Lector de Feeds

Publication date: 18 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-12817 , CVE-2025-12818 Description PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege. (CVE-2025-12817) PostgreSQL libpq undersizes allocations, via integer wraparound. (CVE-2025-12818) References

• https://bugs.mageia.org/show_bug.cgi?id=34752
• https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818

SRPMS 9/core

• postgresql15-15.15-1.mga9
• postgresql13-13.23-1.mga9

Publication date: 18 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-42516 , CVE-2024-43204 , CVE-2024-47252 , CVE-2025-49630 , CVE-2025-23048 , CVE-2025-49812 , CVE-2025-53020 , CVE-2025-54090 Description HTTP response splitting. (CVE-2024-42516) SSRF with mod_headers setting Content-Type header. (CVE-2024-43204) mod_ssl error log variable escaping. (CVE-2024-47252) mod_proxy_http2 denial of service. (CVE-2025-49630) mod_ssl access control bypass with session resumption. (CVE-2025-23048) mod_ssl TLS upgrade attack. (CVE-2025-49812) HTTP/2 DoS by Memory Increase. (CVE-2025-53020) 'RewriteCond expr' always evaluates to true in 2.4.64. (CVE-2025-54090) You will find the update delay sometimes causes a failure; just restart the service after the update. References

• https://bugs.mageia.org/show_bug.cgi?id=34464
• https://www.openwall.com/lists/oss-security/2025/07/10/2
• https://www.openwall.com/lists/oss-security/2025/07/10/3
• https://www.openwall.com/lists/oss-security/2025/07/10/4
• https://www.openwall.com/lists/oss-security/2025/07/10/6
• https://www.openwall.com/lists/oss-security/2025/07/10/7
• https://www.openwall.com/lists/oss-security/2025/07/10/8
• https://www.openwall.com/lists/oss-security/2025/07/10/9
• https://www.openwall.com/lists/oss-security/2025/07/10/10
• https://www.openwall.com/lists/oss-security/2025/07/24/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42516
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43204
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47252
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49630
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23048
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49812
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53020
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54090

SRPMS 9/core

• apache-2.4.65-1.mga9

Publication date: 17 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13012 , CVE-2025-13013 , CVE-2025-13014 , CVE-2025-13015 , CVE-2025-13016 , CVE-2025-13017 , CVE-2025-13018 , CVE-2025-13019 , CVE-2025-13020 Description Race condition in the Graphics component. (CVE-2025-13012) Mitigation bypass in the DOM: Core & HTML component. (CVE-2025-13013) CVE-2025-13014: Use-after-free in the Audio/Video component. (CVE-2025-13014) Spoofing issue in Firefox. (CVE-2025-13015) Incorrect boundary conditions in the JavaScript: WebAssembly component. (CVE-2025-13016) Same-origin policy bypass in the DOM: Notifications component. (CVE-2025-13017) Mitigation bypass in the DOM: Security component. (CVE-2025-13018) Same-origin policy bypass in the DOM: Workers component. (CVE-2025-13019) Use-after-free in the WebRTC: Audio/Video component. (CVE-2025-13020) References

• https://bugs.mageia.org/show_bug.cgi?id=34742
• https://www.firefox.com/en-US/firefox/140.5.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13012
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13013
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13014
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13015
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13016
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13017
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13018
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13019
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13020

SRPMS 9/core

• firefox-140.5.0-1.mga9
• firefox-l10n-140.5.0-1.mga9

Publication date: 17 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description We are rebuilding packages requiring icu version 72 with icu version 73 to use an icu version with security fixes. These packages are the last set; after these updates there should not be packages that depend on icu version 72 in your system. If you find you can't run (change lib64 to lib in 32bit system): LC_ALL=C urpme lib64icu72 without uninstalling packages in your system, please report. References

• https://bugs.mageia.org/show_bug.cgi?id=34740

SRPMS 9/core

• gnome-builder-44.2-1.1.mga9
• gnucash-5.3-1.1.mga9
• kdeplasma-addons-5.27.10-1.1.mga9
• evolution-data-server-3.48.3-1.1.mga9
• kbibtex-0.10.0-3.1.mga9
• geary-43.0-3.1.mga9

Publication date: 17 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description We are rebuilding packages requiring icu version 72 with icu version 73 to use an icu version with security fixes. These packages are the third set. References

• https://bugs.mageia.org/show_bug.cgi?id=34730

SRPMS 9/core

• gspell-1.12.1-1.1.mga9
• libcdr-0.1.7-5.1.mga9
• 0ad-0.0.26-3.1.mga9
• c-icap-modules-classify-20180416-15.1.mga9
• enchant2-2.3.3-2.1.mga9
• gnustep-base-1.28.0-2.1.mga9
• gnustep-gui-0.28.0-10.1.mga9
• konsole-23.04.3-1.1.mga9
• qtwebengine5-5.15.10-8.1.mga9
• qtwebengine6-6.4.1-5.1.mga9
• performous-1.2.0-6.1.mga9
• plasma-workspace-5.27.10-1.3.mga9
• R-base-4.3.3-1.1.mga9
• scribus-1.5.8-11.1.mga9
• strawberry-1.0.17-1.1.mga9
• subtitlecomposer-0.7.1-3.1.mga9
• mpd-0.23.11-4.1.mga9

9/tainted

• mpd-0.23.11-4.1.mga9.tainted

Publication date: 17 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description It appears there has been a rollout for the WEB client where YouTube has removed the playback links for adaptiveFormats in the player response. This leaves only the SABR streaming URL for playback (which is what YouTube has been using for a while now) References

• https://bugs.mageia.org/show_bug.cgi?id=34750
• https://github.com/yt-dlp/yt-dlp/issues/12482

SRPMS 9/core

• python-packaging-24.2-1.mga9
• python-hatchling-1.27.0-1.mga9
• yt-dlp-2025.11.12-1.mga9

Publication date: 17 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description The kvm modules are now preloaded at boot, and thus it conflicts with vbox modules. This version has a fix that rmmod the kvm module before starting virtualbox VMs References

• https://bugs.mageia.org/show_bug.cgi?id=34408
• https://www.virtualbox.org/wiki/Changelog-7.1
• https://www.virtualbox.org/ticket/22248
• https://github.com/VirtualBox/virtualbox/issues/372

SRPMS 9/core

• virtualbox-7.1.14-2.mga9
• kmod-virtualbox-7.1.14-12.mga9

‎On guests: link to bug.

← Older revision Revision as of 00:12, 17 November 2025 Line 34: Line 34:  On the guest, if it is Mageia, make sure {{prog|virtualbox-guest-additions}} is installed. Mageia installer normally detects if it is run inside VirtualBox and installs it automatically, but check! This provides the guest with the ability to share files and sync time with the host. Also, you need to add the guest system user to group vboxsf if you want folder sharing with host to work (or else only root can access them). On the guest, if it is Mageia, make sure {{prog|virtualbox-guest-additions}} is installed. Mageia installer normally detects if it is run inside VirtualBox and installs it automatically, but check! This provides the guest with the ability to share files and sync time with the host. Also, you need to add the guest system user to group vboxsf if you want folder sharing with host to work (or else only root can access them).    −For Microsoft Windows guests, after install, in the running guest virtual screen window: menu {{Menu|Devices -> Insert CD image of guest additions}}, and have the guest install it. (VirtualBox may download it automatically from Oracle if needed.)+For Microsoft Windows guests, after install, in the running guest virtual screen window: menu {{Menu|Devices -> Insert CD image of guest additions}}, and have the guest install it. (VirtualBox may download it automatically from Oracle if needed.) Here are often various quirks, see {{Bug|18962}}     == Reaching Documentation == == Reaching Documentation == Morgano