Lector de Feeds

Publication date: 19 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-27151 , CVE-2023-41056 , CVE-2025-32023 , CVE-2025-48367 Description Updated redis packages to a more recent version to fix security vulnerabilities: Some vulnerabilities have been discovered and fixed. Please note this update is from 7.0 to 7.2 which brings some potentially breaking changes. In most cases this update could be installed without problems. Potentially Breaking / Behavior Changes: bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Client side tracking for scripts now tracks the keys that are read by the script instead of the keys that are declared by the caller of EVAL / FCALL (#11770) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Freeze time sampling during command execution and in scripts (#10300) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb When a blocked command is being unblocked, checks like ACL, OOM, etc are re-evaluated (#11012) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Unify ACL failure error message text and error codes (#11160) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Blocked stream command that's released when key no longer exists carries a different error code (#11012) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Command stats are updated for blocked commands only when / if the command actually executes (#11012) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb The way ACL users are stored internally no longer removes redundant command and category rules, which may alter the way those rules are displayed as part of `ACL SAVE`, `ACL GETUSER` and `ACL LIST` (#11224) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Client connections created for TLS-based replication use SNI if possible (#11458) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Stream consumers: Re-purpose seen-time, add active-time (#11099) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb XREADGROUP and X[AUTO]CLAIM create the consumer regardless of whether it was able to perform some reading/claiming (#11099) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb ACL default newly created user set sanitize-payload flag in ACL LIST/GETUSER #11279 bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Fix HELLO command not to affect the client state unless successful (#11659) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Normalize `NAN` in replies to a single nan type, like we do with `inf` (#11597) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Cluster SHARD IDs are no longer visible in the cluster nodes output, introduced in 7.2-RC1. (#10536, #12166) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb When calling PUBLISH with a RESP3 client that's also subscribed to the same channel, the order is changed and the reply is sent before the published message (#12326) References

• https://bugs.mageia.org/show_bug.cgi?id=34452
• https://github.com/redis/redis/releases/tag/7.2.10
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27151
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41056
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32023
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48367

SRPMS 9/core

• redis-7.2.10-1.mga9

Publication date: 19 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-13176 , CVE-2024-9143 Description Miscellaneous minor bug fixes. References

• https://bugs.mageia.org/show_bug.cgi?id=34478
• https://openssl-library.org/news/secadv/20241016.txt
• https://openssl-library.org/news/secadv/20250120.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9143

SRPMS 9/core

• quictls-3.0.17-1.mga9

Publication date: 19 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53367 Description An out-of-bounds write in the MMRDecoder::scanruns method was fixed. The vulnerability could be exploited to gain code execution on a Linux Desktop system when the user tries to open a crafted document. References

• https://bugs.mageia.org/show_bug.cgi?id=34423
• https://www.openwall.com/lists/oss-security/2025/07/03/1
• https://ubuntu.com/security/notices/USN-7631-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53367

SRPMS 9/core

• djvulibre-3.5.29-1.mga9

Publication date: 17 Jul 2025
Type: bugfix
Affected Mageia releases : 9
Description VBoxManage: Fixed a crash when running 'guestcontrol run' on Windows hosts (bug #22175) Audio: Fixed device switching on Windows hosts (bug #22267) Windows host installer: Fixed multiple installation entries in the 'Add or remove programs' dialog and upgrade issues Linux host: Fixed issue which caused VM Selector process crash due to missing libdl.so and libpthread.so libraries (bug #22193) Linux host: Removed libIDL as a build time dependency when building VirtualBox from source code (bug #21169) Linux guest and host: Added initial support for kernel 6.15 (bug #22420) Linux guest: Added initial support for kernel 6.16-RC0 Linux guest and host: Fixed issue with building modules for UEK8 kernel on Oracle Linux 9 distribution RDP: Fixed issue when it was not possible to paste clipboard buffer into a guest over RDP remote session References

• https://bugs.mageia.org/show_bug.cgi?id=34474
• https://www.virtualbox.org/wiki/Changelog-7.1#v10

SRPMS 9/core

• virtualbox-7.1.10-1.mga9
• kmod-virtualbox-7.1.10-4.mga9