Advisories » MGASA-2026-0001

Updated cups packages fix bug & security vulnerabilities

Publication date: 02 Jan 2026
Modification date: 02 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-58364 , CVE-2025-58060

Description

cups has Authentication bypass with AuthType Negotiate. (CVE-2025-58060)
cups: Remote DoS via null dereference. (CVE-2025-58364)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34900
• https://bugs.mageia.org/show_bug.cgi?id=34800
• https://lists.debian.org/debian-security-announce/2025/msg00162.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58364
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58060

SRPMS

9/core

• cups-2.4.6-1.6.mga9