MGASA-2025-0174

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2025-0174.html

Import Source

https://advisories.mageia.org/MGASA-2025-0174.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2025-0174

Related

CVE-2025-46561
CVE-2025-46562
CVE-2025-46563
CVE-2025-46564

Published

2025-05-31T16:20:42Z

Modified

2025-05-31T15:47:09Z

Summary

Updated deluge packages fix security vulnerabilities & bug

Details

Limited unauthenticated file read in /flag. (CVE-2025-46561) New version check over unencrypted channel. (CVE-2025-46562) SSRF with information leak and limited unauthenticated file write. (CVE-2025-46563) Unauthenticated file read in /js may lead to RCE. (CVE-2025-46564) Mageia internal bug: deluge-daemon.service was not working; the update fixes this issue.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / deluge

Package

Name: deluge
Purl: pkg:rpm/mageia/deluge?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.0-1.5.mga9

Ecosystem specific

{
    "section": "core"
}