CVE-2025-48976 was announced here: https://www.openwall.com/lists/oss-security/2025/06/16/4
CVE: (none) => CVE-2025-48976Whiteboard: (none) => MGA9TOOStatus comment: (none) => Fixed upstream in 1.6Source RPM: (none) => apache-commons-fileupload-1.4-5.mga9.src.rpm
Assigning to the registered maintainer, CC'ing daviddavid
CC: (none) => geiger.david68210, marja11Assignee: bugsquad => mageia
openSUSE has issued an advisory on June 27: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/O4NTTRMGJEETFRWJKHNAERLI3E52LN2W/
Suggested advisory: ======================== The updated packages fix a security vulnerability: Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers. (CVE-2025-48976) References: https://www.openwall.com/lists/oss-security/2025/06/16/4 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/O4NTTRMGJEETFRWJKHNAERLI3E52LN2W/ ======================== Updated packages in core/updates_testing: ======================== apache-commons-fileupload-1.4-5.1.mga9 apache-commons-fileupload-javadoc-1.4-5.1.mga9 from SRPM: apache-commons-fileupload-1.4-5.1.mga9.src.rpm
Assignee: mageia => qa-bugsWhiteboard: MGA9TOO => (none)Status: NEW => ASSIGNEDVersion: Cauldron => 9Status comment: Fixed upstream in 1.6 => (none)
installing apache-commons-fileupload-1.4-5.1.mga9.noarch.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################### 1/1: apache-commons-fileupload ################################################################################################### 1/1: removing apache-commons-fileupload-1.4-5.mga9.noarch ################################################################################################### Clean update systemctl restart httpd.service systemctl status httpd.service ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled) Active: active (running) since Fri 2025-11-14 18:23:52 CST; 2s ago Main PID: 4753 (httpd) Status: "Processing requests..." Tasks: 6 (limit: 6823) Memory: 6.1M CPU: 62ms CGroup: /system.slice/httpd.service ├─4753 /usr/sbin/httpd -DFOREGROUND ├─4756 /usr/sbin/httpd -DFOREGROUND ├─4758 /usr/sbin/httpd -DFOREGROUND ├─4759 /usr/sbin/httpd -DFOREGROUND ├─4760 /usr/sbin/httpd -DFOREGROUND └─4761 /usr/sbin/httpd -DFOREGROUND nov 14 18:23:52 jgrey.phoenix systemd[1]: Starting httpd.service... nov 14 18:23:52 jgrey.phoenix systemd[1]: Started httpd.service.
Whiteboard: (none) => MGA9-64-OK
Keywords: (none) => advisory
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0296.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED