Lector de Feeds
Bugsquad
← Older revision
Revision as of 19:36, 7 November 2025
(One intermediate revision by the same user not shown)Line 57:
Line 57:
| Marja van Waes || marja || marja11 [at] freedom [dot] nl|| || '''Deputy''' || | Marja van Waes || marja || marja11 [at] freedom [dot] nl|| || '''Deputy''' ||
|- |-
− | José Alberto Valle Cid || kanatek || j.alberto.vc@gmail.com || || ||+ | José Alberto Valle Cid || katnatek || j.alberto.vc [at] gmail [dot] com || || ||
|- |-
− | Roelof Wobben || RoelofW || r.wobben@home.nl || || ||+ | Frank Sturm || sturmvogel || sturm-fr [at] web [dot] de || || ||
+ |-
+ | Frank Griffin || ftg || ftg [at] roadrunner [dot] com || || ||
|} |}
Lewyssmith
Categorías: Wiki de Mageia
MGASA-2025-0268 - Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerabilities
Publication date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53057 , CVE-2025-53066 Description Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2025-53057) Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2025-53066) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53057 , CVE-2025-53066 Description Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2025-53057) Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2025-53066) References
- https://bugs.mageia.org/show_bug.cgi?id=34697
- https://access.redhat.com/errata/RHSA-2025:18815
- https://access.redhat.com/errata/RHSA-2025:18818
- https://access.redhat.com/errata/RHSA-2025:18821
- https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixJAVA
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53057
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53066
- java-1.8.0-openjdk-1.8.0.472.b08-1.mga9
- java-11-openjdk-11.0.29.0.7-1.mga9
- java-17-openjdk-17.0.17.0.10-1.mga9
- java-latest-openjdk-25.0.1.0.8-1.rolling.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0267 - Updated sqlite3 packages fix security vulnerability
Publication date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6965 Description Integer Truncation on SQLite. (CVE-2025-6965) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6965 Description Integer Truncation on SQLite. (CVE-2025-6965) References
- https://bugs.mageia.org/show_bug.cgi?id=34626
- https://www.openwall.com/lists/oss-security/2025/09/06/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965
- sqlite3-3.40.1-1.3.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0266 - Updated libvpx packages fix security vulnerability
Publication date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5283 Description Double-free in libvpx encoder. (CVE-2025-5283) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5283 Description Double-free in libvpx encoder. (CVE-2025-5283) References
- https://bugs.mageia.org/show_bug.cgi?id=34346
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFW4D73K3AUKLCFQCO3CMQVM3FH6SE6V/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5283
- libvpx-1.12.0-1.4.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0265 - Updated dcmtk packages fix security vulnerabilities
Publication date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9732 Description A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9732 Description A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue. References
- https://bugs.mageia.org/show_bug.cgi?id=34718
- https://lists.debian.org/debian-lts-announce/2025/11/msg00006.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9732
- dcmtk-3.6.7-4.6.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0091 - Updated nvidia-current packages fix bug
Publication date: 07 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description Added support for YCbCr 4:2:2 display modes over HDMI Fixed Rate Link (FRL). This capability is only supported on Blackwell or later. Downgraded an error message "Failed to allocate NvKmsKapiDevice" to an informational message "NUMA was not set up yet; ignoring this device" when initializing nvidia-drm in cases where initialization is expected to fail due to NUMA not being online. Fixed a bug that caused interactive object outlines to not be rendered in Indiana Jones and the Great Circle. Fixed a regression introduced in the 575 driver series that caused GPUs to be powered on unnecessarily when processing redundant system power source notifications from the ACPI subsystem. References SRPMS 9/nonfree
Type: bugfix
Affected Mageia releases : 9
Description Added support for YCbCr 4:2:2 display modes over HDMI Fixed Rate Link (FRL). This capability is only supported on Blackwell or later. Downgraded an error message "Failed to allocate NvKmsKapiDevice" to an informational message "NUMA was not set up yet; ignoring this device" when initializing nvidia-drm in cases where initialization is expected to fail due to NUMA not being online. Fixed a bug that caused interactive object outlines to not be rendered in Indiana Jones and the Great Circle. Fixed a regression introduced in the 575 driver series that caused GPUs to be powered on unnecessarily when processing redundant system power source notifications from the ACPI subsystem. References SRPMS 9/nonfree
- nvidia-current-580.95.05-1.mga9.nonfree
Categorías: Actualizaciones de Seguridad
Bugsquad Portal
update team leaders
← Older revision Revision as of 19:33, 6 November 2025 Line 28: Line 28: * [https://ml.mageia.org/l/info/bugsquad-discuss the mageia-bugsquad mailing list] * [https://ml.mageia.org/l/info/bugsquad-discuss the mageia-bugsquad mailing list] * Team leaders: * Team leaders: −** Aurelien Oudelet ''auroud85'' ouaurelien [at] gmail [dot] com ** Lewis Smith ''lewyssmith'' lewyssmith[at]laposte[dot]net ** Lewis Smith ''lewyssmith'' lewyssmith[at]laposte[dot]net +** Marja van Waes ''marja'' marja11[at]freedom[dot]nl |- valign="top" |- valign="top" Marja
Categorías: Wiki de Mageia
