Lector de Feeds
Webservices passwords
Google, Gandi, Tumblr, Oracle, MADB, Scaleway
← Older revision Revision as of 19:06, 28 May 2025 Line 1: Line 1: [[Category:Sysadmin]] [[Category:Sysadmin]] −Add here each webservice we use, and who has the login and password :+Add here each webservice we use, and who has the login and password: * [https://bsky.app/profile/mageialinux.bsky.social bluesky]: codegazer * [https://bsky.app/profile/mageialinux.bsky.social bluesky]: codegazer * [http://cia.vc/stats/project/Mageia cia.vc]: ? * [http://cia.vc/stats/project/Mageia cia.vc]: ? * [https://www.dailymotion.com/tilalo-Mageia DailyMotion]: dams/boklm/ennael/rda/rtp * [https://www.dailymotion.com/tilalo-Mageia DailyMotion]: dams/boklm/ennael/rda/rtp −* [https://www.scaleway.com/en/dedibox/ Dedibox] ( rabbit ): misc, ennael+* [https://www.scaleway.com/en/dedibox/ Dedibox/Scaleway] (rabbit): misc, ennael * [https://dlvrit.com/ dlvr.it]: dams/boklm/ennael/rda/rtp * [https://dlvrit.com/ dlvr.it]: dams/boklm/ennael/rda/rtp * [https://hub.docker.com/_/mageia Docker Hub]: juancho * [https://hub.docker.com/_/mageia Docker Hub]: juancho Line 12: Line 12: * [https://www.gandi.net/ Gandi] DNS: neoclust/pterjan/dams/boklm/ennael/rda/rtp * [https://www.gandi.net/ Gandi] DNS: neoclust/pterjan/dams/boklm/ennael/rda/rtp * [https://www.gandi.net/ Gandi] VM: dams/boklm/ennael/rda/rtp * [https://www.gandi.net/ Gandi] VM: dams/boklm/ennael/rda/rtp −* [https://plus.google.com/+mageia Google]: dams/boklm/ennael/rda/rtp+* [https://www.gandi.net/ Gandi] certificates: neoclust +* [https://plus.google.com/+mageia Google+]: dams/boklm/ennael/rda/rtp +* Google apikeys: pterjan * [https://identi.ca/mageia identica]: dams/boklm/ennael/rda/rtp * [https://identi.ca/mageia identica]: dams/boklm/ennael/rda/rtp * [https://www.linkedin.com/company/mageia.org LinkedIn]: ? * [https://www.linkedin.com/company/mageia.org LinkedIn]: ? −* [https://matrix.to/#/#mageia-space:matrix.org matrix.org]: ngompa, neoclust, akien+* [https://matrix.to/#/#mageia-space:matrix.org matrix.org]: ngompa/neoclust/akien +* [https://www.oracle.com/cloud/compute/ Oracle cloud (ociaa1)]: pterjan * [https://www.ovhcloud.com/ OVH DNS] ([http://bonjourmageia.fr bonjourmageia.fr]): ? * [https://www.ovhcloud.com/ OVH DNS] ([http://bonjourmageia.fr bonjourmageia.fr]): ? −* [https://www.mageialinux-online.com/ nFrance (madb)]: jybz/vouf+* [https://www.mageialinux-online.org/ nFrance (madb)]: jybz/vouf/papoteur −* tumbler account (bonjourmageia): dams/boklm/ennael/rda/rtp+* [https://www.tumblr.com/bonjourmageia Tumbler]: dams/boklm/ennael/rda/rtp * [https://twitter.com/mageia_org X/Twitter]: dams/boklm/ennael/rda/rtp * [https://twitter.com/mageia_org X/Twitter]: dams/boklm/ennael/rda/rtp * [https://wordpress.com/ wordpress.com]: neoclust * [https://wordpress.com/ wordpress.com]: neoclust Line 24: Line 27: * [https://www.youtube.com/@MageiaLinux YouTube]: dams/boklm/ennael/rda/rtp * [https://www.youtube.com/@MageiaLinux YouTube]: dams/boklm/ennael/rda/rtp −A few credentials are available to those with root on duvel in /etc/puppet/extdata/common.csv+A few of these credentials are available to sysadmins with root on duvel in /etc/puppet/extdata/common.csv == See also == == See also == [[Who has power-rights-credentials?]] [[Who has power-rights-credentials?]] Danf
Categorías: Wiki de Mageia
MGASA-2025-0168 - Updated thunderbird packages fix security vulnerabilities
Publication date: 27 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3875 , CVE-2025-3877 , CVE-2025-3909 , CVE-2025-3932 , CVE-2025-4918 , CVE-2025-4919 Description Sender Spoofing via Malformed From Header in Thunderbird. (CVE-2025-3875) Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. (CVE-2025-3877) JavaScript Execution via Spoofed PDF Attachment and file:/// Link. (CVE-2025-3909) Tracking Links in Attachments Bypassed Remote Content Blocking. (CVE-2025-3932) Out-of-bounds access when resolving Promise objects. (CVE-2025-4918) Out-of-bounds access when optimizing linear sums. (CVE-2025-4919) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3875 , CVE-2025-3877 , CVE-2025-3909 , CVE-2025-3932 , CVE-2025-4918 , CVE-2025-4919 Description Sender Spoofing via Malformed From Header in Thunderbird. (CVE-2025-3875) Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. (CVE-2025-3877) JavaScript Execution via Spoofed PDF Attachment and file:/// Link. (CVE-2025-3909) Tracking Links in Attachments Bypassed Remote Content Blocking. (CVE-2025-3932) Out-of-bounds access when resolving Promise objects. (CVE-2025-4918) Out-of-bounds access when optimizing linear sums. (CVE-2025-4919) References
- https://bugs.mageia.org/show_bug.cgi?id=34288
- https://www.thunderbird.net/en-US/thunderbird/128.10.1esr/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/
- https://www.thunderbird.net/en-US/thunderbird/128.10.2esr/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/128.10.2esr/releasenotes/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3875
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3877
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3909
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3932
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4918
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4919
- thunderbird-128.10.2-1.mga9
- thunderbird-l10n-128.10.2-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0167 - Updated sqlite3 packages fix security vulnerability
Publication date: 27 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-29088 Description In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect. (CVE-2025-29088) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-29088 Description In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect. (CVE-2025-29088) References
- https://bugs.mageia.org/show_bug.cgi?id=34217
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DUNGXGTRJGRYS2XF6QS2CZPSWAF5HHVJ/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29088
- sqlite3-3.40.1-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0166 - Updated open-vm-tools packages fix security vulnerability
Publication date: 27 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-22247 Description VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. (CVE-2025-22247) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-22247 Description VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. (CVE-2025-22247) References
- https://bugs.mageia.org/show_bug.cgi?id=34271
- https://www.openwall.com/lists/oss-security/2025/05/12/2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDQBVVMNJB6EXDLSUNBCHZTNRBLXJEFU/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22247
- open-vm-tools-12.3.5-2.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0165 - Updated rootcerts, nss & firefox packages fix security vulnerabilities
Publication date: 27 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4918 , CVE-2025-4919 Description Out-of-bounds access when resolving Promise objects. (CVE-2025-4918) Out-of-bounds access when optimizing linear sums. (CVE-2025-4919) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4918 , CVE-2025-4919 Description Out-of-bounds access when resolving Promise objects. (CVE-2025-4918) Out-of-bounds access when optimizing linear sums. (CVE-2025-4919) References
- https://bugs.mageia.org/show_bug.cgi?id=34287
- https://www.mozilla.org/en-US/firefox/128.10.1/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-37/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_111.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4918
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4919
- rootcerts-20250424.00-1.mga9
- nss-3.111.0-1.mga9
- firefox-128.10.1-2.mga9
- firefox-l10n-128.10.1-1.mga9
Categorías: Actualizaciones de Seguridad
Mageia 9 Errata
Various software: update aegisub
← Older revision Revision as of 17:53, 27 May 2025 Line 357: Line 357: {{Bug|32806}} - '''rtorrent''' crash (and gets automatically restarted). Upstream. {{Bug|32806}} - '''rtorrent''' crash (and gets automatically restarted). Upstream. −{{Bug|33330}} - '''aegisub crashes at start in wayland session. - WORKAROUND:''' Start it from command line this way: {{cmd|<nowiki>env GDK_BACKEND=x11 aegisub</nowiki>}}. +'''FIXED BY [https://advisories.mageia.org/MGAA-2025-0055.html UPDATE]''' {{Bug|33330}} - '''aegisub''' crashes at start in wayland session. '''FIXED BY UPDATE''' {{Bug|33366}} - After first run '''neochat''' in light desktops can't start a new session once you quit from application icon in taskbar. It is fixed in the update, but if you already bite by this you note still can't start a new session, I hope you have your account data because you need to remove {{folder|~/.local/share/KDE/neochat}}, {{file|~/.config/neochatrc}}, {{file|~/.config/KDE/neochat.conf}}, {{folder|~/.cache/KDE/neochat}}. '''FIXED BY UPDATE''' {{Bug|33366}} - After first run '''neochat''' in light desktops can't start a new session once you quit from application icon in taskbar. It is fixed in the update, but if you already bite by this you note still can't start a new session, I hope you have your account data because you need to remove {{folder|~/.local/share/KDE/neochat}}, {{file|~/.config/neochatrc}}, {{file|~/.config/KDE/neochat.conf}}, {{folder|~/.cache/KDE/neochat}}. Katnatek
Categorías: Wiki de Mageia
MGAA-2025-0055 - Updated aegisub packages fix bug
Publication date: 26 May 2025
Type: bugfix
Affected Mageia releases : 9
Description aegisub crashes when run in a Wayland session. This update fixes the reported issue. References
Type: bugfix
Affected Mageia releases : 9
Description aegisub crashes when run in a Wayland session. This update fixes the reported issue. References
- https://bugs.mageia.org/show_bug.cgi?id=33330
- https://github.com/TypesettingTools/Aegisub/issues/233
- aegisub-3.4.2-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0164 - Updated glibc packages fix security vulnerability
Publication date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4802 Description An untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library versions 2.27 to 2.38 allows attacker-controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). (CVE-2025-4802) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4802 Description An untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library versions 2.27 to 2.38 allows attacker-controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). (CVE-2025-4802) References
- https://bugs.mageia.org/show_bug.cgi?id=34286
- https://www.openwall.com/lists/oss-security/2025/05/16/7
- https://www.openwall.com/lists/oss-security/2025/05/17/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802
- glibc-2.36-56.mga9
Categorías: Actualizaciones de Seguridad
