Updated deluge packages fix security vulnerabilities & bug
Publication date: 31 May 2025Modification date: 31 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46561 , CVE-2025-46562 , CVE-2025-46563 , CVE-2025-46564
Description
Limited unauthenticated file read in /flag. (CVE-2025-46561) New version check over unencrypted channel. (CVE-2025-46562) SSRF with information leak and limited unauthenticated file write. (CVE-2025-46563) Unauthenticated file read in /js may lead to RCE. (CVE-2025-46564) Mageia internal bug: deluge-daemon.service was not working; the update fixes this issue.
References
SRPMS
9/core
- deluge-2.2.0-1.5.mga9