Advisories » MGASA-2026-0232

Updated nats-server packages fix security vulnerabilities

Publication date: 25 Jun 2026
Modification date: 24 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-30215

Description

nats-server and its dependencies are updated to fix CVE-2025-30215
Missing access controls for JS API in multi-tenancy
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34184
• https://www.openwall.com/lists/oss-security/2025/04/08/5
• https://www.cve.org/CVERecord?id=CVE-2025-30215

SRPMS

9/core

• nats-server-2.10.27-1.1.mga9
• golang-uber-automaxprocs-1.6.0-1.mga9
• golang-github-nats-io-1.41.1-1.mga9
• golang-github-nats-io-jwt-2.5.2-1.mga9
• golang-github-nats-io-nkeys-0.4.10-1.mga9
• golang-github-prashantv-gostub-1.1.0-1.mga9