Advisories » MGASA-2025-0181

Updated cockpit packages fix security vulnerability & bug

Publication date: 09 Jun 2025
Modification date: 09 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-6126

Description

Mageia's internal bug: In the current version you can't login in the web
interface with firefox or chromium-browser packaged by Mageia. This
update fixes the issue, but it is reported that could need to reboot and
clear cookies from your browser.
A flaw was found in the cockpit package. This flaw allows an
authenticated user to kill any process when enabling the pam_env's
user_readenv option, which leads to a denial of service (DoS) attack -
CVE-2024-6126.
Please note that you need to edit /etc/nsswitch.conf as recommended in
https://bugs.mageia.org/show_bug.cgi?id=33368#c18.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33368
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6126

SRPMS

9/core

• cockpit-338-1.6.mga9