Lector de Feeds

Publication date: 09 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-51714 , CVE-2024-25580 , CVE-2024-39936 Description network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check. (CVE-2023-51714) A buffer overflow and application crash can occur via a crafted KTX image file. (CVE-2024-25580) Code to make security-relevant decisions about an established connection may execute too early, because the encrypted() signal has not yet been emitted and processed. (CVE-2024-39936) References

• https://bugs.mageia.org/show_bug.cgi?id=33159
• https://lwn.net/Articles/971686/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVCBTKX6LVBTP6UEJQZ2PENI2KATSRJK/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51714
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25580
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39936

SRPMS 9/core

• qtbase5-5.15.7-6.1.mga9
• qtbase6-6.4.1-5.1.mga9

Publication date: 09 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1009 , CVE-2025-1010 , CVE-2025-1011 , CVE-2025-1012 , CVE-2024-11704 , CVE-2025-1013 , CVE-2025-1014 , CVE-2025-1016 , CVE-2025-1017 Description Use-after-free in XSLT. (CVE-2025-1009) Use-after-free in Custom Highlight. (CVE-2025-1010) A bug in WebAssembly code generation could result in a crash. (CVE-2025-1011) Use-after-free during concurrent delazification. (CVE-2025-1012) Potential double-free vulnerability in PKCS#7 decryption handling. (CVE-2024-11704) Potential opening of private browsing tabs in normal browsing windows. (CVE-2025-1013) Certificate length was not properly checked. (CVE-2025-1014) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7. (CVE-2025-1016) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. (CVE-2025-1017) References

• https://bugs.mageia.org/show_bug.cgi?id=33983
• https://www.mozilla.org/en-US/firefox/128.7.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/
• https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_108.html#mozilla-projects-nss-nss-3-108-release-notes
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1009
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1010
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1011
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1012
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11704
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1013
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1014
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1016
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1017

SRPMS 9/core

• rootcerts-20250130.00-1.mga9
• nss-3.108.0-1.mga9
• firefox-128.7.0-1.mga9
• firefox-l10n-128.7.0-1.mga9

To do a good job, we need good tools. Some of our servers are old, no longer powerful enough and have limited disk resources to meet the needs of developers. RPM manufacturing takes a long time and this is detrimental to the efficiency of maintaining and evolving the distribution. In short, the machines are well depreciated.

This is why our infrastructure is first getting a makeover. Better adapted to new technologies, it will allow our developers to work faster and more efficiently.

So where is this new infrastructure?

 We received 5 new servers:

– 2 new nodes for building packages: HPE ProLiant DL 360 Gen10 – 2xXeon 6126 (12C/2.6GHz) –

256GB RAM – 2xSSD 3.8TB HW Raid 1 – 2x10Gb/s NICs

– 2 servers to replace sucuk and duvel: HPE ProLiant DL 380 Gen10 – 2 Xeon 6126 (12C/2.6GHz) –

256GB RAM – 2xSSD 3.8TB HW Raid 1 – 10xHDD 12TB HW Raid 5 – 2x10Gb/s NICs

– 1 server for deployment and backup: HPE ProLiant DL80 Gen9 – 2xXeon  E5-2603v4

(6C/1.7GHz) – 256GB RAM – 6xHDD 6TB (donated, with some renewed parts)

– 1 Arista 7120T switch 20xRJ-45 10Gb/s 4xSFP+ 10Gb/s for interconnecting the machines

One of the ideas is to use the latest server to deploy quickly and as automatically as possible the construction nodes and other machines. The method is ready for x86_64 nodes and is being finalized for ARM nodes. The preparation of the servers takes time because the teams anticipate the future and future developments.

Once the preparation part of our servers is finished, the integration part into the Data Center will remain.

We are therefore taking our time to do things well in order to perpetuate the future and future versions of Mageia.

In the meantime, the future version 10 of Mageia continues to bubble in its cauldron! But we are not ready yet to plan a release date for the moment.

Feel free to come and strengthen our teams.

Para hacer un buen trabajo, necesitamos buenas herramientas. Algunos de nuestros servidores son viejos, ya no son lo bastante potentes y tienen recursos de disco limitados para satisfacer las necesidades de los desarrolladores. Se tarda mucho en producir los RPM, lo que va en detrimento de la eficacia del mantenimiento y la actualización de la distribución. En resumen, las máquinas están bien amortizadas.

Es por eso que nuestra infraestructura está recibiendo un lavado de cara. Más adaptada a las nuevas tecnologías, permitirá a nuestros desarrolladores trabajar de forma más rápida y eficaz. ¿Cuál es el estado de esta nueva infraestructura? Hemos recibido 5 nuevos servidores:

· 2 nuevos nodos de construcción de paquetes: HPE ProLiant DL 360 Gen10 – 2xXeon 6126 (12C/2.6GHz) – 256GB RAM – 2xSSD 3.8TB HW Raid 1 – 2x10Gb/s NICs.

· 2 servidores para reemplazar sucuk y duvel: HPE ProLiant DL 380 Gen10 – 2 Xeon 6126 (12C/2.6GHz) – 256GB RAM – 2xSSD 3.8TB HW Raid 1 – 10xHDD 12TB HW Raid 5 – 2x10Gb/s NICs.

· 1 servidor de despliegue y copia de seguridad: HPE ProLiant DL80 Gen9 – 2xXeon E5-2603v4 (6C/1.7GHz) – 256GB RAM – 6xHDD 6TB (una donación, con algunas partes renovadas)

· 1 switch Arista 7120T 20xRJ-45 10Gb/s 4xSFP+ 10Gb/s para interconectar las máquinas.

El plan es utilizar el último servidor para desplegar los nodos de construcción y el resto de máquinas de forma rápida y lo más automática posible. El método está listo para los nodos x86_64 y se está ultimando para los nodos ARM (servidores remotos). La preparación de los servidores lleva su tiempo, ya que nuestros equipos se anticipan al futuro y a los futuros desarrollos.

Una vez finalizada la preparación de nuestros servidores, el siguiente paso será integrarlos en el Centro de Datos. Por lo tanto, nos estamos tomando nuestro tiempo para hacer las cosas bien y poder asegurar el futuro y las futuras versiones de Mageia. Por el momento, no publicamos una fecha de lanzamiento provisional para Mageia 10.

Mientras tanto, ¡la futura versión 10 de Mageia sigue burbujeando en su caldero!

No dudes en unirte a nuestros equipos.

In Mageia/9/x86_64: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/aarch64: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/armv7hl: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/i586: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/cauldron/x86_64: Rachota is a portable application for timetracking different projects. It runs everywhere. It displays time data in diagram form, creates customized reports and invoices or analyses measured data and suggests hints to improve user's time usage. The totally portable yet personal timetracker.

In Mageia/cauldron/i586: Rachota is a portable application for timetracking different projects. It runs everywhere. It displays time data in diagram form, creates customized reports and invoices or analyses measured data and suggests hints to improve user's time usage. The totally portable yet personal timetracker.

In Mageia/cauldron/i586: A program to convert images from PPM format into the control language for the Alps Micro-Dry printers, at various times sold by Citizen, Alps and Okidata. This program drives the Alps Micro-Dry series of printers, including the Citizen Printiva series, Alps MD series, and Oki DP series (but not yet the DP-7000). In the current release, the program drives the standard mode fairly well; the dye sublimation mode very well; and the VPhoto mode reasonably well. It supports all the colours available up to the DP-5000, including the foil colours.

In Mageia/cauldron/x86_64: A program to convert images from PPM format into the control language for the Alps Micro-Dry printers, at various times sold by Citizen, Alps and Okidata. This program drives the Alps Micro-Dry series of printers, including the Citizen Printiva series, Alps MD series, and Oki DP series (but not yet the DP-7000). In the current release, the program drives the standard mode fairly well; the dye sublimation mode very well; and the VPhoto mode reasonably well. It supports all the colours available up to the DP-5000, including the foil colours.

In Mageia/cauldron/x86_64: This tool tries to recover JFIF (JPEG) pictures and MOV movies (using recovermov) from a peripheral. This may be useful if you mistakenly overwrite a partition or if a device such as a digital camera memory card is bogus.

In Mageia/cauldron/i586: This tool tries to recover JFIF (JPEG) pictures and MOV movies (using recovermov) from a peripheral. This may be useful if you mistakenly overwrite a partition or if a device such as a digital camera memory card is bogus.

In Mageia/cauldron/x86_64: Rdfind is a program that finds duplicate files. It is useful for compressing backup directories or just finding duplicate files. It compares files based on their content, NOT on their file names.

In Mageia/cauldron/i586: Rdfind is a program that finds duplicate files. It is useful for compressing backup directories or just finding duplicate files. It compares files based on their content, NOT on their file names.

In Mageia/cauldron/x86_64: Unifont is a Unicode font with a glyph for every visible Unicode Basic Multilingual Plane code point and more, with supporting utilities to modify the font. This package contains tools and glyph descriptions.

In Mageia/cauldron/i586: Unifont is a Unicode font with a glyph for every visible Unicode Basic Multilingual Plane code point and more, with supporting utilities to modify the font. This package contains tools and glyph descriptions.

In Mageia/cauldron/i586: RANCID monitors a router's (or more generally a device's) configuration, including software and hardware (cards, serial numbers, etc) and uses CVS (Concurrent Version System) or Subversion to maintain history of changes. RANCID does this by the very simple process summarized here: * login to each device in the router table (router.db), * run various commands to get the information that will be saved, * cook the output; re-format, remove oscillating or incrementing data, * email any differences (sample) from the previous collection to a mail list, * and finally commit those changes to the revision control system RANCID also includes looking glass software. It is based on Ed Kern's looking glass which was once used for http://nitrous.digex.net/, for the old-school folks who remember it. Our version has added functions, supports Cisco, Juniper, and Foundry and uses the login scripts that come with rancid; so it can use telnet or ssh to connect to your devices(s). Rancid currently supports Cisco routers, Juniper routers, Catalyst switches, Foundry switches, Redback NASs, ADC EZT3 muxes, MRTd (and thus likely IRRd), Alteon switches, and HP Procurve switches and a host of others. Rancid is known to be used at: AOL, Global Crossing, MFN, NTT America, Certainty Solutions Inc.

In Mageia/cauldron/x86_64: RANCID monitors a router's (or more generally a device's) configuration, including software and hardware (cards, serial numbers, etc) and uses CVS (Concurrent Version System) or Subversion to maintain history of changes. RANCID does this by the very simple process summarized here: * login to each device in the router table (router.db), * run various commands to get the information that will be saved, * cook the output; re-format, remove oscillating or incrementing data, * email any differences (sample) from the previous collection to a mail list, * and finally commit those changes to the revision control system RANCID also includes looking glass software. It is based on Ed Kern's looking glass which was once used for http://nitrous.digex.net/, for the old-school folks who remember it. Our version has added functions, supports Cisco, Juniper, and Foundry and uses the login scripts that come with rancid; so it can use telnet or ssh to connect to your devices(s). Rancid currently supports Cisco routers, Juniper routers, Catalyst switches, Foundry switches, Redback NASs, ADC EZT3 muxes, MRTd (and thus likely IRRd), Alteon switches, and HP Procurve switches and a host of others. Rancid is known to be used at: AOL, Global Crossing, MFN, NTT America, Certainty Solutions Inc.