Security issues

Mageia Cauldron

Bug number Summary (hover for RPM name) Assignee Versions affected Status comment Date created Last action (days) Quick search
19800 dracut new security issue CVE-2016-4484 Mageia tools maintainers Cauldron, 8 Should be mitigated by the installer 2016-11-16 1027 Bugzilla
26629 python-beaker new security issue due to deserialization of untrusted data CVE-2013-7489 Philippe Makowski Cauldron, 8 No fix available as of end of 2020 2020-05-15 371 Bugzilla
27131 Possible missing security fixes in several libraries used by PHP modules All Packagers Cauldron 2020-08-18 41
27750 resteasy new security issue CVE-2020-25633 Java Stack Maintainers Cauldron, 8 No fix available as of end of 2020 2020-12-05 1027 Bugzilla
27771 hdf5 new security issue CVE-2020-10812 Chris Denice Cauldron, 8 Possibly fixed in 1.10.8 2020-12-07 407 Bugzilla
28478 containernetworking-plugins new security issues CVE-2021-20206 and CVE-2021-34558 Joseph Wang Cauldron, 8 2021-02-27 406 Bugzilla
30309 tpm2-abrmd dbus service allows regular users to clear TPM Thierry Vignaud Cauldron, 8 2022-04-20 182 Bugzilla
30467 libpng12 possible new security issues CVE-2017-12652, CVE-2018-14048 Rémi Verschelde Cauldron 2022-05-23 701 Bugzilla
31016 python-imageio downloads vulnerable freeimage library Python Stack Maintainers Cauldron, 8 2022-10-24 545 Bugzilla
31123 xmlrpc-c new security issues CVE-2022-25236 CVE-2022-2531[345] CVE-2022-40674 CVE-2022-43680 All Packagers Cauldron, 8 2022-11-14 526 Bugzilla
31458 python-py new security issue CVE-2022-42969 Python Stack Maintainers Cauldron, 8 2023-01-27 452 Bugzilla
31677 ffmpeg new security issues CVE-2023-092[7-9], CVE-2023-093[0-3], CVE-2023-0941, CVE-2023-121[3-9], C[...] Stig-Ørjan Smelror Cauldron, 9 Fixed upstream in 6.0 2023-03-15 41 Bugzilla
31791 pcre unfixed security issue CVE-2017-11164 All Packagers Cauldron 2023-04-13 307 Bugzilla
31804 golang-github-prometheus, golang-github-prometheus-exporter-toolkit new security issue CVE-2022-4614[...] Guillaume Rousse Cauldron Fixed upstream in golang-github-prometheus-exporter-toolkit 0.7.2 2023-04-17 344 Bugzilla
31852 perl, perl-CPAN, perl-HTTP-Tiny new security issues CVE-2023-31484 and CVE-2023-31486 Perl Stack Maintainers Cauldron, 8 2023-05-01 308 Bugzilla
32113 kanboard new security issue CVE-2023-36813 All Packagers Cauldron, 8 Fixed upstream in 1.2.31 2023-07-17 279 Bugzilla
32272 erofs-utils new security issues CVE-2023-3355[12] Thierry Vignaud Cauldron, 8, 9 Fixed in v1.6.3 2023-09-11 224 Bugzilla
32584 python-cryptography new security issues CVE-2023-49083, CVE-2023-50782 and CVE-2024-26130 Python Stack Maintainers Cauldron, 9 Patches available from Ubuntu and upstream 2023-11-30 14 Bugzilla
32641 [TRACKER] CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) All Packagers Cauldron, 9 2023-12-20 95
32674 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - golang-x-crypto All Packagers Cauldron, 9 2023-12-31 95 Bugzilla
32675 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) -apache-sshd Nicolas Lécureuil Cauldron, 9 2023-12-31 66 Bugzilla
32676 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - trilead-ssh2 All Packagers Cauldron, 9 2023-12-31 32 Bugzilla
32682 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - ruby-net-ssh All Packagers Cauldron, 9 2024-01-02 95 Bugzilla
33036 buildah and podman new security issue CVE-2024-1753 Joseph Wang Cauldron, 9 Fixed upstream in buildah 1.35.1 and podman 4.9.4 2024-03-29 23 Bugzilla
33071 guava new security issues CVE-2020-8908 and CVE-2023-2976 All Packagers Cauldron, 9 Fixed upstream in 32.0.1 2024-04-09 14 Bugzilla
33073 krb5 new security issues CVE-2024-26458 and CVE-2024-26461 All Packagers Cauldron, 9 Patches available from SUSE 2024-04-09 14 Bugzilla
33074 qemu new security issues CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-2632[[...] Giuseppe Ghibò Cauldron, 9 Patches available from openSUSE 2024-04-09 0 Bugzilla
33081 freeimage new security issues CWE-121 (Stack-based Buffer Overflow), CWE-122 (Heap-based Buffer Over[...] All Packagers Cauldron, 9 2024-04-10 13 Bugzilla
33086 edk2 new security issues CVE-2023-45229 and CVE-2023-4523[0-7] Thierry Vignaud Cauldron, 9 Patches available from Debian, CVE-2023-4523[67] unfixed 2024-04-10 13 Bugzilla
33117 java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk and java-latest-openjdk new se[...] Java Stack Maintainers Cauldron, 9 2024-04-22 1 Bugzilla
33119 flatpak new security issue CVE-2024-32462 David GEIGER Cauldron, 9 Fixed upstream in 1.15.8 and 1.14.6 2024-04-22 1 Bugzilla
33123 Thunderbird 115.10.1 Nicolas Salguero Cauldron, 9 2024-04-22 1 Bugzilla
33132 python-idna new security issue CVE-2024-3651 Mageia Bug Squad Cauldron, 9 Fixed upstream in 3.7 2024-04-23 0 Bugzilla
33134 jasper new security issue CVE-2024-31744 Mageia Bug Squad Cauldron, 9 Fixed upstream in 4.2.3 and patch available from upstream 2024-04-23 0 Bugzilla
Number: 34

Mageia 8

Bug number Summary (hover for RPM name) Assignee Versions affected Status comment Date created Last action (days) Quick search
19800 dracut new security issue CVE-2016-4484 Mageia tools maintainers Cauldron, 8 Should be mitigated by the installer 2016-11-16 1027 Bugzilla
26629 python-beaker new security issue due to deserialization of untrusted data CVE-2013-7489 Philippe Makowski Cauldron, 8 No fix available as of end of 2020 2020-05-15 371 Bugzilla
27750 resteasy new security issue CVE-2020-25633 Java Stack Maintainers Cauldron, 8 No fix available as of end of 2020 2020-12-05 1027 Bugzilla
27771 hdf5 new security issue CVE-2020-10812 Chris Denice Cauldron, 8 Possibly fixed in 1.10.8 2020-12-07 407 Bugzilla
28478 containernetworking-plugins new security issues CVE-2021-20206 and CVE-2021-34558 Joseph Wang Cauldron, 8 2021-02-27 406 Bugzilla
30309 tpm2-abrmd dbus service allows regular users to clear TPM Thierry Vignaud Cauldron, 8 2022-04-20 182 Bugzilla
31016 python-imageio downloads vulnerable freeimage library Python Stack Maintainers Cauldron, 8 2022-10-24 545 Bugzilla
31123 xmlrpc-c new security issues CVE-2022-25236 CVE-2022-2531[345] CVE-2022-40674 CVE-2022-43680 All Packagers Cauldron, 8 2022-11-14 526 Bugzilla
31458 python-py new security issue CVE-2022-42969 Python Stack Maintainers Cauldron, 8 2023-01-27 452 Bugzilla
31852 perl, perl-CPAN, perl-HTTP-Tiny new security issues CVE-2023-31484 and CVE-2023-31486 Perl Stack Maintainers Cauldron, 8 2023-05-01 308 Bugzilla
32113 kanboard new security issue CVE-2023-36813 All Packagers Cauldron, 8 Fixed upstream in 1.2.31 2023-07-17 279 Bugzilla
32272 erofs-utils new security issues CVE-2023-3355[12] Thierry Vignaud Cauldron, 8, 9 Fixed in v1.6.3 2023-09-11 224 Bugzilla
Number: 12

Mageia 9

Bug number Summary (hover for RPM name) Assignee Versions affected Status comment Date created Last action (days) Quick search
31677 ffmpeg new security issues CVE-2023-092[7-9], CVE-2023-093[0-3], CVE-2023-0941, CVE-2023-121[3-9], C[...] Stig-Ørjan Smelror Cauldron, 9 Fixed upstream in 6.0 2023-03-15 41 Bugzilla
31881 cloud-init new security issue CVE-2023-1786 All Packagers 9 Fixed upstream in 23.1.2 2023-05-06 40 Bugzilla
32202 webkit2 security issues fixed upstream (WSA-2023-000[6-9], WSA-2023-001[012]), WSA-2024-000[12] All Packagers 9 2023-08-29 3 Bugzilla
32272 erofs-utils new security issues CVE-2023-3355[12] Thierry Vignaud Cauldron, 8, 9 Fixed in v1.6.3 2023-09-11 224 Bugzilla
32584 python-cryptography new security issues CVE-2023-49083, CVE-2023-50782 and CVE-2024-26130 Python Stack Maintainers Cauldron, 9 Patches available from Ubuntu and upstream 2023-11-30 14 Bugzilla
32641 [TRACKER] CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) All Packagers Cauldron, 9 2023-12-20 95
32674 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - golang-x-crypto All Packagers Cauldron, 9 2023-12-31 95 Bugzilla
32675 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) -apache-sshd Nicolas Lécureuil Cauldron, 9 2023-12-31 66 Bugzilla
32676 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - trilead-ssh2 All Packagers Cauldron, 9 2023-12-31 32 Bugzilla
32682 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - ruby-net-ssh All Packagers Cauldron, 9 2024-01-02 95 Bugzilla
32700 sendmail new security issue CVE-2023-51765 Christiaan Welvaart 9 Fixed in Version 8.18.0.2 2024-01-08 25 Bugzilla
33036 buildah and podman new security issue CVE-2024-1753 Joseph Wang Cauldron, 9 Fixed upstream in buildah 1.35.1 and podman 4.9.4 2024-03-29 23 Bugzilla
33070 ncurses new security issue CVE-2023-45918 Jani Välimaa 9 Patches available from SUSE and fixed upstream in 6.4-20230615 2024-04-09 12 Bugzilla
33071 guava new security issues CVE-2020-8908 and CVE-2023-2976 All Packagers Cauldron, 9 Fixed upstream in 32.0.1 2024-04-09 14 Bugzilla
33073 krb5 new security issues CVE-2024-26458 and CVE-2024-26461 All Packagers Cauldron, 9 Patches available from SUSE 2024-04-09 14 Bugzilla
33074 qemu new security issues CVE-2023-1544, CVE-2023-6683, CVE-2023-6693, CVE-2024-24474, CVE-2024-2632[[...] Giuseppe Ghibò Cauldron, 9 Patches available from openSUSE 2024-04-09 0 Bugzilla
33081 freeimage new security issues CWE-121 (Stack-based Buffer Overflow), CWE-122 (Heap-based Buffer Over[...] All Packagers Cauldron, 9 2024-04-10 13 Bugzilla
33086 edk2 new security issues CVE-2023-45229 and CVE-2023-4523[0-7] Thierry Vignaud Cauldron, 9 Patches available from Debian, CVE-2023-4523[67] unfixed 2024-04-10 13 Bugzilla
33117 java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-21-openjdk and java-latest-openjdk new se[...] Java Stack Maintainers Cauldron, 9 2024-04-22 1 Bugzilla
33119 flatpak new security issue CVE-2024-32462 David GEIGER Cauldron, 9 Fixed upstream in 1.15.8 and 1.14.6 2024-04-22 1 Bugzilla
33123 Thunderbird 115.10.1 Nicolas Salguero Cauldron, 9 2024-04-22 1 Bugzilla
33132 python-idna new security issue CVE-2024-3651 Mageia Bug Squad Cauldron, 9 Fixed upstream in 3.7 2024-04-23 0 Bugzilla
33133 cjson new security issues CVE-2023-5047[12] Mageia Bug Squad 9 Fixed upstream in 1.7.17 and patch available from upstream 2024-04-23 0 Bugzilla
33134 jasper new security issue CVE-2024-31744 Mageia Bug Squad Cauldron, 9 Fixed upstream in 4.2.3 and patch available from upstream 2024-04-23 0 Bugzilla
33137 Updated chromium 124.0.6367.60 packages fix vulnerabilities christian barranco 9 2024-04-23 0 Bugzilla
Number: 25