Lector de Feeds

Publication date: 09 May 2025
Type: bugfix
Affected Mageia releases : 9
Description WWE 2k23 small “artifacts” Variable Rate Shading (VRS) produces very aliased results on RADV with an AMD gpu Vulkan issues after sleeping on 9070 XT ring gfx_0.0.0 timeout after waking from sleep - RX 9070 radeonsi: CL conformance test `vector_swizzle` fails since 177427877bb50ad7ba24abfa13e55a2684d804df Random mesa crashes in kwin_wayland on a 6600XT Patch to fix clinfo on rusticl radv/aco: Ghost of Tsushima hangs and causes gpu resets on RDNA 3 GPU mesa-vulkan-driver-git.x86_64 causes strange colored rectangle artifacts in Final Fantasy XIV References

• https://bugs.mageia.org/show_bug.cgi?id=34248
• https://docs.mesa3d.org/relnotes/25.0.5.html

SRPMS 9/core

• mesa-25.0.5-1.mga9
• vulkan-tools-1.3.231.1-1.1.mga9

9/tainted

• mesa-25.0.5-1.mga9.tainted

‎How to enforce version freeze: Fix path

← Older revision Revision as of 08:11, 9 May 2025 Line 2: Line 2:     * take a checkout of puppet configuration * take a checkout of puppet configuration −* go to ''modules/buildsystem/templates''+* edit ''deployment/mga_buildsystem/manifests/config.pp'' −* edit ''submit-todo.conf''     −in ''checks/version/cauldron'' ( yaml hierarchy )+in the ''$cauldron_version_check'' object     * change mode from   * change mode from   −  mode: normal+  'mode' => 'normal'  to   to   −  mode: version_freeze+  'mode' => 'version_freeze'     * commit and push * commit and push Line 18: Line 17:  A Release Freeze is done similarly, but with A Release Freeze is done similarly, but with    −  mode: freeze+  'mode' => 'freeze'     == How to add someone to the list of users able to upload == == How to add someone to the list of users able to upload == Danf

Publication date: 08 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4083 , CVE-2025-4087 , CVE-2025-4091 , CVE-2025-4093 Description Process isolation bypass using "javascript:" URI links in cross-origin frames. (CVE-2025-4083) Unsafe attribute access during XPath parsing. (CVE-2025-4087) Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. (CVE-2025-4091) Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10. (CVE-2025-4093) References

• https://bugs.mageia.org/show_bug.cgi?id=34233
• https://www.thunderbird.net/en-US/thunderbird/128.10.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093

SRPMS 9/core

• thunderbird-128.10.0-1.mga9
• thunderbird-l10n-128.10.0-1.mga9

Publication date: 08 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4083 , CVE-2025-4087 , CVE-2025-4091 , CVE-2025-4093 Description A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape, CVE-2025-4083. A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption, CVE-2025-4087. Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code, CVE-2025-4091. Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code, CVE-2025-4093. References

• https://bugs.mageia.org/show_bug.cgi?id=34232
• https://www.mozilla.org/en-US/firefox/128.10.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093

SRPMS 9/core

• firefox-128.10.0-1.mga9
• firefox-l10n-128.10.0-1.mga9

Publication date: 08 May 2025
Type: bugfix
Affected Mageia releases : 9
Description Changes in Youtube's API make applications that use yt-dlp fail or even crash. This update fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34241

SRPMS 9/core

• yt-dlp-2025.04.30-1.mga9

‎See Also: Add Trustify

← Older revision Revision as of 09:12, 7 May 2025 Line 125: Line 125:  * [https://vuln.go.dev/ Go Vulnerability Database] * [https://vuln.go.dev/ Go Vulnerability Database]  * [https://guac.sh/ GUAC] SBOM management tool * [https://guac.sh/ GUAC] SBOM management tool  +* [https://github.com/trustification/trustify Trustify] SBOM management tool  * [https://github.com/anchore/grype grype], tool that can look up security issues from a SPDX SBOM * [https://github.com/anchore/grype grype], tool that can look up security issues from a SPDX SBOM  * [https://trivy.dev/ Trivy], tool that can look up security issues from a SPDX SBOM * [https://trivy.dev/ Trivy], tool that can look up security issues from a SPDX SBOM     [[Category:Packaging]] [[Category:Packaging]] Danf

Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10041 Description libpam vulnerable to leaking hashed passwords. (CVE-2024-10041) References

• https://bugs.mageia.org/show_bug.cgi?id=34219
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/S3CBZDTRIQZKAUHHWFBJKJ7PYA7BPARL/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10041

SRPMS 9/core

• pam-1.5.2-5.2.mga9

Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32460 Description GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. (CVE-2025-32460) References

• https://bugs.mageia.org/show_bug.cgi?id=34218
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/6QYCKFE7IU3HOGGUF42EURRWALAXSG4Z/
• https://lists.debian.org/debian-security-announce/2025/msg00067.html
• https://lists.suse.com/pipermail/sle-updates/2025-April/039065.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32460

SRPMS 9/core

• graphicsmagick-1.3.40-1.2.mga9

9/tainted

• graphicsmagick-1.3.40-1.2.mga9.tainted

Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31492 Description mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data. (CVE-2025-31492) References

• https://bugs.mageia.org/show_bug.cgi?id=34216
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4RNEMKHJH72IHWVOIEQAKSXHOSDXQN3A/
• https://lists.debian.org/debian-security-announce/2025/msg00066.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z7RSITAKS2ICGANCQP2TDUHMS2LZDXR/
• https://ubuntu.com/security/notices/USN-7446-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31492

SRPMS 9/core

• apache-mod_auth_openidc-2.4.13.2-1.2.mga9

Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-53034 , CVE-2025-21955 , CVE-2025-21956 , CVE-2025-21957 , CVE-2025-21959 , CVE-2025-21960 , CVE-2025-21962 , CVE-2025-21963 , CVE-2025-21964 , CVE-2025-21966 , CVE-2025-21967 , CVE-2025-21968 , CVE-2025-21969 , CVE-2025-21970 , CVE-2025-21971 , CVE-2025-21975 , CVE-2025-21978 , CVE-2025-21979 , CVE-2025-21980 , CVE-2025-21981 , CVE-2025-21986 , CVE-2025-21991 , CVE-2025-21992 , CVE-2025-21993 , CVE-2025-21994 , CVE-2025-21995 , CVE-2025-21996 , CVE-2025-21997 , CVE-2025-21999 , CVE-2025-22001 , CVE-2025-22003 , CVE-2025-22004 , CVE-2025-22005 , CVE-2025-22007 , CVE-2025-22008 , CVE-2025-22009 , CVE-2025-22010 , CVE-2025-22013 , CVE-2025-22014 , CVE-2025-22015 , CVE-2025-22018 , CVE-2025-22020 , CVE-2025-22021 , CVE-2025-22025 , CVE-2025-22027 , CVE-2025-22029 , CVE-2025-22033 , CVE-2025-22035 , CVE-2025-22038 , CVE-2025-22040 , CVE-2025-22041 , CVE-2025-22042 , CVE-2025-22043 , CVE-2025-22044 , CVE-2025-22045 , CVE-2025-22047 , CVE-2025-22048 , CVE-2025-22049 , CVE-2025-22050 , CVE-2025-22053 , CVE-2025-22054 , CVE-2025-22055 , CVE-2025-22056 , CVE-2025-22057 , CVE-2025-22058 , CVE-2025-22060 , CVE-2025-22063 , CVE-2025-22064 , CVE-2025-22066 , CVE-2025-22071 , CVE-2025-22072 , CVE-2025-22073 , CVE-2025-22074 , CVE-2025-22075 , CVE-2025-22077 , CVE-2025-22079 , CVE-2025-22080 , CVE-2025-22081 , CVE-2025-22083 , CVE-2025-22086 , CVE-2025-22088 , CVE-2025-22089 , CVE-2025-22090 , CVE-2025-22093 , CVE-2025-22095 , CVE-2025-22097 , CVE-2025-22119 , CVE-2025-23136 , CVE-2025-23138 , CVE-2025-37785 , CVE-2025-37893 , CVE-2025-38152 , CVE-2025-38240 , CVE-2025-38575 , CVE-2025-38637 , CVE-2025-39728 , CVE-2025-39735 Description Vanilla upstream kernel version 6.6.88 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References

• https://bugs.mageia.org/show_bug.cgi?id=34191
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.80
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.81
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.82
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.83
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.84
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.85
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.86
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.87
• https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.88
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-53034
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21955
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21956
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21957
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21959
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21960
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21962
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21963
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21964
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21966
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21967
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21968
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21969
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21970
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21971
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21975
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21978
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21979
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21980
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21981
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21986
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21991
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21992
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21993
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21994
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21995
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21996
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21997
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21999
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22001
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22003
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22004
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22005
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22007
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22008
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22009
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22010
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22013
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22014
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22015
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22018
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22020
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22021
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22025
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22027
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22029
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22033
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22035
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22038
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22040
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22041
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22042
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22043
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22044
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22045
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22047
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22048
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22049
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22050
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22053
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22054
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22055
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22056
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22057
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22058
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22060
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22063
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22064
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22066
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22071
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22072
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22073
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22074
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22075
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22077
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22079
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22080
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22081
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22083
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22086
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22088
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22089
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22090
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22093
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22095
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22097
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22119
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23136
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23138
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37785
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-37893
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38152
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38240
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38575
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38637
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39728
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-39735

SRPMS 9/core

• kernel-linus-6.6.88-1.mga9

Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31650 , CVE-2025-31651 Description DoS via malformed HTTP/2 PRIORITY_UPDATE frame. (CVE-2025-31650) Bypass of rules in Rewrite Valve. (CVE-2025-31651) References

• https://bugs.mageia.org/show_bug.cgi?id=34231
• https://www.openwall.com/lists/oss-security/2025/04/28/2
• https://www.openwall.com/lists/oss-security/2025/04/28/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31650
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651

SRPMS 9/core

• tomcat-9.0.104-1.mga9

Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23016 Description FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. (CVE-2025-23016) References

• https://bugs.mageia.org/show_bug.cgi?id=34222
• https://www.openwall.com/lists/oss-security/2025/04/23/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23016

SRPMS 9/core

• fcgi-2.4.0-22.1.mga9

Publication date: 05 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43903 Description NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. (CVE-2025-43903) References

• https://bugs.mageia.org/show_bug.cgi?id=34238
• https://ubuntu.com/security/notices/USN-7471-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43903

SRPMS 9/core

• poppler-23.02.0-1.6.mga9