Path traversal leading to arbitrary .ttf file write. (CVE-2024-12425) URL fetching can be used to exfiltrate arbitrary INI file values and environment variables. (CVE-2024-12426) References:
xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. (CVE-2022-49043) References: - https://bugs.mageia.org/show_bug.cgi?id=33975
Redis' Lua library commands may lead to remote code execution. (CVE-2024-46981) Redis allows denial-of-service due to malformed ACL selectors. (CVE-2024-51741)
Vanilla upstream kernel version 6.6.74 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References: - https://bugs.mageia.org/show_bug.cgi?id=33968
ClamAV OLE2 File Format Decryption Denial of Service Vulnerability. (CVE-2025-20128) References: - https://bugs.mageia.org/show_bug.cgi?id=33969
Upstream kernel version 6.6.74 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links.
Object corruption in V8. (CVE-2025-0611) Out of bounds memory access in V8. (CVE-2025-0612) References: - https://bugs.mageia.org/show_bug.cgi?id=33962
Git LFS permits exfiltration of credentials via crafted HTTP URLs. (CVE-2024-53263) References: - https://bugs.mageia.org/show_bug.cgi?id=33931
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. (CVE-2025-0395)
Timing side-channel in ECDSA signature computation. (CVE-2024-13176) References: - https://bugs.mageia.org/show_bug.cgi?id=33942 - https://openssl-library.org/news/secadv/20250120.txt
It was discovered that iperf 3.17.1 contains a segmentation violation via the iperf_exchange_parameters() function. References: - https://bugs.mageia.org/show_bug.cgi?id=33914
fix possible security issue with library code slim/psr7 (CVE-2023-30536) fix possible security issue relating to iconv (CVE-2024-2961, PMASA-2025-3) fix an XSS vulnerability in the check tables feature (PMASA-2025-1) fix an XSS vulnerability in the Insert tab (PMASA-2025-2)
libpoppler.so has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. (CVE-2024-56378) References: - https://bugs.mageia.org/show_bug.cgi?id=33932
net/http: sensitive headers incorrectly sent after cross-domain redirect, (CVE-2024-45336). crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints, (CVE-2024-45341).
Lot of CVEs were fixed by upstream since our current version; please see the links. References: - https://bugs.mageia.org/show_bug.cgi?id=33609
Heap buffer overflow in rsync due to improper checksum length handling. (CVE-2024-12084) Info leak via uninitialized stack contents. (CVE-2024-12085) Rsync server leaks arbitrary client files. (CVE-2024-12086) Path traversal vulnerability in rsync. (CVE-2024-12087)
In the Raptor RDF Syntax Library there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path(). References: - https://bugs.mageia.org/show_bug.cgi?id=33929
An improper array index validation vulnerability exists in the nowindow functionality of OFFIS. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability, CVE-2024-47796. An improper array index validation vulnerability exists in the
Git does not sanitize URLs when asking for credentials interactively. (CVE-2024-50349) Newline confusion in credential helpers can lead to credential exfiltration in git. (CVE-2024-52006)
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
