Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Mageia 9: 2025-0181 moderate: cockpit DoS attack resolution

mageia
Calendar Grey June 9, 2025
Dist Mageia Esm H88
Correction made for Mageia's cockpit vulnerability leading to potential DoS threats; login problem addressed in this patch.
Mageia's internal bug: In the current version you can't login in the web interface with firefox or chromium-browser packaged by Mageia

Summary

Mageia's internal bug: In the current version you can't login in the web interface with firefox or chromium-browser packaged by Mageia. This update fixes the issue, but it is reported that could need to reboot and clear cookies from your browser. A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack - CVE-2024-6126. Please note that you need to edit /etc/nsswitch.conf as recommended in https://bugs.mageia.org/show_bug.cgi?id=33368#c18.

References

- https://bugs.mageia.org/show_bug.cgi?id=33368

- https://www.cve.org/CVERecord?id=CVE-2024-6126

Resolution

SRPMS

- 9/core/cockpit-338-1.6.mga9

Publication date: 09 Jun 2025
URL: https://advisories.mageia.org/MGASA-2025-0181.html
Type: security
CVE: CVE-2024-6126

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here