Lector de Feeds
MGASA-2025-0196 - Updated chromium-browser-stable packages fix security vulnerabilities
Publication date: 25 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6191 , CVE-2025-6192 Description Integer overflow in V8. (CVE-2025-6191) Use after free in Profiler. (CVE-2025-6192) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6191 , CVE-2025-6192 Description Integer overflow in V8. (CVE-2025-6191) Use after free in Profiler. (CVE-2025-6192) References
- https://bugs.mageia.org/show_bug.cgi?id=34386
- https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6191
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6192
- chromium-browser-stable-136.0.7103.113-3.mga9.tainted
Categorías: Actualizaciones de Seguridad
Becoming a Mageia Packager
Apprenticeship in progress
← Older revision Revision as of 19:53, 25 June 2025 Line 193: Line 193: | Template || Example || [https://ml.mageia.org 2021-02-14] || {{yes|Done}} || [https://bugs.mageia.org {{yes|Done}} || [https://bugs.mageia.org {{yes|Done}} || {{yes|Done}} || 5/5<br>app1<br>app2<br>app3<br>app4<br>app5 || {{yes|Done}} || {{yes|Done}} || 10/10<br>app1 app2<br>app3 app4<br>app5 app6<br>app7 app8<br>app9 app10 || 2021-10-17<br>or<br>[https://ml.mageia.org {{yes|Done}} 2021-02-14] | Template || Example || [https://ml.mageia.org 2021-02-14] || {{yes|Done}} || [https://bugs.mageia.org {{yes|Done}} || [https://bugs.mageia.org {{yes|Done}} || {{yes|Done}} || 5/5<br>app1<br>app2<br>app3<br>app4<br>app5 || {{yes|Done}} || {{yes|Done}} || 10/10<br>app1 app2<br>app3 app4<br>app5 app6<br>app7 app8<br>app9 app10 || 2021-10-17<br>or<br>[https://ml.mageia.org {{yes|Done}} 2021-02-14] |- |- −|AurelianR || DavidG ||[https://ml.mageia.org/l/arc/dev/2025-02/msg00006.html 2025-02-04] || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || mingw-libgcrypt<br>ppsspp<br>vowpal-wabbit<br>zh-autoconvert<br>yodl<br>yencode<br>apr-utils<br>(and about a hundred more)|| {{yes|Done}} || {{yes|Done}} || tnef<br>vulkan-memory-allocator<br>dolphin-emu<br>virtuoso-opensource<br>mpich<br>xen<br>vde2<br>ntk<br>tkgate<br>sugar-artwork<br>fluxbox<br>kde-pdf-servicemenu+|AurelianR || DavidG ||[https://ml.mageia.org/l/arc/dev/2025-02/msg00006.html 2025-02-04] || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || mingw-libgcrypt<br>ppsspp<br>vowpal-wabbit<br>zh-autoconvert<br>yodl<br>yencode<br>apr-utils<br>(and about a hundred more)|| {{yes|Done}} || {{yes|Done}} || tnef<br>vulkan-memory-allocator<br>dolphin-emu<br>virtuoso-opensource<br>mpich<br>xen<br>vde2<br>ntk<br>tkgate<br>sugar-artwork<br>fluxbox<br>kde-pdf-servicemenu<br>tcp_wrappers<br>goverlay<br>linphone stack |- |- | katnatek || papoteur || [https://ml.mageia.org/l/arc/dev/2023-10/msg00041.html 2023-10-11] || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || lyx<br>mythtv<br>task-plasma5 (spectacle)<br>obconf<br>pidgin-googlechat || {{yes|Done}} || {{yes|Done}} || python-setuptools-git-versioning python-sphinxcontrib-jquery whatsie evdi awf-extended | katnatek || papoteur || [https://ml.mageia.org/l/arc/dev/2023-10/msg00041.html 2023-10-11] || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || lyx<br>mythtv<br>task-plasma5 (spectacle)<br>obconf<br>pidgin-googlechat || {{yes|Done}} || {{yes|Done}} || python-setuptools-git-versioning python-sphinxcontrib-jquery whatsie evdi awf-extended Daviddavid
Categorías: Wiki de Mageia
Autobuild errors
cmake35
← Older revision Revision as of 19:38, 25 June 2025 Line 1: Line 1: The [https://pkgsubmit.mageia.org/autobuild/results.php Autobuild results page] highlights certain common errors encountered in the build in the ''Detected errors'' column. Usually, these result from new compiler versions or additional build-time checks that affect many packages and therefore make them worthwhile to highlight. This page gives information on the detected problems and hints about how to fix them. New checks may be added in [https://gitweb.mageia.org/software/infrastructure/autobuild/tree/bugscan.rb bugscan.rb] The [https://pkgsubmit.mageia.org/autobuild/results.php Autobuild results page] highlights certain common errors encountered in the build in the ''Detected errors'' column. Usually, these result from new compiler versions or additional build-time checks that affect many packages and therefore make them worthwhile to highlight. This page gives information on the detected problems and hints about how to fix them. New checks may be added in [https://gitweb.mageia.org/software/infrastructure/autobuild/tree/bugscan.rb bugscan.rb] + +== cmake35 == + +'''Problem''': Build aborts with the error message "Compatibility with CMake < 3.5 has been removed from CMake." + +'''Solution''': Update the VERSION argument ''<min>'' value (in CMakeLists.txt) IF the file is truly forwards-compatible. Or, use the ''<min>...<max>'' syntax to tell CMake that the project requires at least ''<min>'' but has been updated to work with policies introduced by ''<max>'' or earlier. Or, add ''-DCMAKE_POLICY_VERSION_MINIMUM=3.5'' to try configuring anyway. + +Added for mga10. == conflictstrl == == conflictstrl == Danf
Categorías: Wiki de Mageia
MGASA-2025-0195 - Updated nss & firefox packages fix security vulnerabilities
Publication date: 25 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5262 , CVE-2025-5263 , CVE-2025-5264 , CVE-2025-5266 , CVE-2025-5267 , CVE-2025-5268 , CVE-2025-5269 Description CVE-2025-5283: A double-free could have occurred in vpx_codec_enc_init_multi after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. CVE-2025-5264: Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. CVE-2025-5266: Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. CVE-2025-5267: A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. CVE-2025-5268: Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. CVE-2025-5269: Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. We can't ship this update to armv7hl architecture, we are investigating the issue and will try to update firefox for armv7hl as soon as posible. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5262 , CVE-2025-5263 , CVE-2025-5264 , CVE-2025-5266 , CVE-2025-5267 , CVE-2025-5268 , CVE-2025-5269 Description CVE-2025-5283: A double-free could have occurred in vpx_codec_enc_init_multi after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. CVE-2025-5264: Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. CVE-2025-5266: Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. CVE-2025-5267: A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. CVE-2025-5268: Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. CVE-2025-5269: Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. We can't ship this update to armv7hl architecture, we are investigating the issue and will try to update firefox for armv7hl as soon as posible. References
- https://bugs.mageia.org/show_bug.cgi?id=34337
- https://www.mozilla.org/en-US/firefox/128.11.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_112.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5262
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5263
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5264
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5266
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5267
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5268
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5269
- firefox-128.11.0-1.1.mga9
- firefox-l10n-128.11.0-1.mga9
- nss-3.112.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0194 - Updated yarnpkg packages fix security vulnerabilities
Publication date: 25 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2020-7677 , CVE-2021-43138 , CVE-2022-3517 , CVE-2024-37890 , CVE-2024-48949 , CVE-2022-37599 , CVE-2023-26136 , CVE-2023-46234 , CVE-2024-12905 , CVE-2024-4067 , CVE-2025-48387 Description CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers. CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification. CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file And other vulnerabilities in the yarn's bundled nodejs components are fixed too, see the references. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2020-7677 , CVE-2021-43138 , CVE-2022-3517 , CVE-2024-37890 , CVE-2024-48949 , CVE-2022-37599 , CVE-2023-26136 , CVE-2023-46234 , CVE-2024-12905 , CVE-2024-4067 , CVE-2025-48387 Description CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers. CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification. CVE-2024-12905 yarnpkg: link following and path traversal via maliciously crafted tar file And other vulnerabilities in the yarn's bundled nodejs components are fixed too, see the references. References
- https://bugs.mageia.org/show_bug.cgi?id=33674
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UGLXZO6VIHGIITQTEUY5Q5YCAP2A4ZP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEDIJM7VQF4Q2L2KKQ6KJ2WZNR7AXYQD/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7677
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3517
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37890
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48949
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37599
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26136
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46234
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12905
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4067
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48387
- yarnpkg-1.22.22-0.10.9.2.1.mga9
Categorías: Actualizaciones de Seguridad
