Mageia Security

Publication date: 09 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-15269 , CVE-2025-15270 , CVE-2025-15275 , CVE-2025-15279 Description FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. (CVE-2025-15269) FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. (CVE-2025-15270) FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2025-15275) FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2025-15279) References

• https://bugs.mageia.org/show_bug.cgi?id=35091
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NFM3OPUTYR55GA65K3XOPK3FXAH7EWEJ/
• https://github.com/advisories/GHSA-hp8x-4h95-9799
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15269
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15270
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15275
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15279

SRPMS 9/core

• fontforge-20220308-2.2.mga9

Publication date: 09 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-1642 Description MitM injection. (CVE-2026-1642) References

• https://bugs.mageia.org/show_bug.cgi?id=35104
• https://www.openwall.com/lists/oss-security/2026/02/05/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1642

SRPMS 9/core

• nginx-1.26.3-1.2.mga9

Publication date: 06 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13473 , CVE-2025-14550 , CVE-2026-1207 , CVE-2026-1285 , CVE-2026-1287 , CVE-2026-1312 Description Username enumeration through timing difference in mod_wsgi authentication handler. (CVE-2025-13473) Potential denial-of-service vulnerability via repeated headers when using ASGI. (CVE-2025-14550) Potential SQL injection via raster lookups on PostGIS. (CVE-2026-1207) Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods. (CVE-2026-1285) Potential SQL injection in column aliases via control characters. (CVE-2026-1287) Potential SQL injection via QuerySet.order_by and FilteredRelation. (CVE-2026-1312) References

• https://bugs.mageia.org/show_bug.cgi?id=35103
• https://ubuntu.com/security/notices/USN-8009-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13473
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14550
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1207
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1285
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1287
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1312

SRPMS 9/core

• python-django-4.1.13-1.10.mga9

Publication date: 06 Feb 2026
Type: bugfix
Affected Mageia releases : 9
Description This update restores broken features and provides fixes from upstream. References

• https://bugs.mageia.org/show_bug.cgi?id=35098
• https://github.com/yt-dlp/yt-dlp/blob/2026.01.31/Changelog.md

SRPMS 9/core

• yt-dlp-2026.02.04-1.mga9

Publication date: 05 Feb 2026
Type: bugfix
Affected Mageia releases : 9
Description The reports on libreoffice base are not well formatted. This updated fixes this long-standing bug. References

• https://bugs.mageia.org/show_bug.cgi?id=31894

SRPMS 9/core

• libformula-1.1.6-14.1.mga9
• ant-contrib-1.0-0.39.b3.1.mga9

Publication date: 04 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-24515 , CVE-2026-25210 Description In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. (CVE-2026-24515) In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. (CVE-2026-25210) References

• https://bugs.mageia.org/show_bug.cgi?id=35089
• https://www.openwall.com/lists/oss-security/2026/01/31/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25210

SRPMS 9/core

• expat-2.7.4-1.mga9

Publication date: 04 Feb 2026
Type: bugfix
Affected Mageia releases : 9
Description The python3-svn package can't be used due missing symbols. This update fixes the reported issue. References

• https://bugs.mageia.org/show_bug.cgi?id=35085

SRPMS 9/core

• subversion-1.14.3-1.1.mga9

Publication date: 02 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-25621 , CVE-2025-64329 Description It was discovered that containerd incorrectly set certain directory path permissions. An attacker could possibly use this issue to achieve unauthorised access to the files. (CVE-2024-25621) It was discovered that containerd did not properly handle the execution of the goroutine of container attach. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-64329) References

• https://bugs.mageia.org/show_bug.cgi?id=35081
• https://ubuntu.com/security/notices/USN-7983-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25621
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64329

SRPMS 9/core

• docker-containerd-1.7.29-1.mga9

Publication date: 31 Jan 2026
Type: bugfix
Affected Mageia releases : 9
Description This updated version of remove-old-kernels correctly handles kernel removal in persistent LIVE systems and protects the originally installed kernel from being removed. There are other bug fixes and translation improvements since the last version. References

• https://bugs.mageia.org/show_bug.cgi?id=34951

SRPMS 9/core

• remove-old-kernels-1.0.5-1.mga9

Publication date: 30 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-15467 , CVE-2025-68160 , CVE-2025-69418 , CVE-2025-69419 , CVE-2025-69420 , CVE-2025-69421 , CVE-2026-22795 , CVE-2026-22796 Description Stack buffer overflow in CMS AuthEnvelopedData parsing. (CVE-2025-15467) Heap out-of-bounds write in BIO_f_linebuffer on short writes. (CVE-2025-68160) Unauthenticated/unencrypted trailing bytes with low-level OCB function calls. (CVE-2025-69418) Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion. (CVE-2025-69419) Missing ASN1_TYPE validation in TS_RESP_verify_response() function. (CVE-2025-69420) NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function. (CVE-2025-69421) Missing ASN1_TYPE validation in PKCS#12 parsing. (CVE-2026-22795) ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function. (CVE-2026-22796) References

• https://bugs.mageia.org/show_bug.cgi?id=35077
• https://www.openwall.com/lists/oss-security/2026/01/27/5
• https://www.openwall.com/lists/oss-security/2026/01/27/7
• https://openssl-library.org/news/secadv/20260127.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796

SRPMS 9/core

• openssl-3.0.19-1.mga9

Publication date: 30 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-67268 , CVE-2025-67269 Description gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution. (CVE-2025-67268) An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition. (CVE-2025-67269) References

• https://bugs.mageia.org/show_bug.cgi?id=34959
• https://ubuntu.com/security/notices/USN-7948-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67268
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67269

SRPMS 9/core

• gpsd-3.25-1.1.mga9

Publication date: 30 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8732 , CVE-2026-0989 , CVE-2026-0990 , CVE-2026-0992 Description xmlcatalog xmlParseSGMLCatalog recursion. (CVE-2025-8732) Unbounded relaxng include recursion leading to stack overflow. (CVE-2026-0989) Denial of service via uncontrolled recursion in xml catalog processing. (CVE-2026-0990) Denial of service via crafted xml catalogs. (CVE-2026-0992) References

• https://bugs.mageia.org/show_bug.cgi?id=35058
• https://ubuntu.com/security/notices/USN-7974-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8732
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992

SRPMS 9/core

• libxml2-2.10.4-1.9.mga9

Publication date: 30 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-58150 , CVE-2026-23553 Description x86: buffer overrun with shadow paging + tracing. (CVE-2025-58150) x86: incomplete IBPB for vCPU isolation. (CVE-2026-23553) References

• https://bugs.mageia.org/show_bug.cgi?id=35074
• https://www.openwall.com/lists/oss-security/2026/01/27/1
• https://www.openwall.com/lists/oss-security/2026/01/27/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58150
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23553

SRPMS 9/core

• xen-4.17.5-1.git20251028.2.mga9

Publication date: 29 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-31884 Description Updated ceph packages fix a security issue allowing an attacker to make Ceph accept any certificate. References

• https://bugs.mageia.org/show_bug.cgi?id=35051
• https://www.openwall.com/lists/oss-security/2026/01/21/6
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31884

SRPMS 9/core

• ceph-18.2.7-2.2.mga9

Publication date: 29 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-64720 , CVE-2025-65018 , CVE-2026-21925 , CVE-2026-21933 , CVE-2026-21945 Description LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication. (CVE-2025-64720) LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`. (CVE-2025-65018) Improve JMX connections. (CVE-2026-21925) Improve HttpServer Request handling. (CVE-2026-21933) Enhance Certificate Checking. (CVE-2026-21945) References

• https://bugs.mageia.org/show_bug.cgi?id=35045
• https://access.redhat.com/errata/RHSA-2026:0848
• https://access.redhat.com/errata/RHSA-2026:0927
• https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21925
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21933
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21945

SRPMS 9/core

• java-11-openjdk-11.0.30.0.7-1.mga9
• java-17-openjdk-17.0.18.0.8-1.mga9
• java-1.8.0-openjdk-1.8.0.482.b08-1.mga9
• java-latest-openjdk-25.0.2.0.10-1.rolling.1.mga9

Publication date: 28 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3360 , CVE-2025-7039 , CVE-2025-13601 , CVE-2025-14087 , CVE-2025-14512 , CVE-2026-0988 Description Glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601(). (CVE-2025-3360) Buffer under-read on glib through glib/gfileutils.c via get_tmp_file(). (CVE-2025-7039) Integer overflow in g_escape_uri_string(). (CVE-2025-13601) Buffer underflow in gvariant parser leads to heap corruption. (CVE-2025-14087) Integer overflow in glib gio attribute escaping causes heap buffer overflow. (CVE-2025-14512) Denial of service via integer overflow in g_buffered_input_stream_peek(). (CVE-2026-0988) References

• https://bugs.mageia.org/show_bug.cgi?id=35052
• https://ubuntu.com/security/notices/USN-7971-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988

SRPMS 9/core

• glib2.0-2.76.3-1.6.mga9

Publication date: 28 Jan 2026
Type: bugfix
Affected Mageia releases : 9
Description Updated simgear, flightgear and flightgear-data packages to new stable release version 2024.1.4 References

• https://bugs.mageia.org/show_bug.cgi?id=35055
• https://www.flightgear.org/download/releases/2024-1-4/

SRPMS 9/core

• flightgear-2024.1.4-1.mga9
• simgear-2024.1.4-1.mga9
• flightgear-data-2024.1.4-1.mga9

Publication date: 27 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-0861 , CVE-2026-0915 , CVE-2025-15281 Description Integer overflow in memalign leads to heap corruption. (CVE-2026-0861) getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler. (CVE-2026-0915) wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory. (CVE-2025-15281) References

• https://bugs.mageia.org/show_bug.cgi?id=35036
• https://www.openwall.com/lists/oss-security/2026/01/16/5
• https://www.openwall.com/lists/oss-security/2026/01/16/6
• https://www.openwall.com/lists/oss-security/2026/01/20/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281

SRPMS 9/core

• glibc-2.36-59.mga9

Publication date: 27 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-54349 , CVE-2025-54350 Description In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. (CVE-2025-54349) In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. (CVE-2025-54350) References

• https://bugs.mageia.org/show_bug.cgi?id=35047
• https://ubuntu.com/security/notices/USN-7970-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54349
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54350

SRPMS 9/core

• iperf-3.18-1.1.mga9

Publication date: 27 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-23490 Description pyasn1 has a DoS vulnerability in decoder. (CVE-2026-23490) References

• https://bugs.mageia.org/show_bug.cgi?id=35057
• https://ubuntu.com/security/notices/USN-7975-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23490

SRPMS 9/core

• python-pyasn1-0.4.8-6.1.mga9