Lector de Feeds

Publication date: 28 Feb 2025
Type: bugfix
Affected Mageia releases : 9
Description gnome-boxes can't redirect usb ports to guest systems, this is due missing requiriment on spice-gtk. This update fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=33445

SRPMS 9/core

• gnome-boxes-44.2-1.1.mga9

Publication date: 28 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1378 Description A vulnerability, which was classified as problematic, was found in radare2. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. References

• https://bugs.mageia.org/show_bug.cgi?id=34044
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/6L3CRKPOLSYHPHW4QETC25D65CTE33EO/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1378

SRPMS 9/core

• radare2-5.8.8-1.5.mga9

correção em evita

← Older revision Revision as of 22:32, 27 February 2025 Line 39: Line 39:  Em vez de digitar o nome completo do comando ou diretório, digite as primeiras letras e pressione a tecla TAB (tabulação). Isso: Em vez de digitar o nome completo do comando ou diretório, digite as primeiras letras e pressione a tecla TAB (tabulação). Isso:  * economiza tempo; * economiza tempo; −* vita erros de digitação;   +* evita erros de digitação;     * atua como ajuda de memória, listando todas as possibilidades correspondentes às primeiras letras digitadas. * atua como ajuda de memória, listando todas as possibilidades correspondentes às primeiras letras digitadas.    Xgrind

The Brazilian forum no longer exists.

← Older revision Revision as of 22:23, 27 February 2025 Line 17: Line 17:  * Greek: http://www.mageia-gr.org/forum/ * Greek: http://www.mageia-gr.org/forum/  * Italian: http://mageiaitalia.org/forum * Italian: http://mageiaitalia.org/forum −* Portuguese: https://www.mageiadobrasil.com.br/forum/   * Russia: https://forum.mageia.org.ru/, https://linuxforum.ru/viewforum.php?id=80 * Russia: https://forum.mageia.org.ru/, https://linuxforum.ru/viewforum.php?id=80  * Spanish: https://blogdrake.net/foros * Spanish: https://blogdrake.net/foros Xgrind

Publication date: 26 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1390 Description pam_cap: Fix potential configuration parsing error. (CVE-2025-1390) References

• https://bugs.mageia.org/show_bug.cgi?id=34048
• https://ubuntu.com/security/notices/USN-7287-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1390

SRPMS 9/core

• libcap-2.52-5.1.mga9

Publication date: 26 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-57392 Description A buffer overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a denial of service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port. (CVE-2024-57392) References

• https://bugs.mageia.org/show_bug.cgi?id=34042
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E36XSNXDCOSSYTPKEMAEUAZ6QVQJTSFZ/
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/C3HZA5IS6YXHXDULEZHLHWOVCC3IYNGP/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57392

SRPMS 9/core

• proftpd-1.3.8c-1.1.mga9

Publication date: 26 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-26465 Description Machine-in-the-middle attack vulnerability if verifyhostkeydns is enabled. (CVE-2025-26465) References

• https://bugs.mageia.org/show_bug.cgi?id=34036
• https://openwall.com/lists/oss-security/2025/02/18/1
• https://openwall.com/lists/oss-security/2025/02/18/4
• https://lists.debian.org/debian-security-announce/2025/msg00030.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STTU3AYQZPT4FUMERJH7RQ3KH3TMQDUI/
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GGMBNUMHNWAKKPCVKBQBXE7C4WSYOBAY/
• https://ubuntu.com/security/notices/USN-7270-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26465

SRPMS 9/core

• openssh-9.3p1-2.4.mga9

Publication date: 26 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-21687 , CVE-2025-21688 , CVE-2025-21689 , CVE-2025-21690 , CVE-2025-21691 , CVE-2025-21692 , CVE-2025-21699 , CVE-2025-21700 , CVE-2025-21701 Description Upstream kernel version 6.6.79 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links. References

• https://bugs.mageia.org/show_bug.cgi?id=34023
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.75
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.76
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.77
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.78
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.79
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21687
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21688
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21689
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21690
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21692
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21699
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21700
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21701

SRPMS 9/core

• kernel-6.6.79-1.mga9
• kmod-virtualbox-7.0.24-67.mga9
• kmod-xtables-addons-3.24-73.mga9

Publication date: 26 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-21687 , CVE-2025-21688 , CVE-2025-21689 , CVE-2025-21690 , CVE-2025-21691 , CVE-2025-21692 , CVE-2025-21699 , CVE-2025-21700 , CVE-2025-21701 Description Vanilla upstream kernel version 6.6.79 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References

• https://bugs.mageia.org/show_bug.cgi?id=34024
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.75
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.76
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.77
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.78
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.79
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21687
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21688
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21689
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21690
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21691
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21692
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21699
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21700
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21701

SRPMS 9/core

• kernel-linus-6.6.79-1.mga9

Publication date: 26 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0633 Description A heap-based buffer overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows an attacker to read out-of-bounds memory. (CVE-2025-0633) References

• https://bugs.mageia.org/show_bug.cgi?id=34047
• https://ubuntu.com/security/notices/USN-7286-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0633

SRPMS 9/core

• iniparser-4.1-4.1.mga9

Publication date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-25472 , CVE-2025-25474 , CVE-2025-25475 Description A buffer overflow in DCMTK allows attackers to cause a Denial of Service (DoS) via a crafted DCM file (CVE-2025-25472). DCMTK was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h (CVE-2025-25474). A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCMTK allows attackers to cause a Denial of Service (DoS) via a crafted DICOM file (CVE-2025-25475). References

• https://bugs.mageia.org/show_bug.cgi?id=34043
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VEIE5K5WMSCBUU2JDXY5E576NA36I3NC/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25472
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25474
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25475

SRPMS 9/core

• dcmtk-3.6.7-4.4.mga9

Publication date: 25 Feb 2025
Type: bugfix
Affected Mageia releases : 9
Description These packages have a bogus requirement on python3-sip; trying to install these packages will cause conflicts if you have applications that require python3-sip6. This update fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34014

SRPMS 9/core

• autohint-onoff-2.0-1.1.mga9
• enki-22.08.0-1.1.mga9
• pyzo-4.12.0-2.1.mga9
• meteo-qt-3.3-2.1.mga9