Lector de Feeds

Publication date: 31 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2173 , CVE-2025-2174 , CVE-2025-2175 , CVE-2025-2176 , CVE-2025-2177 Description A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2173). A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue(A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2176). A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2175). A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2177) A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue (CVE-2025-2174). References

• https://bugs.mageia.org/show_bug.cgi?id=34136
• https://ubuntu.com/security/notices/USN-7367-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2173
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2174
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2175
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2176
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2177

SRPMS 9/core

• zvbi-0.2.44-1.mga9

Publication date: 31 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2361 Description Mercurial SCM Web Interface cross site scripting. (CVE-2025-2361) References

• https://bugs.mageia.org/show_bug.cgi?id=34129
• https://www.openwall.com/lists/oss-security/2025/03/21/2
• https://lists.mercurial-scm.org/pipermail/mercurial-packaging/2025-March/000754.html
• https://lists.debian.org/debian-security-announce/2025/msg00045.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2361

SRPMS 9/core

• mercurial-6.5.1-1.1.mga9

Publication date: 31 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-25260 , CVE-2025-1372 , CVE-2025-1377 Description elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. (CVE-2024-25260) GNU elfutils eu-readelf readelf.c print_string_section buffer overflow. (CVE-2025-1372) GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service. (CVE-2025-1377) References

• https://bugs.mageia.org/show_bug.cgi?id=34134
• https://ubuntu.com/security/notices/USN-7369-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25260
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1372
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1377

SRPMS 9/core

• elfutils-0.189-1.1.mga9

‎Step o: Verify new LocalSettings.php: 2025_03_28 codegazer added updated snippet from /etc/mediawiki/LocalSettings.php for moving from Mageia 8 to Mageia 9

← Older revision Revision as of 00:00, 29 March 2025 (2 intermediate revisions by the same user not shown)Line 3: Line 3:  This document describes steps for moving the content of a wiki from one server to another. This document describes steps for moving the content of a wiki from one server to another.  <br> <br> −This method has been tested moving a mediawiki (using mysql/mariadb and Apache) between Mageia 5 and Mageia 6 servers.+This method has been tested moving a mediawiki (using mysql/mariadb and Apache) between Mageia 5 and Mageia 6 servers (in 2017) and also between Mageia 8 and Mageia 9 servers (in 2025).     = Benefits = = Benefits = Line 633: Line 633:  The effect of this was that image files were not being displayed on the new server. The effect of this was that image files were not being displayed on the new server.    −I manually added the following snippet to the new server's /etc/mediawiki/LocalSettings.php and then the wiki content was presented correctly.+For the move between Mageia 5 and 6 in 2017 I manually added the following snippet to the new server's /etc/mediawiki/LocalSettings.php and then the wiki content was presented correctly.     <pre> <pre> Line 671: Line 671:     # END-OF-snippet from /etc/mediawiki/LocalSettings.php   # END-OF-snippet from /etc/mediawiki/LocalSettings.php    +</pre>  +  +For the move between Mageia 8 and 9 in 2025 I manually added the following snippet to the new server's /etc/mediawiki/LocalSettings.php and then the wiki content was presented correctly.  +  +<pre>  +# START-OF-snippet from /etc/mediawiki/LocalSettings.php follows:  +  +# End of automatically generated settings.  +# Add more configuration options below.  +  +##LOCAL - manually added extensions  +  +wfLoadExtension( 'Cite' );  +wfLoadExtension( 'Gadgets' );  +wfLoadExtension( 'ImageMap' );  +wfLoadExtension( 'InputBox' );  +wfLoadExtension( 'LocalisationUpdate' );  +wfLoadExtension( 'Nuke' );  +wfLoadExtension( 'ParserFunctions' );  +wfLoadExtension( 'Poem' );  +wfLoadExtension( 'Renameuser' );  +wfLoadExtension( 'SpamBlacklist' );  +wfLoadExtension( 'SyntaxHighlight_GeSHi' );  +wfLoadExtension( 'TitleBlacklist' );  +wfLoadExtension( 'WikiEditor' );  +  +# Add more configuration options below.  +  +$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'doc',  +        'xls', 'mpp', 'pdf', 'ppt', 'tiff', 'bmp', 'docx', 'xlsx',  +        'pptx', 'ps', 'odt', 'ods', 'odp', 'odg', 'zip', 'txt',  +        'mp3', 'mp4', 'wmv'  +        );  +  +# END-OF-snippet from /etc/mediawiki/LocalSettings.php  +  </pre> </pre>    Line 809: Line 845:     # find wiki database name from wiki config # find wiki database name from wiki config −wgDBname=$(grep wgDBname ${wiki_conf} | grep -v "^#" | sed -e "s/^.//" | cut -d\" -f2)+wgDBname=$(grep "^.wgDBname" ${wiki_conf} | grep -v "^#" | sed -e "s/^.//" | cut -d\" -f2)     # find wiki user name from wiki config # find wiki user name from wiki config Codegazer