Mageia Linux Security is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the community. We produce content that appeals to administrators, developers, home users, and security professionals.
Stay Vigilant with Timely Linux Security Advisories LinuxSecurity.com is the community’s central source for information on Linux and open source security. We follow the open source trends as they affect the commu
- Mageia 9: MGASA-2025-0198 important: gdk-pixbuf memory disclosureon June 27, 2025 at 5:44 am
It was discovered that incorrect bounds validation in the GIF decoder of the GDK Pixbuf library may result in memory disclosure. References: – https://bugs.mageia.org/show_bug.cgi?id=34388
- Mageia 9: MGASA-2025-0197 critical: thunderbird memory corruptionon June 27, 2025 at 2:12 am
CVE-2025-5262: A double-free could have occurred in vpx_codec_enc_init_multi after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. CVE-2025-5263: Error handling for script execution was incorrectly
- Mageia 9: Critical Flaw 2025-0196 in chromium-browser Causes Security Riskson June 25, 2025 at 10:08 pm
Integer overflow in V8. (CVE-2025-6191) Use after free in Profiler. (CVE-2025-6192) References: – https://bugs.mageia.org/show_bug.cgi?id=34386
- Mageia 9: 2025-0195 critical: firefox & nss memory issueson June 25, 2025 at 3:15 pm
CVE-2025-5283: A double-free could have occurred in vpx_codec_enc_init_multi after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. CVE-2025-5263: Error handling for script execution was incorrectly
- Mageia 9: MGASA-2025-0194 important: yarnpkg denial of serviceon June 25, 2025 at 5:32 am
CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers. CVE-2024-48949 yarnpkg: Missing Validation in Elliptic’s EDDSA Signature Verification. CVE-2024-12905 yarnpkg: link following and path traversal via
- Mageia 9: 2025-0193 critical: python-django log injection issueon June 25, 2025 at 5:32 am
Potential log injection via unescaped request path. (CVE-2025-48432) References: – https://bugs.mageia.org/show_bug.cgi?id=34348 – https://www.openwall.com/lists/oss-security/2025/06/04/5
- Mageia 9 – 2025-0192 important: apache-mod_security DoSon June 25, 2025 at 5:32 am
ModSecurity Has Possible DoS Vulnerability. (CVE-2025-47947) ModSecurity has possible DoS vulnerability in sanitiseArg action. (CVE-2025-48866) References:
- Mageia 9: MGASA-2025-0191 critical: tomcat DoS and resource bypasson June 25, 2025 at 5:32 am
FileUpload large number of parts with headers DoS. (CVE-2025-48988) Security constraint bypass for pre/post-resources. (CVE-2025-49125) References: – https://bugs.mageia.org/show_bug.cgi?id=34376
- Mageia 9: MGASA-2025-0190 important: clamav buffer overflowon June 25, 2025 at 5:32 am
Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution. (CVE-2025-20260) References:
