6009 matches found
Updated glibc packages fix vulnerability
Double-free after allocation failure in regcomp. CVE-2025-8058...
Updated golang packages fix vulnerabilities
LookPath may return unexpected paths, CVE-2025-47906. incorrect results returned from Rows.Scan, CVE-2025-47907. These packages fix the issues for the compiler only; applications using the functions still need to be rebuilt...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.101 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated kernel, kmod-virtualbox, kmod-xtables-addons & wireless-regdb packages fix security vulnerabilities
Upstream kernel version 6.6.101 fixes bugs and vulnerabilities. The kmod-virtualbox, kmod-xtables-addons & wireless-regdb packages have been updated to work with this new kernel. For information about the vulnerabilities see the links...
Updated wxgtk packages fix security vulnerability
In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL...
Updated glib2.0 packages fix security vulnerability
A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...
Updated slurm packages fix security vulnerability
Updated slurm packages to fix a vulnerability in the Slurm’s accounting system that would have allowed a Coordinator to promote a user to Administrator CVE-2025-43904...
Updated poppler packages fix security vulnerabilities
poppler uses std::atomicint for reference counting. Because it is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free...
Updated sudo packages fix security vulnerabilities
CVE-2025-32462 - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines CVE-2025-32463 - Sudo before 1.9.17p1 allows local users to obtain root access because...
Updated qtbase6 & qtbase5 packages fix security vulnerability
An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value such as...
Updated quictls packages with minor bug fixes
Miscellaneous minor bug fixes...
Updated djvulibre packages fix security vulnerability
An out-of-bounds write in the MMRDecoder::scanruns method was fixed. The vulnerability could be exploited to gain code execution on a Linux Desktop system when the user tries to open a crafted document...
Updated redis packages fix security vulnerabilities
Updated redis packages to a more recent version to fix security vulnerabilities: Some vulnerabilities have been discovered and fixed. Please note this update is from 7.0 to 7.2 which brings some potentially breaking changes. In most cases this update could be installed without problems. Potential...
Updated qtimageformats6 packages fix security vulnerabilities
Loading a specifically-crafted ICNS format image file in QImage will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0...
Updated dpkg packages fix security vulnerabilities
It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and...
Updated gnupg2 packages fix security vulnerabilities
Key validity not computed when key is certified by a trusted "certify-only" key regression due to patch for CVE-2025-30258...
Updated golang packages fix security vulnerabilities
Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools such as directly cloning Git or Mercurial repositories can cause the toolchain to execute unexpected commands, if said...
Updated firefox packages fix security vulnerabilities
Suggested Advisory The last packaged version for armv7hl was 115.13.0, so from the point of view of the armv7hl architecture, this is a Security Advisory and fixes a lot of CVEs; see the linked Security Advisories below. https://advisories.mageia.org/MGASA-2024-0325.html...
Updated php packages fix security vulnerabilities
PGSQL: Fixed GHSA-hrwm-9436-5mv3 pgsql extension does not check for errors during escaping. CVE-2025-1735 SOAP: Fixed GHSA-453j-q27h-5p8x NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix. CVE-2025-6491 Standard: Fixed GHSA-3cr5-j632-f35r Null byte termination in...
Updated catdoc packages fix security vulnerabilities
A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in the xls2csv utility version 0.95. CVE-2024-48877 An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. CVE-2024-52035 An integer...
Updated rootcerts, nss & firefox packages fix security vulnerabilities
CVE-2025-6424: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. CVE-2025-6425: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private...
Updated libarchive packages fix security vulnerabilities
Double free at archivereadformatrarseekdata in archivereadsupportformatrar.c. CVE-2025-5914 Heap buffer over read in copyfromlzsswindow at archivereadsupportformatrar.c. CVE-2025-5915 Integer overflow while reading warc files at archivereadsupportformatwarc.c. CVE-2025-5916 Off by one error in...
Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities
Out-of-bounds access in X Rendering extension Animated cursors. CVE-2025-49175 Integer overflow in Big Requests Extension. CVE-2025-49176 Data leak in XFIXES Extension 6 XFixesSetClientDisconnectMode. CVE-2025-49177 Unprocessed client request via bytes to ignore. CVE-2025-49178 Integer overflow i...
Updated gdk-pixbuf2.0 packages fix security vulnerability
It was discovered that incorrect bounds validation in the GIF decoder of the GDK Pixbuf library may result in memory disclosure...
Updated thunderbird packages fix security vulnerabilities
CVE-2025-5262: A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. CVE-2025-5263: Error handling for script execution was incorrectly isolated fr...
Updated chromium-browser-stable packages fix security vulnerabilities
Integer overflow in V8. CVE-2025-6191 Use after free in Profiler. CVE-2025-6192...
Updated nss & firefox packages fix security vulnerabilities
CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. CVE-2025-5264: Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this...
Updated tomcat packages fix security vulnerabilities
FileUpload large number of parts with headers DoS. CVE-2025-48988 Security constraint bypass for pre/post-resources. CVE-2025-49125...
Updated apache-mod_security packages fix security vulnerabilities
ModSecurity Has Possible DoS Vulnerability. CVE-2025-47947 ModSecurity has possible DoS vulnerability in sanitiseArg action. CVE-2025-48866...
Updated clamav packages fix security vulnerability
Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service DoS condition or enable remote code execution. CVE-2025-20260...
Updated python-django packages fix security vulnerability
Potential log injection via unescaped request path. CVE-2025-48432...
Updated yarnpkg packages fix security vulnerabilities
CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers. CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification. CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file And other vulnerabilities in...
Updated docker packages fix security vulnerability
External DNS requests from 'internal' networks could lead to data exfiltration - CVE-2024-29018 We can't determine if docker 24.0.5 is affected but as it is no longer supported we are releasing version 25.0.7, as it is supported and free of the CVE...
Updated udisks2 & libblockdev packages fix security vulnerabilities
A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...
Updated chromium-browser-stable packages fix security vulnerabilities
CVE-2025-5063: Use after free in Compositing. CVE-2025-5280: Out of bounds write in V8. CVE-2025-5064: Inappropriate implementation in Background Fetch API. CVE-2025-5065: Inappropriate implementation in FileSystemAccess API. CVE-2025-5066: Inappropriate implementation in Messages. CVE-2025-5281:...
Updated roundcubemail packages fix security vulnerability
A Post-Auth RCE was announced and fixed in the latest release...
Updated mariadb packages fix security vulnerabilities
MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be related to makeaggrtablesinfo and optimizestage2 - CVE-2023-52969. MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through...
Updated golang packages fix security vulnerabilities
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673. os: inconsistent handling of OCREATE|OEXCL on Unix and Windows os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when th...
Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.93 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
Updated kernel, kmod-virtualbox, kmod-xtables-addons, dwarves, libtraceevent, libtracefs, kernel-firmware, kernel-firmware-nonfree, radeon-firmware & wireless-regdb packages fix security vulnerabilities
Upstream kernel version 6.6.93 fixes bugs and vulnerabilities. The kmod-virtualbox, kmod-xtables-addons, wireless-regdb & firmware packages have been updated to work with this new kernel; some updated build time requirement are here to allow building this kernel version. For information about the...
Updated cockpit packages fix security vulnerability & bug
Mageia's internal bug: In the current version you can't login in the web interface with firefox or chromium-browser packaged by Mageia. This update fixes the issue, but it is reported that could need to reboot and clear cookies from your browser. A flaw was found in the cockpit package. This flaw...
Updated php-adodb packages fix security vulnerability
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and...
Updated systemd packages fix security vulnerability
Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump. CVE-2025-4598...
Updated tomcat packages fix security vulnerability
Security constraint bypass for CGI scripts. CVE-2025-46701...
Updated cifs-utils packages fix security vulnerability
cifs.upcall makes an upcall to the wrong namespace in containerized environments. CVE-2025-2312...
Updated golang packages fix security vulnerabilities
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied - CVE-2025-22870. The net/http package...
Updated deluge packages fix security vulnerabilities & bug
Limited unauthenticated file read in /flag. CVE-2025-46561 New version check over unencrypted channel. CVE-2025-46562 SSRF with information leak and limited unauthenticated file write. CVE-2025-46563 Unauthenticated file read in /js may lead to RCE. CVE-2025-46564 Mageia internal bug:...
Updated redis packages fix security vulnerability
Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client. CVE-2025-21605...
Updated glib2.0 packages fix security vulnerability
Buffer underflow on glib through glib/gstring.c via function gstringinsertunichar. CVE-2025-4373...
Updated coreutils packages fix security vulnerability
Heap buffer under-read in gnu coreutils sort via key specification. CVE-2025-5278...