 , CVE-2025-37959 , CVE-2025-37961 , CVE-2025-37962 , CVE-2025-37963 , CVE-2025-37964 , CVE-2025-37969 , CVE-2025-37970 , CVE-2025-37972 , CVE-2025-37973 , CVE-2025-37983 , CVE-2025-37985 , CVE-2025-37988 , CVE-2025-37989 , CVE-2025-37990 , CVE-2025-37991 , CVE-2025-37992 Description Vanilla upstream kernel version 6.6.93 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=34303
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.89
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.90
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.91
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.92
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.93
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37797
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37799
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37800
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37801
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37803
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37804
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37805
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37808
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37810
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37811
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37812
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37813
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37815
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37817
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37818
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37819
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37820
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37823
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37824
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37828
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37829
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37830
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37831
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37836
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37878
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37879
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37881
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37883
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37884
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37885
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37886
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37887
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37890
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37891
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37897
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37901
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37903
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37905
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37909
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37911
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37912
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37913
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37914
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37915
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37916
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37917
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37918
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37921
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37922
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37923
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37924
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37927
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37928
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37929
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37930
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37932
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37933
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37935
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37936
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37938
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37947
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37948
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37949
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37951
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37952
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37953
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37954
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37956
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37959
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37961
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37962
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37963
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37964
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37969
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37970
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37972
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37973
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37983
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37988
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37989
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37990
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37991
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37992
- kernel-linus-6.6.93-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0182 - Updated kernel, kmod-virtualbox, kmod-xtables-addons, dwarves, libtraceevent, libtracefs, kernel-firmware, kernel-firmware-nonfree, radeon-firmware & wireless-regdb packages fix security vulnerabilities
Publication date: 09 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-37797 , CVE-2025-37799 , CVE-2025-37800 , CVE-2025-37801 , CVE-2025-37803 , CVE-2025-37804 , CVE-2025-37805 , CVE-2025-37808 , CVE-2025-37810 , CVE-2025-37811 , CVE-2025-37812 , CVE-2025-37813 , CVE-2025-37815 , CVE-2025-37817 , CVE-2025-37818 , CVE-2025-37819 , CVE-2025-37820 , CVE-2025-37823 , CVE-2025-37824 , CVE-2025-37828 , CVE-2025-37829 , CVE-2025-37830 , CVE-2025-37831 , CVE-2025-37836 , CVE-2025-37878 , CVE-2025-37879 , CVE-2025-37881 , CVE-2025-37883 , CVE-2025-37884 , CVE-2025-37885 , CVE-2025-37886 , CVE-2025-37887 , CVE-2025-37890 , CVE-2025-37891 , CVE-2025-37897 , CVE-2025-37901 , CVE-2025-37903 , CVE-2025-37905 , CVE-2025-37909 , CVE-2025-37911 , CVE-2025-37912 , CVE-2025-37913 , CVE-2025-37914 , CVE-2025-37915 , CVE-2025-37916 , CVE-2025-37917 , CVE-2025-37918 , CVE-2025-37921 , CVE-2025-37922 , CVE-2025-37923 , CVE-2025-37924 , CVE-2025-37927 , CVE-2025-37928 , CVE-2025-37929 , CVE-2025-37930 , CVE-2025-37932 , CVE-2025-37933 , CVE-2025-37935 , CVE-2025-37936 , CVE-2025-37938 , CVE-2025-37947 , CVE-2025-37948 , CVE-2025-37949 , CVE-2025-37951 , CVE-2025-37952 , CVE-2025-37953 , CVE-2025-37954 , CVE-2025-37956 , CVE-2025-37959 , CVE-2025-37961 , CVE-2025-37962 , CVE-2025-37963 , CVE-2025-37964 , CVE-2025-37969 , CVE-2025-37970 , CVE-2025-37972 , CVE-2025-37973 , CVE-2025-37983 , CVE-2025-37985 , CVE-2025-37988 , CVE-2025-37989 , CVE-2025-37990 , CVE-2025-37991 , CVE-2025-37992 Description Upstream kernel version 6.6.93 fixes bugs and vulnerabilities. The kmod-virtualbox, kmod-xtables-addons, wireless-regdb & firmware packages have been updated to work with this new kernel; some updated build time requirement are here to allow building this kernel version. For information about the vulnerabilities see the links. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-37797 , CVE-2025-37799 , CVE-2025-37800 , CVE-2025-37801 , CVE-2025-37803 , CVE-2025-37804 , CVE-2025-37805 , CVE-2025-37808 , CVE-2025-37810 , CVE-2025-37811 , CVE-2025-37812 , CVE-2025-37813 , CVE-2025-37815 , CVE-2025-37817 , CVE-2025-37818 , CVE-2025-37819 , CVE-2025-37820 , CVE-2025-37823 , CVE-2025-37824 , CVE-2025-37828 , CVE-2025-37829 , CVE-2025-37830 , CVE-2025-37831 , CVE-2025-37836 , CVE-2025-37878 , CVE-2025-37879 , CVE-2025-37881 , CVE-2025-37883 , CVE-2025-37884 , CVE-2025-37885 , CVE-2025-37886 , CVE-2025-37887 , CVE-2025-37890 , CVE-2025-37891 , CVE-2025-37897 , CVE-2025-37901 , CVE-2025-37903 , CVE-2025-37905 , CVE-2025-37909 , CVE-2025-37911 , CVE-2025-37912 , CVE-2025-37913 , CVE-2025-37914 , CVE-2025-37915 , CVE-2025-37916 , CVE-2025-37917 , CVE-2025-37918 , CVE-2025-37921 , CVE-2025-37922 , CVE-2025-37923 , CVE-2025-37924 , CVE-2025-37927 , CVE-2025-37928 , CVE-2025-37929 , CVE-2025-37930 , CVE-2025-37932 , CVE-2025-37933 , CVE-2025-37935 , CVE-2025-37936 , CVE-2025-37938 , CVE-2025-37947 , CVE-2025-37948 , CVE-2025-37949 , CVE-2025-37951 , CVE-2025-37952 , CVE-2025-37953 , CVE-2025-37954 , CVE-2025-37956 , CVE-2025-37959 , CVE-2025-37961 , CVE-2025-37962 , CVE-2025-37963 , CVE-2025-37964 , CVE-2025-37969 , CVE-2025-37970 , CVE-2025-37972 , CVE-2025-37973 , CVE-2025-37983 , CVE-2025-37985 , CVE-2025-37988 , CVE-2025-37989 , CVE-2025-37990 , CVE-2025-37991 , CVE-2025-37992 Description Upstream kernel version 6.6.93 fixes bugs and vulnerabilities. The kmod-virtualbox, kmod-xtables-addons, wireless-regdb & firmware packages have been updated to work with this new kernel; some updated build time requirement are here to allow building this kernel version. For information about the vulnerabilities see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=34302
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.89
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.90
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.91
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.92
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.93
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37797
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37799
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37800
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37801
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37803
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37804
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37805
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37808
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37810
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37811
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37812
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37813
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37815
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37817
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37818
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37819
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37820
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37823
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37824
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37828
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37829
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37830
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37831
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37836
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37878
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37879
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37881
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37883
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37884
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37885
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37886
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37887
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37890
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37891
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37897
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37901
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37903
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37905
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37909
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37911
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37912
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37913
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37914
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37915
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37916
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37917
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37918
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37921
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37922
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37923
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37924
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37927
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37928
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37929
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37930
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37932
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37933
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37935
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37936
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37938
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37947
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37948
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37949
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37951
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37952
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37953
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37954
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37956
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37959
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37961
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37962
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37963
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37964
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37969
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37970
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37972
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37973
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37983
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37988
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37989
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37990
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37991
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37992
- kernel-6.6.93-1.mga9
- kmod-virtualbox-7.1.8-3.mga9
- kmod-xtables-addons-3.24-80.mga9
- dwarves-1.30-1.mga9
- libtraceevent-1.8.4-1.mga9
- libtracefs-1.8.2-1.mga9
- kernel-firmware-20250509-1.mga9
- wireless-regdb-20250220-1.mga9
- kernel-firmware-nonfree-20250509-1.mga9.nonfree
- radeon-firmware-20250509-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad
MGASA-2025-0181 - Updated cockpit packages fix security vulnerability & bug
Publication date: 09 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-6126 Description Mageia's internal bug: In the current version you can't login in the web interface with firefox or chromium-browser packaged by Mageia. This update fixes the issue, but it is reported that could need to reboot and clear cookies from your browser. A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack - CVE-2024-6126. Please note that you need to edit /etc/nsswitch.conf as recommended in https://bugs.mageia.org/show_bug.cgi?id=33368#c18. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-6126 Description Mageia's internal bug: In the current version you can't login in the web interface with firefox or chromium-browser packaged by Mageia. This update fixes the issue, but it is reported that could need to reboot and clear cookies from your browser. A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack - CVE-2024-6126. Please note that you need to edit /etc/nsswitch.conf as recommended in https://bugs.mageia.org/show_bug.cgi?id=33368#c18. References
- https://bugs.mageia.org/show_bug.cgi?id=33368
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6126
- cockpit-338-1.6.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0057 - Updated bluez packages fix bug
Publication date: 09 Jun 2025
Type: bugfix
Affected Mageia releases : 9
Description Since the update of bluez to 5.80 devices like mouse/keyboard do not reconnect after suspend or reboot. Only repairing helps to make them work. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Since the update of bluez to 5.80 devices like mouse/keyboard do not reconnect after suspend or reboot. Only repairing helps to make them work. References SRPMS 9/core
- bluez-5.82-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0179 - Updated php-adodb packages fix security vulnerability
Publication date: 08 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46337 Description ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. This issue has been patched in version 5.22.9 - CVE-2025-46337. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46337 Description ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. This issue has been patched in version 5.22.9 - CVE-2025-46337. References
- https://bugs.mageia.org/show_bug.cgi?id=34339
- https://ubuntu.com/security/notices/USN-7530-1
- https://github.com/ADOdb/ADOdb/releases/tag/v5.22.9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46337
- php-adodb-5.22.9-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0178 - Updated systemd packages fix security vulnerability
Publication date: 08 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4598 Description Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump. (CVE-2025-4598) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4598 Description Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump. (CVE-2025-4598) References
- https://bugs.mageia.org/show_bug.cgi?id=34331
- https://openwall.com/lists/oss-security/2025/05/29/3
- https://lists.debian.org/debian-security-announce/2025/msg00095.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598
- systemd-253.33-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0177 - Updated tomcat packages fix security vulnerability
Publication date: 08 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46701 Description Security constraint bypass for CGI scripts. (CVE-2025-46701) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46701 Description Security constraint bypass for CGI scripts. (CVE-2025-46701) References
- https://bugs.mageia.org/show_bug.cgi?id=34332
- https://openwall.com/lists/oss-security/2025/05/29/4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46701
- tomcat-9.0.105-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0176 - Updated cifs-utils packages fix security vulnerability
Publication date: 05 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2312 Description cifs.upcall makes an upcall to the wrong namespace in containerized environments. (CVE-2025-2312) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2312 Description cifs.upcall makes an upcall to the wrong namespace in containerized environments. (CVE-2025-2312) References
- https://bugs.mageia.org/show_bug.cgi?id=34315
- https://ubuntu.com/security/notices/USN-7536-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2312
- cifs-utils-7.0-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0175 - Updated golang packages fix security vulnerabilities
Publication date: 02 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-22870 , CVE-2025-22871 Description Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied - CVE-2025-22870. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext - CVE-2025-22871. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-22870 , CVE-2025-22871 Description Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied - CVE-2025-22870. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext - CVE-2025-22871. References
- https://bugs.mageia.org/show_bug.cgi?id=34078
- https://www.openwall.com/lists/oss-security/2025/03/07/2
- https://www.openwall.com/lists/oss-security/2025/04/04/4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFNTP3P4URUREHKSWZQWIJPIXGRCFHUI/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22870
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871
- golang-1.23.8-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0056 - Updated mesa packages fix bug
Publication date: 02 Jun 2025
Type: bugfix
Affected Mageia releases : 9
Description mesa-25.0.5-1 introduced a bug that makes Extreme Tuxracer crash on some hardware. This update fixes the reported issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description mesa-25.0.5-1 introduced a bug that makes Extreme Tuxracer crash on some hardware. This update fixes the reported issue. References SRPMS 9/core
- mesa-25.0.6-5.mga9
- rust-cbindgen-0.26.0-0.1.mga9
- mesa-25.0.6-5.mga9.tainted
Categorías: Actualizaciones de Seguridad
MGASA-2025-0174 - Updated deluge packages fix security vulnerabilities & bug
Publication date: 31 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46561 , CVE-2025-46562 , CVE-2025-46563 , CVE-2025-46564 Description Limited unauthenticated file read in /flag. (CVE-2025-46561) New version check over unencrypted channel. (CVE-2025-46562) SSRF with information leak and limited unauthenticated file write. (CVE-2025-46563) Unauthenticated file read in /js may lead to RCE. (CVE-2025-46564) Mageia internal bug: deluge-daemon.service was not working; the update fixes this issue. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46561 , CVE-2025-46562 , CVE-2025-46563 , CVE-2025-46564 Description Limited unauthenticated file read in /flag. (CVE-2025-46561) New version check over unencrypted channel. (CVE-2025-46562) SSRF with information leak and limited unauthenticated file write. (CVE-2025-46563) Unauthenticated file read in /js may lead to RCE. (CVE-2025-46564) Mageia internal bug: deluge-daemon.service was not working; the update fixes this issue. References
- https://bugs.mageia.org/show_bug.cgi?id=34274
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46561
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46562
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46563
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46564
- deluge-2.2.0-1.5.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0173 - Updated glib2.0 packages fix security vulnerability
Publication date: 31 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4373 Description Buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar. (CVE-2025-4373) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4373 Description Buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar. (CVE-2025-4373) References
- https://bugs.mageia.org/show_bug.cgi?id=34310
- https://ubuntu.com/security/notices/USN-7532-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4373
- glib2.0-2.76.3-1.4.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0172 - Updated coreutils packages fix security vulnerability
Publication date: 31 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5278 Description Heap buffer under-read in gnu coreutils sort via key specification. (CVE-2025-5278) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5278 Description Heap buffer under-read in gnu coreutils sort via key specification. (CVE-2025-5278) References
- https://bugs.mageia.org/show_bug.cgi?id=34313
- https://www.openwall.com/lists/oss-security/2025/05/27/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278
- coreutils-9.1-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0171 - Updated redis packages fix security vulnerabilitiy
Publication date: 31 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-21605 Description Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client. (CVE-2025-21605) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-21605 Description Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client. (CVE-2025-21605) References
- https://bugs.mageia.org/show_bug.cgi?id=34243
- https://lists.suse.com/pipermail/sle-updates/2025-April/039118.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21605
- redis-7.0.14-1.3.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0170 - Updated ghostscript packages fix security vulnerabilities
Publication date: 28 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48708 Description gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. (CVE-2025-48708) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48708 Description gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. (CVE-2025-48708) References
- https://bugs.mageia.org/show_bug.cgi?id=34307
- https://www.openwall.com/lists/oss-security/2025/05/23/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48708
- ghostscript-10.05.1-1.mga9
Categorías: Actualizaciones de Seguridad
