Mageia Linux Security is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Stay Vigilant with Timely Linux Security Advisories LinuxSecurity.com is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the commu
- Mageia 9: MGASA-2025-0219 Kernel Important Remote Access Issueon August 11, 2025 at 10:04 pm
Upstream kernel version 6.6.101 fixes bugs and vulnerabilities. The kmod-virtualbox, kmod-xtables-addons & wireless-regdb packages have been updated to work with this new kernel. For information about the vulnerabilities see the links.
- Mageia 9: Kernel-Linus Critical Security Issues 2025-0218on August 11, 2025 at 10:04 pm
Vanilla upstream kernel version 6.6.101 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References: – https://bugs.mageia.org/show_bug.cgi?id=34530
- Mageia: wxgtk Critical App Crash Due to Connection Issues CVE-2024-58249on August 2, 2025 at 9:16 pm
In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL. References: – https://bugs.mageia.org/show_bug.cgi?id=34447
- Mageia 9: glib2.0 Important Memory Overflow Issue CVE-2025-6052on August 2, 2025 at 4:54 am
A flaw was found in how GLibâs GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesnât. As a result, data may be written past the end of the allocated memory, leading to crashes
- Mageia 9: Slurm Important Fix for Account Escalation CVE-2025-43904on July 31, 2025 at 5:27 pm
Updated slurm packages to fix a vulnerability in the Slurmâs accounting system that would have allowed a Coordinator to promote a user to Administrator (CVE-2025-43904). References:
- Mageia: Poppler Important Use-After-Free Issue MGASA-2025-0214on July 25, 2025 at 9:49 pm
poppler uses std::atomic_int for reference counting. Because it is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. References:
- Mageia 9: Sudo Important Vulnerability Update ID MGASA-2025-0213on July 25, 2025 at 9:49 pm
CVE-2025-32462 – Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines CVE-2025-32463 – Sudo before 1.9.17p1 allows local users to obtain root access because “/etc/nsswitch.conf” from a user-controlled directory is
- Mageia 9: QtBase6 & QtBase5 Critical DoS CVE-2025-5455 Advisory 2025-0212on July 22, 2025 at 4:34 pm
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a “charset” parameter that lacked a value (such as “data:charset,”), and Qt was built with
- Mageia: Significant Security Patch Released for Redis MGASA-2025-0211on July 19, 2025 at 5:56 pm
Updated redis packages to a more recent version to fix security vulnerabilities: Some vulnerabilities have been discovered and fixed. Please note this update is from 7.0 to 7.2 which brings some potentially breaking changes. In most cases this update could be installed without
