FERRAMENTAS LINUX: Mageia 9 Security Alert: Critical Vulnerabilities in Transfig (CVE-2025-31162 to CVE-2025-31164)

domingo, 11 de maio de 2025

Mageia 9 Security Alert: Critical Vulnerabilities in Transfig (CVE-2025-31162 to CVE-2025-31164)

 

Mageia

Critical security flaws (CVE-2025-31162 to CVE-2025-31164) found in Mageia 9's Transfig package. Learn how to patch fig2dev vulnerabilities, prevent local exploits, and secure Linux systems. Updated fixes available now.


High-Severity Security Flaws Discovered in fig2dev 3.2.9a

A series of critical vulnerabilities have been identified in fig2dev (v3.2.9a), a key component of the Transfig package in Mageia Linux 9. These flaws could allow local attackers to execute denial-of-service (DoS) attacks or potentially escalate privileges via carefully crafted input manipulation.

Detailed Vulnerability Breakdown

The following high-risk security issues have been confirmed:

  1. CVE-2025-31162 – Floating Point Exception in get_slope function, leading to application crashes.

  2. CVE-2025-31163 – Segmentation Fault via put_patternarc, enabling system instability.

  3. CVE-2025-31164 – Heap-Buffer Overflow in create_line_with_spline, posing potential arbitrary code execution risks.

These vulnerabilities primarily affect local users but could be exploited in multi-user environments or shared hosting setups.

Immediate Resolution: Updated Transfig Packages

Mageia has released MGASA-2025-0152, a security update patching all three flaws. Users are strongly advised to apply the patch immediately.

Affected Package:

  • transfig-3.2.9a-1.mga9 (Updated version available in Mageia 9 Core Repository)

Why This Matters for Linux Administrators & Enterprises

  • Security Compliance: Unpatched systems may violate enterprise security policies.

  • System Stability: Exploits can lead to service disruptions in development environments.

  • Reputation Risk: Vulnerable servers could be flagged in automated security scans.

How to Protect Your System

  1. Update Immediately: Run sudo urpmi --auto-update transfig

  2. Monitor Logs: Check for unusual local user activity.

  3. Apply Defense-in-Depth: Use SELinux/AppArmor to restrict fig2dev execution.

Additional Resources

Final Recommendations

For sysadmins managing Mageia servers, this update should be treated as urgent. Delaying patches increases exposure to local privilege escalation and service downtime.


Cezar Henrique at
Marcadores: Linux, Android, Segurança ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)