Actualizaciones de Seguridad

Publication date: 24 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2006-10002 , CVE-2006-10003 Description XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size causing a heap corruption (double free or corruption) and crashes. (CVE-2006-10002) XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. (CVE-2006-10003) References

• https://bugs.mageia.org/show_bug.cgi?id=35238
• https://www.openwall.com/lists/oss-security/2026/03/19/1
• https://www.openwall.com/lists/oss-security/2026/03/19/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-10002
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-10003

SRPMS 9/core

• perl-XML-Parser-2.460.0-6.1.mga9

Publication date: 24 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-33412 Description Command injection via newline in glob() affects Vim < 9.2.0202. (CVE-2026-33412) References

• https://bugs.mageia.org/show_bug.cgi?id=35239
• https://www.openwall.com/lists/oss-security/2026/03/19/10
• https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33412

SRPMS 9/core

• vim-9.2.209-1.mga9

Publication date: 24 Mar 2026
Type: bugfix
Affected Mageia releases : 9
Description Add kwin-x11 subpackage to smooth upgrades to cauldron (and the future Mageia 10). References

• https://bugs.mageia.org/show_bug.cgi?id=34966

SRPMS 9/core

• kwin-5.27.10-1.4.mga9

Publication date: 20 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-32776 , CVE-2026-32777 , CVE-2026-32778 Description libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. (CVE-2026-32776) libexpat before 2.7.5 allows an infinite loop while parsing DTD content. (CVE-2026-32777) libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier out-of-memory condition. (CVE-2026-32778) References

• https://bugs.mageia.org/show_bug.cgi?id=35227
• https://www.openwall.com/lists/oss-security/2026/03/17/10
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32776
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32777
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32778

SRPMS 9/core

• expat-2.7.5-1.mga9

Publication date: 19 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-25799 Description Division-by-Zero in YUV sampling factor validation leads to crash. (CVE-2026-25799) References

• https://bugs.mageia.org/show_bug.cgi?id=35199
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/A4HXQ3URGVXBE42UAP5YCPCA63KZZPJ3/
• https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25799

SRPMS 9/core

• graphicsmagick-1.3.40-1.3.mga9
• imagemagick-7.1.1.29-1.2.mga9

9/tainted

• graphicsmagick-1.3.40-1.3.mga9.tainted
• imagemagick-7.1.1.29-1.2.mga9.tainted

Publication date: 19 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-61984 , CVE-2025-61985 Description ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (CVE-2025-61984) ssh in OpenSSH before 10.1 allows the '0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. (CVE-2025-61985) References

• https://bugs.mageia.org/show_bug.cgi?id=35202
• https://ubuntu.com/security/notices/USN-8090-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61984
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61985

SRPMS 9/core

• openssh-9.3p1-2.6.mga9

Publication date: 19 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-4177 Description YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. (CVE-2026-4177) References

• https://bugs.mageia.org/show_bug.cgi?id=35219
• https://www.openwall.com/lists/oss-security/2026/03/16/6
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4177

SRPMS 9/core

• perl-YAML-Syck-1.340.0-4.1.mga9

Publication date: 19 Mar 2026
Type: bugfix
Affected Mageia releases : 9
Description The updated packages fix some regressions appeared in 18.2 and 15.16. References

• https://bugs.mageia.org/show_bug.cgi?id=35198
• https://www.postgresql.org/about/news/postgresql-183-179-1613-1517-and-1422-released-3246/

SRPMS 9/core

• postgresql15-15.17-1.mga9

Publication date: 17 Mar 2026
Type: bugfix
Affected Mageia releases : 9
Description OpenCPN has seen lots of improvement since version 5.10.2. This update is necessary for the safety of sailors. References

• https://bugs.mageia.org/show_bug.cgi?id=35208

SRPMS 9/core

• opencpn-5.12.4-3.mga9

Publication date: 17 Mar 2026
Type: bugfix
Affected Mageia releases : 9
Description OpenCPN plugins have seen lots of improvement since the versions already present in Mageia 9. They have been updated for Cauldron but sailors can't wait for Mageia 10 being published since these updates are necessary for their safety as early as this spring time. References

• https://bugs.mageia.org/show_bug.cgi?id=35209

SRPMS 9/core

• opencpn-ais-radar-plugin-1.4.20.0-1.mga9
• opencpn-celestial-navigation-plugin-2.4.66.0-1.mga9
• opencpn-climatology-plugin-1.6.35.0-1.mga9
• opencpn-dashboardsk-plugin-0.3.4-1.mga9
• opencpn-iacfleet-plugin-0.33.0-1.mga9
• opencpn-logbookkonni-plugin-1.5.00.0-2.mga9
• opencpn-nsk-plugin-0.2.4.1-1.mga9
• opencpn-objsearch-plugin-0.28.0-1.mga9
• opencpn-polar-plugin-1.2.37.0-1.mga9
• opencpn-radar-plugin-5.6.0~beta-1.mga9
• opencpn-sar-plugin-4.2.2-1.mga9
• opencpn-squiddio-plugin-1.3.99.0-1.mga9
• opencpn-watchdog-plugin-2.5.2.0-1.mga9
• opencpn-weather-routing-plugin-1.15.45.7-1.mga9

Publication date: 17 Mar 2026
Type: bugfix
Affected Mageia releases : 9
Description OpenCPN plugins have seen lots of improvement since the versions already present in Mageia 9. They have been updated for Cauldron but sailors can't wait for Mageia 10 being published since these updates are necessary for their safety as early as this spring time. These two updates concern plugins containing non free binaries necessary to use encrypted paid nautical charts from countries which don't provide them freely ! References

• https://bugs.mageia.org/show_bug.cgi?id=35210

SRPMS 9/nonfree

• opencpn-s63-plugin-1.30.9.1-1.mga9.nonfree
• opencpn-o-charts-plugin-2.1.9-1.mga9.nonfree

Publication date: 17 Mar 2026
Type: bugfix
Affected Mageia releases : 9
Description This update brings the last commits of this C++ library for MARitime NAVigation purposes. It may be needed to build or use programs for maritime navigation References

• https://bugs.mageia.org/show_bug.cgi?id=35211

SRPMS 9/core

• marnav-0.14.0-8.git20230504.mga9

Publication date: 14 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-0847 Description Path Traversal in nltk/nltk. (CVE-2026-0847) References

• https://bugs.mageia.org/show_bug.cgi?id=35188
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UERV2PU6W5DFFKA4ORZASCPJ2ZDGYTBX/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0847

SRPMS 9/core

• python-nltk-3.9.3-1.mga9

Publication date: 14 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-66614 , CVE-2026-24733 , CVE-2026-24734 Description Client certificate verification bypass due to virtual host mapping. (CVE-2025-66614) Security constraint bypass with HTTP/0.9. (CVE-2026-24733) OCSP revocation bypass. (CVE-2026-24734) References

• https://bugs.mageia.org/show_bug.cgi?id=35192
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/G27HXAIMRCGPRM6GBYQX7NUKNQS4RLJ4/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66614
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24733
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734

SRPMS 9/core

• tomcat-9.0.115-1.mga9

Publication date: 14 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-32249 Description NFA regex engine NULL pointer dereference affects Vim < 9.2.0137. (CVE-2026-32249) References

• https://bugs.mageia.org/show_bug.cgi?id=35197
• https://www.openwall.com/lists/oss-security/2026/03/11/6
• https://github.com/vim/vim/security/advisories/GHSA-9phh-423r-778r
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32249

SRPMS 9/core

• vim-9.2.140-1.mga9

Publication date: 10 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-26331 Description When yt-dlp's --netrc-cmd command-line option (or netrc_cmd Python API parameter) is used, an attacker could achieve arbitrary command injection on the user's system with a maliciously crafted URL. References

• https://bugs.mageia.org/show_bug.cgi?id=35183
• https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-g3gw-q23r-pgqm
• https://github.com/yt-dlp/yt-dlp/compare/2026.02.04...2026.03.03
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26331

SRPMS 9/core

• yt-dlp-2026.03.03-1.1.mga9

Publication date: 09 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2757 , CVE-2026-2758 , CVE-2026-2759 , CVE-2026-2760 , CVE-2026-2761 , CVE-2026-2762 , CVE-2026-2763 , CVE-2026-2764 , CVE-2026-2765 , CVE-2026-2766 , CVE-2026-2767 , CVE-2026-2768 , CVE-2026-2769 , CVE-2026-2770 , CVE-2026-2771 , CVE-2026-2772 , CVE-2026-2773 , CVE-2026-2774 , CVE-2026-2775 , CVE-2026-2776 , CVE-2026-2777 , CVE-2026-2778 , CVE-2026-2779 , CVE-2026-2780 , CVE-2026-2782 , CVE-2026-2783 , CVE-2026-2784 , CVE-2026-2785 , CVE-2026-2786 , CVE-2026-2787 , CVE-2026-2788 , CVE-2026-2789 , CVE-2026-2790 , CVE-2026-2791 , CVE-2026-2792 , CVE-2026-2793 Description Incorrect boundary conditions in the WebRTC: Audio/Video component. (CVE-2026-2757) Use-after-free in the JavaScript: GC component. (CVE-2026-2758) Incorrect boundary conditions in the Graphics: ImageLib component. (CVE-2026-2759) Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. (CVE-2026-2760) Sandbox escape in the Graphics: WebRender component. (CVE-2026-2761) Integer overflow in the JavaScript: Standard Library component. (CVE-2026-2762) Use-after-free in the JavaScript Engine component. (CVE-2026-2763) JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. (CVE-2026-2764) Use-after-free in the JavaScript Engine component. (CVE-2026-2765) Use-after-free in the JavaScript Engine: JIT component. (CVE-2026-2766) Use-after-free in the JavaScript: WebAssembly component. (CVE-2026-2767) Sandbox escape in the Storage: IndexedDB component. (CVE-2026-2768) Use-after-free in the Storage: IndexedDB component. (CVE-2026-2769) Use-after-free in the DOM: Bindings (WebIDL) component. (CVE-2026-2770) Undefined behavior in the DOM: Core & HTML component. (CVE-2026-2771) Use-after-free in the Audio/Video: Playback component. (CVE-2026-2772) Incorrect boundary conditions in the Web Audio component. (CVE-2026-2773) Integer overflow in the Audio/Video component. (CVE-2026-2774) Mitigation bypass in the DOM: HTML Parser component. (CVE-2026-2775) Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. (CVE-2026-2776) Privilege escalation in the Messaging System component. (CVE-2026-2777) Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. (CVE-2026-2778) Incorrect boundary conditions in the Networking: JAR component. (CVE-2026-2779) Privilege escalation in the Netmonitor component. (CVE-2026-2780) Privilege escalation in the Netmonitor component. (CVE-2026-2782) Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. (CVE-2026-2783) Mitigation bypass in the DOM: Security component. (CVE-2026-2784) Invalid pointer in the JavaScript Engine component. (CVE-2026-2785) Use-after-free in the JavaScript Engine component. (CVE-2026-2786) Use-after-free in the DOM: Window and Location component. (CVE-2026-2787) Incorrect boundary conditions in the Audio/Video: GMP component. (CVE-2026-2788) Use-after-free in the Graphics: ImageLib component. (CVE-2026-2789) Same-origin policy bypass in the Networking: JAR component. (CVE-2026-2790) Mitigation bypass in the Networking: Cache component. (CVE-2026-2791) Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. (CVE-2026-2792) Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. (CVE-2026-2793) References

• https://bugs.mageia.org/show_bug.cgi?id=35166
• https://www.thunderbird.net/en-US/thunderbird/140.8.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2757
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2758
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2759
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2760
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2761
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2762
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2763
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2764
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2765
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2766
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2767
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2768
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2769
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2770
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2771
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2772
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2773
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2774
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2775
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2776
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2777
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2778
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2779
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2780
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2782
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2783
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2784
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2785
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2786
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2787
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2788
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2789
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2790
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2791
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2792
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2793

SRPMS 9/core

• thunderbird-140.8.0-1.mga9
• thunderbird-l10n-140.8.0-1.mga9

Publication date: 09 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2757 , CVE-2026-2758 , CVE-2026-2759 , CVE-2026-2760 , CVE-2026-2761 , CVE-2026-2762 , CVE-2026-2763 , CVE-2026-2764 , CVE-2026-2765 , CVE-2026-2766 , CVE-2026-2767 , CVE-2026-2768 , CVE-2026-2769 , CVE-2026-2770 , CVE-2026-2771 , CVE-2026-2772 , CVE-2026-2773 , CVE-2026-2774 , CVE-2026-2775 , CVE-2026-2776 , CVE-2026-2777 , CVE-2026-2778 , CVE-2026-2779 , CVE-2026-2780 , CVE-2026-2781 , CVE-2026-2782 , CVE-2026-2783 , CVE-2026-2784 , CVE-2026-2785 , CVE-2026-2786 , CVE-2026-2787 , CVE-2026-2788 , CVE-2026-2789 , CVE-2026-2790 , CVE-2026-2791 , CVE-2026-2792 , CVE-2026-2793 Description Incorrect boundary conditions in the WebRTC: Audio/Video component. (CVE-2026-2757) Use-after-free in the JavaScript: GC component. (CVE-2026-2758) Incorrect boundary conditions in the Graphics: ImageLib component. (CVE-2026-2759) Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. (CVE-2026-2760) Sandbox escape in the Graphics: WebRender component. (CVE-2026-2761) Integer overflow in the JavaScript: Standard Library component. (CVE-2026-2762) Use-after-free in the JavaScript Engine component. (CVE-2026-2763) JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. (CVE-2026-2764) Use-after-free in the JavaScript Engine component. (CVE-2026-2765) Use-after-free in the JavaScript Engine: JIT component. (CVE-2026-2766) Use-after-free in the JavaScript: WebAssembly component. (CVE-2026-2767) Sandbox escape in the Storage: IndexedDB component. (CVE-2026-2768) Use-after-free in the Storage: IndexedDB component. (CVE-2026-2769) Use-after-free in the DOM: Bindings (WebIDL) component. (CVE-2026-2770) Undefined behavior in the DOM: Core & HTML component. (CVE-2026-2771) Use-after-free in the Audio/Video: Playback component. (CVE-2026-2772) Incorrect boundary conditions in the Web Audio component. (CVE-2026-2773) Integer overflow in the Audio/Video component. (CVE-2026-2774) Mitigation bypass in the DOM: HTML Parser component. (CVE-2026-2775) Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. (CVE-2026-2776) Privilege escalation in the Messaging System component. (CVE-2026-2777) Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. (CVE-2026-2778) Incorrect boundary conditions in the Networking: JAR component. (CVE-2026-2779) Privilege escalation in the Netmonitor component. (CVE-2026-2780) Integer overflow in the Libraries component in NSS. (CVE-2026-2781) Privilege escalation in the Netmonitor component. (CVE-2026-2782) Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. (CVE-2026-2783) Mitigation bypass in the DOM: Security component. (CVE-2026-2784) Invalid pointer in the JavaScript Engine component. (CVE-2026-2785) Use-after-free in the JavaScript Engine component. (CVE-2026-2786) Use-after-free in the DOM: Window and Location component. (CVE-2026-2787) Incorrect boundary conditions in the Audio/Video: GMP component. (CVE-2026-2788) Use-after-free in the Graphics: ImageLib component. (CVE-2026-2789) Same-origin policy bypass in the Networking: JAR component. (CVE-2026-2790) Mitigation bypass in the Networking: Cache component. (CVE-2026-2791) Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. (CVE-2026-2792) Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. (CVE-2026-2793) References

• https://bugs.mageia.org/show_bug.cgi?id=35165
• https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_121.html
• https://www.firefox.com/en-US/firefox/140.8.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2757
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2758
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2759
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2760
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2761
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2762
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2763
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2764
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2765
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2766
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2767
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2768
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2769
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2770
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2771
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2772
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2773
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2774
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2775
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2776
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2777
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2778
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2779
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2780
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2782
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2783
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2784
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2785
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2786
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2787
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2788
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2789
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2790
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2791
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2792
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2793

SRPMS 9/core

• rootcerts-20260206.00-1.mga9
• nss-3.121.0-1.mga9
• firefox-140.8.0-1.mga9
• firefox-l10n-140.8.0-1.mga9

Publication date: 09 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-27624 Description IPv4-mapped IPv6 (::ffff:0:0/96) bypasses denied-peer-ip ACL. (CVE-2026-27624) References

• https://bugs.mageia.org/show_bug.cgi?id=35179
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37LHFMZ3OPUJRL3DZ3WVCJ7FO62HMVUT/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27624

SRPMS 9/core

• coturn-4.6.2-1.1.mga9

Publication date: 06 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-25674 Description Potential incorrect permissions on newly created file system objects. (CVE-2026-25674) References

• https://bugs.mageia.org/show_bug.cgi?id=35176
• https://www.openwall.com/lists/oss-security/2026/03/03/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25674

SRPMS 9/core

• python-django-4.1.13-1.11.mga9