Reference: https://lists.debian.org/debian-security-announce/2025/msg00162.html When I looked for a fix for bug 34800, I found I missed those two CVEs.
CVE: (none) => CVE-2025-58364, CVE-2025-58060Source RPM: (none) => cups-2.4.6-1.5.mga9Depends on: (none) => 34800Status comment: (none) => Patches available from Debian and Ubuntu
Assigning to our registered cups maintainer.
CC: (none) => friAssignee: bugsquad => thierry.vignaud
Suggested advisory: ======================== The updated packages fix a regression and security vulnerabilities: cups has Authentication bypass with AuthType Negotiate. (CVE-2025-58060) cups: Remote DoS via null dereference. (CVE-2025-58364) References: https://lists.debian.org/debian-security-announce/2025/msg00162.html https://bugs.mageia.org/show_bug.cgi?id=34800 ======================== Updated packages in core/updates_testing: ======================== cups-2.4.6-1.6.mga9 cups-common-2.4.6-1.6.mga9 cups-filesystem-2.4.6-1.6.mga9 cups-printerapp-2.4.6-1.6.mga9 lib(64)cups2-2.4.6-1.6.mga9 lib(64)cups2-devel-2.4.6-1.6.mga9 from SRPM: cups-2.4.6-1.6.mga9.src.rpm
Assignee: thierry.vignaud => qa-bugsStatus comment: Patches available from Debian and Ubuntu => (none)Status: NEW => ASSIGNED
OK here mga9-64, Plasma Updated packages, watched in log that server was restarted. Configured my new network printer using MCC, print test OK.
MGA9-64 server Plasma on Compaq H000SB. No installation issues. Used MCC - Hardware to remove my HP Envy 6022 AllinOne and reinstall it. Checked http://localhost:631/printers/? and find printer there. Scan works.
CC: (none) => herman.viaene
Keywords: (none) => advisory
CC: (none) => mageia
Tested with an HP Color Laserjet Pro M254dw. Printed two test pages, one from the HP Device Manager, the other from MCC. Both were good. Also printed a test page with the cups-pdf virtual printer to the desktop, learned it was set for US Legal paper, switched it to US Letter, and printed another test. Looks good. Also printed a test page with Foolishness, my Dell Inspiron 5100 32-bit Xfce computer, with no issues. Validating.
Whiteboard: (none) => MGA9-32-OK MGA9-64-OKKeywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
ping
Flags: (none) => need_info?(dan)
This bug is blocked on bug 34800. If this package is supposed to be pushed now, that blocker needs to be changed/removed.
CC: (none) => dan
(In reply to Dan Fandrich from comment #7) > This bug is blocked on bug 34800. If this package is supposed to be pushed > now, that blocker needs to be changed/removed. I think the dependency is this bug blocks the other https://bugs.mageia.org/show_bug.cgi?id=34800#c35 > cups-2.4.6-1.6.mga9 should solve that issue. See bug 34900.
Depends on: 34800 => (none)Blocks: (none) => 34800
Flags: need_info?(dan) => (none)
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2026-0001.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
The Mageia Updates repository now provides an update for this problem. https://advisories.mageia.org/MGASA-2026-0001.html https://blox-fruits.io
CC: (none) => vileamhealen
CC: vileamhealen => (none)