Lector de Feeds
MGASA-2025-0207 - Updated firefox packages fix security vulnerabilities
Publication date: 11 Jul 2025
Type: security
Affected Mageia releases : 9
Description Suggested Advisory The last packaged version for armv7hl was 115.13.0, so from the point of view of the armv7hl architecture, this is a Security Advisory and fixes a lot of CVEs; see the linked Security Advisories below. https://advisories.mageia.org/MGASA-2024-0325.html https://advisories.mageia.org/MGASA-2024-0331.html https://advisories.mageia.org/MGASA-2024-0349.html https://advisories.mageia.org/MGASA-2024-0383.html https://advisories.mageia.org/MGASA-2025-0009.html https://advisories.mageia.org/MGASA-2025-0045.html https://advisories.mageia.org/MGASA-2025-0092.html https://advisories.mageia.org/MGASA-2025-0125.html https://advisories.mageia.org/MGASA-2025-0150.html https://advisories.mageia.org/MGASA-2025-0165.html https://advisories.mageia.org/MGASA-2025-0195.html https://advisories.mageia.org/MGASA-2025-0201.html For the remaining architectures, this is just a bump in the release subversion. We understand it can be upsetting to get an update that does not fix or improve something, but as part of quality assurance the packages of a piece of software should be built from the same source rpm for all the architectures. References SRPMS 9/core
Type: security
Affected Mageia releases : 9
Description Suggested Advisory The last packaged version for armv7hl was 115.13.0, so from the point of view of the armv7hl architecture, this is a Security Advisory and fixes a lot of CVEs; see the linked Security Advisories below. https://advisories.mageia.org/MGASA-2024-0325.html https://advisories.mageia.org/MGASA-2024-0331.html https://advisories.mageia.org/MGASA-2024-0349.html https://advisories.mageia.org/MGASA-2024-0383.html https://advisories.mageia.org/MGASA-2025-0009.html https://advisories.mageia.org/MGASA-2025-0045.html https://advisories.mageia.org/MGASA-2025-0092.html https://advisories.mageia.org/MGASA-2025-0125.html https://advisories.mageia.org/MGASA-2025-0150.html https://advisories.mageia.org/MGASA-2025-0165.html https://advisories.mageia.org/MGASA-2025-0195.html https://advisories.mageia.org/MGASA-2025-0201.html For the remaining architectures, this is just a bump in the release subversion. We understand it can be upsetting to get an update that does not fix or improve something, but as part of quality assurance the packages of a piece of software should be built from the same source rpm for all the architectures. References SRPMS 9/core
- firefox-128.12.0-1.4.mga9
- firefox-l10n-128.12.0-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0206 - Updated gnupg2 packages fix security vulnerabilities
Publication date: 11 Jul 2025
Type: security
Affected Mageia releases : 9
Description Key validity not computed when key is certified by a trusted "certify-only" key (regression due to patch for CVE-2025-30258) References SRPMS 9/core
Type: security
Affected Mageia releases : 9
Description Key validity not computed when key is certified by a trusted "certify-only" key (regression due to patch for CVE-2025-30258) References SRPMS 9/core
- gnupg2-2.3.8-1.4.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0205 - Updated golang packages fix security vulnerabilities
Publication date: 11 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4674 Description Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools (such as directly cloning Git or Mercurial repositories) can cause the toolchain to execute unexpected commands, if said directory contains multiple VCS configuration metadata (such as a '.hg' directory in a Git repository). This is due to how the Go toolchain attempts to resolve which VCS is being used in order to embed build information in binaries and determine module versions. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4674 Description Various uses of the Go toolchain in untrusted VCS repositories can result in unexpected code execution. When using the Go toolchain in directories fetched using various VCS tools (such as directly cloning Git or Mercurial repositories) can cause the toolchain to execute unexpected commands, if said directory contains multiple VCS configuration metadata (such as a '.hg' directory in a Git repository). This is due to how the Go toolchain attempts to resolve which VCS is being used in order to embed build information in binaries and determine module versions. References
- https://bugs.mageia.org/show_bug.cgi?id=34456
- https://www.openwall.com/lists/oss-security/2025/07/08/5
- https://github.com/golang/go/issues/74382
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4674
- golang-1.24.5-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0204 - Updated dpkg packages fix security vulnerabilities
Publication date: 11 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6297 Description It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6297 Description It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions. References
- https://bugs.mageia.org/show_bug.cgi?id=34441
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/FNSLEIUKJQUM5CTEBYJAKWDXADY2FDTH/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6297
- dpkg-1.22.21-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0067 - Updated nss packages fix bug
Publication date: 11 Jul 2025
Type: bugfix
Affected Mageia releases : 9
Description pretrans scripts are run before any package installation is run, as such the scripts must not depend on any interpreter/only lua is allowed. The problem occurs when creating livecd or similar chroots from scratch, then the pretrans script fails because there is nothing that would provide /bin/sh to run the script. This update fixes the reported issue. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description pretrans scripts are run before any package installation is run, as such the scripts must not depend on any interpreter/only lua is allowed. The problem occurs when creating livecd or similar chroots from scratch, then the pretrans script fails because there is nothing that would provide /bin/sh to run the script. This update fixes the reported issue. References SRPMS 9/core
- nss-3.113.0-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0066 - Updated blender packages fix bug
Publication date: 11 Jul 2025
Type: bugfix
Affected Mageia releases : 9
Description The 32bit blender version comes with a wrapper script which automatically select between a sse (pentium4 and above) or non-sse (pentium) flavours. Unfortunately this script at some point lost the executable permission in the SPEC file. This update fixes the reported issue and bring new version of blender. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description The 32bit blender version comes with a wrapper script which automatically select between a sse (pentium4 and above) or non-sse (pentium) flavours. Unfortunately this script at some point lost the executable permission in the SPEC file. This update fixes the reported issue and bring new version of blender. References SRPMS 9/core
- blender-3.3.21-1.mga9
Categorías: Actualizaciones de Seguridad
Becoming a Mageia Packager
Done AurelianR
← Older revision Revision as of 12:55, 10 July 2025 Line 191: Line 191: | Seminar 2 || Update || 10 Packages || Graduation email<br>Or last update | Seminar 2 || Update || 10 Packages || Graduation email<br>Or last update |- style="background-color:#eee;" |- style="background-color:#eee;" −| Template || Example || [https://ml.mageia.org 2021-02-14] || {{yes|Done}} || [https://bugs.mageia.org {{yes|Done}} || [https://bugs.mageia.org {{yes|Done}} || {{yes|Done}} || 5/5<br>app1<br>app2<br>app3<br>app4<br>app5 || {{yes|Done}} || {{yes|Done}} || 10/10<br>app1 app2<br>app3 app4<br>app5 app6<br>app7 app8<br>app9 app10 || 2021-10-17<br>or<br>[https://ml.mageia.org {{yes|Done}} 2021-02-14]+| Template || Example || [https://ml.mageia.org 2021-02-14] || {{yes|Done}} || [https://bugs.mageia.org {{yes|Done}} || [https://bugs.mageia.org {{yes|Done}} || {{yes|Done}} || 5/5<br>app1<br>app2<br>app3<br>app4<br>app5 || {{yes|Done}} || {{yes|Done}} || 10/10<br>app1 app2<br>app3 app4<br>app5 app6<br>app7 app8<br>app9 app10 || 2021-10-17<br>or<br>[https://ml.mageia.org {{yes|Done}} 2021-02-14 |- |- −|AurelianR || DavidG ||[https://ml.mageia.org/l/arc/dev/2025-02/msg00006.html 2025-02-04] || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || mingw-libgcrypt<br>ppsspp<br>vowpal-wabbit<br>zh-autoconvert<br>yodl<br>yencode<br>apr-utils<br>(and about a hundred more)|| {{yes|Done}} || {{yes|Done}} || tnef<br>vulkan-memory-allocator<br>dolphin-emu<br>virtuoso-opensource<br>mpich<br>xen<br>vde2<br>ntk<br>tkgate<br>sugar-artwork<br>fluxbox<br>kde-pdf-servicemenu<br>tcp_wrappers<br>goverlay<br>linphone stack+|AurelianR || DavidG ||[https://ml.mageia.org/l/arc/dev/2025-02/msg00006.html 2025-02-04] || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || mingw-libgcrypt<br>ppsspp<br>vowpal-wabbit<br>zh-autoconvert<br>yodl<br>yencode<br>apr-utils<br>(and about a hundred more)|| {{yes|Done}} || {{yes|Done}} || tnef<br>vulkan-memory-allocator<br>dolphin-emu<br>virtuoso-opensource<br>mpich<br>xen<br>vde2<br>ntk<br>tkgate<br>sugar-artwork<br>fluxbox<br>kde-pdf-servicemenu<br>tcp_wrappers<br>goverlay<br>linphone stack || [https://ml.mageia.org/l/arc/dev/2025-07/msg00146.html {{yes|Done}} 2025-07-09 |- |- | katnatek || papoteur || [https://ml.mageia.org/l/arc/dev/2023-10/msg00041.html 2023-10-11] || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || lyx<br>mythtv<br>task-plasma5 (spectacle)<br>obconf<br>pidgin-googlechat || {{yes|Done}} || {{yes|Done}} || python-setuptools-git-versioning python-sphinxcontrib-jquery whatsie evdi awf-extended | katnatek || papoteur || [https://ml.mageia.org/l/arc/dev/2023-10/msg00041.html 2023-10-11] || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || lyx<br>mythtv<br>task-plasma5 (spectacle)<br>obconf<br>pidgin-googlechat || {{yes|Done}} || {{yes|Done}} || python-setuptools-git-versioning python-sphinxcontrib-jquery whatsie evdi awf-extended Papoteur
Categorías: Wiki de Mageia
