Lector de Feeds

‎Without removal on upgrade

← Older revision Revision as of 11:19, 1 June 2026 (3 intermediate revisions by the same user not shown)Line 1: Line 1:  [[Category:Mageia 10]] [[Category:Mageia 10]]  [[Category:Release Notes]] [[Category:Release Notes]] −  −<!-- disable this so it's not in release note of isos medias-->      {{multi language banner|[[Mageia 10 Veröffentlichungshinweise-de|Deutsch]] ; [[Mageia 10 Release Notes|English]] ; [[Notas sobre Mageia 10-es|Español]]}} {{multi language banner|[[Mageia 10 Veröffentlichungshinweise-de|Deutsch]] ; [[Mageia 10 Release Notes|English]] ; [[Notas sobre Mageia 10-es|Español]]}}     +<!-- disable this so it's not in release note of isos medias  {{draft}} {{draft}}  {{warning|This page is a draft for the upcoming release Mageia 10. '''For pre-release testing see [[Official_pre-release_testing|Official pre-release testing]].'''}} {{warning|This page is a draft for the upcoming release Mageia 10. '''For pre-release testing see [[Official_pre-release_testing|Official pre-release testing]].'''}}  +-->     {{introduction|Presentation of the evolution, new features, known issues, and the recent changes of the Mageia distribution.}} {{introduction|Presentation of the evolution, new features, known issues, and the recent changes of the Mageia distribution.}} Line 525: Line 525:  * Perform a normal full '''system update''' ''(most importantly rpm and urpmi)''. * Perform a normal full '''system update''' ''(most importantly rpm and urpmi)''.  * Is very important to reboot your system after installation of the updates from {{bug|34918}} & {{bug|34920}}. The updated gpg key is needed for the migration to Mageia 10.   * Is very important to reboot your system after installation of the updates from {{bug|34918}} & {{bug|34920}}. The updated gpg key is needed for the migration to Mageia 10.   −* Some software may need special care, such as maybe not update Docker during system upgrade, see [[#Docker|Docker]] above.   * It is good to '''free some space''', particularly uninstall old kernels, fat games... * It is good to '''free some space''', particularly uninstall old kernels, fat games...  * Make sure you have a '''task-* package for your favourite desktop''' installed. This ensures no needed packages for the desktop will be missing after the upgrade. Example: {{prog|task-plasma}}. If you don't need full Plasma set it is {{prog|task-plasma-minimal}}. Other desktops follow the same scheme, like {{prog|task-gnome, task-xfce}}, etc, some have the "-minimal" variant too. * Make sure you have a '''task-* package for your favourite desktop''' installed. This ensures no needed packages for the desktop will be missing after the upgrade. Example: {{prog|task-plasma}}. If you don't need full Plasma set it is {{prog|task-plasma-minimal}}. Other desktops follow the same scheme, like {{prog|task-gnome, task-xfce}}, etc, some have the "-minimal" variant too. Line 586: Line 585:  ** Using the MIRRORLIST method (which will select a mirror automatically based on your geographical location). {{prog|urpmi}} knows what to substitute for $ARCH. ** Using the MIRRORLIST method (which will select a mirror automatically based on your geographical location). {{prog|urpmi}} knows what to substitute for $ARCH.  *:{{cmd|urpmi.addmedia --distrib --mirrorlist <nowiki>'http://mirrors.mageia.org/api/mageia.10.$ARCH.list'</nowiki>}} *:{{cmd|urpmi.addmedia --distrib --mirrorlist <nowiki>'http://mirrors.mageia.org/api/mageia.10.$ARCH.list'</nowiki>}} −{{warning|For 32bit systems,use i686 instead $ARCH}}+{{warning|For 32bit systems, use i686 instead of $ARCH}}     ** Or using a specific media mirror. You can get the mirror_url using the [https://mirrors.mageia.org/distrib Mageia mirrors web application]: ** Or using a specific media mirror. You can get the mirror_url using the [https://mirrors.mageia.org/distrib Mageia mirrors web application]: Line 692: Line 691:     The category contains the following packages, alphabetically: The category contains the following packages, alphabetically:  +* chromium-browser  * sparkleshare * sparkleshare    Bcornec

‎Fork the distribution on mirrors

← Older revision Revision as of 10:34, 1 June 2026 Line 49: Line 49:     = Fork the distribution on mirrors = = Fork the distribution on mirrors = −Before forking, check that the repository is clean, using [http://check.mageia.org/cauldron/missing.html youri-check]. Some cleaning may be needed.+Before forking, check that the repository is clean, using [http://check.mageia.org/cauldron/missing.html youri-check]. Some cleaning may be needed. In particular, move the previous-previous distribution to archive mirror in distrib-coffee (and ask more mirrors to host mageia-archive) plus drop previous-previous from duvel or otherwise you don't have enough disk space when cauldron reopens.     Forking the distributions on mirrors is done using the script ''fork-distribution'' from ''soft/release/trunk''. It's taking as argument the source path, and destination path. Forking the distributions on mirrors is done using the script ''fork-distribution'' from ''soft/release/trunk''. It's taking as argument the source path, and destination path. Bcornec

Release notes are in the mageia-release package, not the meta-task package

← Older revision Revision as of 07:55, 1 June 2026 Line 2: Line 2:     == Technical countdown == == Technical countdown == −* update Release-notes in meta-task (used in installer)+* update release-notes in mageia-release (used in installer)  * update mageia-release: product.id, mageia-release * update mageia-release: product.id, mageia-release  * rebuild drakx-installer-binaries, drakx-installer-images, drakx-installer-rescue, drakx-installer-stage2 and lsb-release with new mageia-release * rebuild drakx-installer-binaries, drakx-installer-images, drakx-installer-rescue, drakx-installer-stage2 and lsb-release with new mageia-release Martinw

‎Introduction: update because mga-advisor is packaged for Mageia 10/cauldron

← Older revision Revision as of 06:40, 1 June 2026 Line 4: Line 4:  This page is intended for instructions on how to get and use mga-advisor. This page is intended for instructions on how to get and use mga-advisor.    −It still needs to be packaged, but the source can be found here [https://gitweb.mageia.org/software/infrastructure/mga-advisor/ https://gitweb.mageia.org/software/infrastructure/mga-advisor/]+It hasn't been packaged for Mageia 9, but the source can be found here [https://gitweb.mageia.org/software/infrastructure/mga-advisor/ https://gitweb.mageia.org/software/infrastructure/mga-advisor/]    −You need form.ui and mga-advisor.py from the [https://gitweb.mageia.org/software/infrastructure/mga-advisor/tree/ tree]+You need form.ui and mga-advisor.py from the [https://gitweb.mageia.org/software/infrastructure/mga-advisor/tree/ tree] or, if you installed mga-advisor in Mageia 10 or cauldron, you need to create links to the files on you computer.    −If ~/mageia-advisories/advisories/ is where you store the advisories, then it is best to put these files there, too (without svn-adding them), but even if you put them somewhere else, mga-advisor will write its output to the ~/mageia-advisories/advisories/ directory.+If ~/mageia-advisories/advisories/ is where you store the advisories, then it is best to put these files or links there, too (without svn-adding them), but even if you put them somewhere else, mga-advisor will write its output to the ~/mageia-advisories/advisories/ directory.  +   +The links can be created by running, in the directory where you want them:<br>  +{{cmd|ln -s /usr/lib/python3.13/site-packages/mga-advisor/form.ui form.ui}} and <br>  +{{cmd|ln -s /usr/lib/python3.13/site-packages/mga-advisor/mga-advisor.py mga-advisor.py}}     To work, it needs:<br> To work, it needs:<br> Marja

‎I want to submit a package in updates testing for a stable release: add how to copy a package from cauldron

← Older revision Revision as of 22:21, 31 May 2026 Line 36: Line 36:  # commit your changes : <tt>mgarepo ci -m 'my changes explained'</tt> # commit your changes : <tt>mgarepo ci -m 'my changes explained'</tt>  # ask for a build : <tt>mgarepo submit 5/foo --define section=core/updates_testing -t 5</tt> # ask for a build : <tt>mgarepo submit 5/foo --define section=core/updates_testing -t 5</tt>  +  +== The package does not yet exist in stable, but is needed for e.g. a security update ==  +  +First copy the cauldron package to stable:  +  +{{Pre|svn cp svn+ssh://svn.mageia.org/svn/packages/cauldron/perl-Crypt-URandom-Token svn+ssh://svn.mageia.org/svn/packages/updates/9/ -m "SILENT: copy for update"}}  +  +then take the same steps as above.     = I want to backport a package  = = I want to backport a package  = Marja

← Older revision Revision as of 08:31, 30 May 2026 Line 100: Line 100:  === Verschiedene === === Verschiedene ===  {{bug|34925}} - {{prog|picom}} stürzt ab, wenn es ohne eine vorhandene Konfigurationsdatei gestartet wird. '''WORKAROUND''': Falls es noch nicht auf Ihrem System vorhanden ist, installieren Sie {{prog|picom-conf}} und führen Sie es mit Benutzerrechte aus. Sie können Änderungen an den voreingestellten Werte durchführen, falls Sie möchten, die Konfiguration speichern und anschließend picom ausführen. {{bug|34925}} - {{prog|picom}} stürzt ab, wenn es ohne eine vorhandene Konfigurationsdatei gestartet wird. '''WORKAROUND''': Falls es noch nicht auf Ihrem System vorhanden ist, installieren Sie {{prog|picom-conf}} und führen Sie es mit Benutzerrechte aus. Sie können Änderungen an den voreingestellten Werte durchführen, falls Sie möchten, die Konfiguration speichern und anschließend picom ausführen.  +  +{{bug|35571}} - Beim Start einer Sitzung mit dem Compositor Kwin Wayland und installiertem  {{pkg|numlock}} Paket ist das Licht für die Numlock Tasten an, allerdings sind die Zahlentasten nicht aktiv. Deinstallieren Sie, zum Beheben, das {{pkg|numlock}} Paket.     === GNOME === === GNOME === Psyca

numlock on but inactive

← Older revision Revision as of 05:08, 30 May 2026 Line 151: Line 151:  === Various === === Various ===  {{bug|34925}} - {{prog|picom}} crash if is started without configuration file. '''WORKAROUND''': if not is already in your system, install {{prog|picom-conf}} and run as user, you can make changes to default values if you want, save the configuration and close, then you can run picom. {{bug|34925}} - {{prog|picom}} crash if is started without configuration file. '''WORKAROUND''': if not is already in your system, install {{prog|picom-conf}} and run as user, you can make changes to default values if you want, save the configuration and close, then you can run picom.  +  +{{bug|35571}} - At start of the session, Numlock light is on but digits are not active when {{pkg|numlock}} package is installed and compositor is Kwin Wayland. Uninstall {{pkg|numlock}}.     === GNOME === === GNOME === Papoteur

Publication date: 30 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-45130 , CVE-2026-43961 , CVE-2026-46483 Description Heap Buffer Overflow in spell file loading affects Vim < 9.2.0450. (CVE-2026-45130) Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename affects Vim < 9.2.0480. (CVE-2026-43961) Command Injection in tar.vim affects Vim < 9.2.0479. (CVE-2026-46483) Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name affects Vim < 9.2.0495. Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex affects Vim < 9.2.0496. References

• https://bugs.mageia.org/show_bug.cgi?id=35490
• https://www.openwall.com/lists/oss-security/2026/05/07/9
• https://github.com/vim/vim/security/advisories/GHSA-q4jv-r9gj-6cwv
• https://www.openwall.com/lists/oss-security/2026/05/14/6
• https://github.com/vim/vim/security/advisories/GHSA-2fpv-9ff7-xg5w
• https://www.openwall.com/lists/oss-security/2026/05/14/7
• https://github.com/vim/vim/security/advisories/GHSA-66hr-7p6x-x5j3
• https://www.openwall.com/lists/oss-security/2026/05/17/3
• https://github.com/vim/vim/security/advisories/GHSA-crm5-rh6j-2c7c
• https://www.openwall.com/lists/oss-security/2026/05/17/4
• https://github.com/vim/vim/security/advisories/GHSA-4473-94jm-w5x9
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45130
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43961
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46483

SRPMS 9/core

• vim-9.2.498-1.mga9

Publication date: 30 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-5090 Description Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. (CVE-2026-5090) References

• https://bugs.mageia.org/show_bug.cgi?id=35554
• https://www.openwall.com/lists/oss-security/2026/05/19/40
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5090

SRPMS 9/core

• perl-Template-Toolkit-3.101.0-1.1.mga9

← Older revision Revision as of 22:10, 29 May 2026 Line 53: Line 53:  Sie werden feststellen, dass sich die Erweiterung der Pakete von i586 auf i686 geändert hat. Sie werden feststellen, dass sich die Erweiterung der Pakete von i586 auf i686 geändert hat.  Da auch die meisten Softwareprojekte die Unterstützung für 32-Bit verworfen haben, werden Sie feststellen, dass die angebotenen Anwendungen, anders als beim x86_64 System, nicht vollständig sind. Da auch die meisten Softwareprojekte die Unterstützung für 32-Bit verworfen haben, werden Sie feststellen, dass die angebotenen Anwendungen, anders als beim x86_64 System, nicht vollständig sind.  +  +=== Grafikdesign ===  +Unsere Atelier und Dev Teams haben hart gearbeitet um die beste Balance zwischen visueller Attraktivität und Speichernutzung zu finden.  +Wie üblich wählten wir einen großen Bereich an Auflösungen für den Haupthintergrund um eine breite Anzahl an verschiedenen Monitoren abzudecken und wir haben auch die Größe, mit Werkzeugen, welche in unseren Repositorien verfügbar sind, abzudecken.  +  +Für den Hauptbildschirmschoner haben wir eine Bildgröße von 3840x2160 im JXL Format ausgewählt, damit diese auf modernen 2k Monitoren und selbst auf 4k Monitoren, gut aussehen, während diese eine ähnliche Speichergröße aufweisen, wie die Bilder in Mageia 9, welche eine niedrigere Auflösung besaßen und das JPG Format nutzten.     == Große Entwicklungen == == Große Entwicklungen == Line 460: Line 466:  * Upgraden einer Mageia Installation welche zuvor '''KEINE''' UEFI Installation war, auf ein Mageia 9 im UEFI-Modus. * Upgraden einer Mageia Installation welche zuvor '''KEINE''' UEFI Installation war, auf ein Mageia 9 im UEFI-Modus.  - In diesen Fällen müssen Sie eine frische Installation durchführen (möglicherweise mit Beibehaltung des {{folder-de|/home}} Verzeichnisses). - In diesen Fällen müssen Sie eine frische Installation durchführen (möglicherweise mit Beibehaltung des {{folder-de|/home}} Verzeichnisses). −- Beachten Sie, dass weiterhin das Update auf Mageia 10 im Legacy-Modus funktioniert. Sie sollten jedoch beachten, dass die Live Abbilder im Legacy-Modus (und nicht im UEFI-Modus) gestartet werden, welches Sie in den BIOS Einstellungen überprüfen können.+- Beachten Sie, dass weiterhin das Update auf Mageia 10 im Legacy-Modus funktioniert. Sie sollten jedoch beachten, dass die Abbilder der klassischen Installation im Legacy-Modus (und nicht im UEFI-Modus) gestartet werden, welches Sie in den BIOS Einstellungen überprüfen können.     ==== Upgraden über das Internet ==== ==== Upgraden über das Internet ==== Line 590: Line 596:  ''Benötigte Aktionen durch den/die Anwender/in, welche nicht hier, noch auf der Errata Seite beschrieben sind.'' ''Benötigte Aktionen durch den/die Anwender/in, welche nicht hier, noch auf der Errata Seite beschrieben sind.''    −Dovecot, der IMAP Server, wurde auf 2.4.3 aktualisiert, welche eine Konfigurationsdatei verwendet, die nicht mit der alten 2.3 Konfiguration kompatibel ist. Bitte lesen Sie aufmerksam die [https://doc.dovecot.org/2.4.0/installation/upgrade/2.3-to-2.4.html Dokumentation für das Upgrade von dovecot.org] durch.+Dovecot, der IMAP Server, wurde auf 2.4.4 aktualisiert, welche eine Konfigurationsdatei verwendet, die nicht mit der alten 2.3 Konfiguration kompatibel ist. Bitte lesen Sie aufmerksam die [https://doc.dovecot.org/2.4.0/installation/upgrade/2.3-to-2.4.html Dokumentation für das Upgrade von dovecot.org] durch.     === Bugs === === Bugs === Psyca

‎Einführung

← Older revision Revision as of 21:48, 29 May 2026 Line 22: Line 22:  Verwenden eines IRC Clienten, wie zum Beispiel {{prog|hexchat}} : wählen Sie das Netwerk Libera.Chat aus und unter Menü Server > Einem Kanal beitreten > #mageia-irgendwas, aus der unten angezeigten Liste. Verwenden eines IRC Clienten, wie zum Beispiel {{prog|hexchat}} : wählen Sie das Netwerk Libera.Chat aus und unter Menü Server > Einem Kanal beitreten > #mageia-irgendwas, aus der unten angezeigten Liste.    −{{note-de|Die Desktop-Links funktionieren in Firefox nicht. Verwende stattdessen die Webclient-Links oder verbinde dich einfach über deinen IRC-Client mit einem Kanal.}}+{{note-de|Die Desktop-Links funktionieren in Firefox nicht. Verwenden Sie stattdessen die Webclient-Links oder verbinden Sie sich einfach über Ihren IRC-Client mit einem Kanal.}}     == Projektweite Kanäle == == Projektweite Kanäle == Psyca

‎User action needed: dovecot version

← Older revision Revision as of 09:35, 29 May 2026 Line 673: Line 673:  ''User actions needed that are not described elsewhere on this page nor in Errata.'' ''User actions needed that are not described elsewhere on this page nor in Errata.''    −Dovecot, the IMAP server, has been upgraded to 2.4.3, which has a configuration file that is not compatible with the old 2.3 configuration. Please carefully review [https://doc.dovecot.org/2.4.0/installation/upgrade/2.3-to-2.4.html upgrade documentation on dovecot.org] .+Dovecot, the IMAP server, has been upgraded to 2.4.4, which has a configuration file that is not compatible with the old 2.3 configuration. Please carefully review [https://doc.dovecot.org/2.4.0/installation/upgrade/2.3-to-2.4.html upgrade documentation on dovecot.org] .     === Bugs === === Bugs === Mpol

Publication date: 29 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8388 , CVE-2026-8391 , CVE-2026-8401 , CVE-2026-8946 , CVE-2026-8947 , CVE-2026-8950 , CVE-2026-8953 , CVE-2026-8954 , CVE-2026-8955 , CVE-2026-8956 , CVE-2026-8957 , CVE-2026-8958 , CVE-2026-8961 , CVE-2026-8962 , CVE-2026-8968 , CVE-2026-8970 , CVE-2026-8974 , CVE-2026-8975 Description The updated packages fix security vulnerabilities: Incorrect boundary conditions in the Audio/Video: Web Codecs component. (CVE-2026-8946) Incorrect boundary conditions in the JavaScript Engine: JIT component. (CVE-2026-8388) Use-after-free in the DOM: Bindings (WebIDL) component. (CVE-2026-8947) Other issue in the JavaScript Engine component. (CVE-2026-8391) Sandbox escape in the Profile Backup component. (CVE-2026-8401) Same-origin policy bypass in the Networking: HTTP component. (CVE-2026-8950) Sandbox escape due to use-after-free in the Disability Access APIs component. (CVE-2026-8953) Incorrect boundary conditions, integer overflow in the Audio/Video component. (CVE-2026-8954) Privilege escalation in the DOM: Workers component. (CVE-2026-8955) Integer overflow in the Networking: JAR component. (CVE-2026-8956) Privilege escalation in the Enterprise Policies component. (CVE-2026-8957) Information disclosure, sandbox escape in the Security: Process Sandboxing component. (CVE-2026-8958) Spoofing issue in the Form Autofill component. (CVE-2026-8961) Mitigation bypass in the DOM: Security component. (CVE-2026-8962) Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. (CVE-2026-8968) Privilege escalation in the Security component. (CVE-2026-8970) Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151. (CVE-2026-8974) Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151. (CVE-2026-8975) References

• https://bugs.mageia.org/show_bug.cgi?id=35555
• https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/S3z0rOO1xpg
• https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_124.html
• https://www.firefox.com/en-US/firefox/140.11.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8388
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8391
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8401
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8946
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8947
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8950
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8953
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8954
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8955
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8956
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8957
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8958
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8961
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8962
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8968
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8970
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8974
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8975

SRPMS 9/core

• nspr-4.39.0-1.mga9
• nss-3.124.0-1.mga9
• firefox-140.11.0-1.mga9
• firefox-l10n-140.11.0-1.mga9

Publication date: 29 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8388 , CVE-2026-8391 , CVE-2026-8401 , CVE-2026-8946 , CVE-2026-8947 , CVE-2026-8950 , CVE-2026-8953 , CVE-2026-8954 , CVE-2026-8955 , CVE-2026-8956 , CVE-2026-8957 , CVE-2026-8958 , CVE-2026-8961 , CVE-2026-8962 , CVE-2026-8968 , CVE-2026-8970 , CVE-2026-8974 , CVE-2026-8975 Description The updated packages fix security vulnerabilities: Incorrect boundary conditions in the Audio/Video: Web Codecs component. (CVE-2026-8946) Incorrect boundary conditions in the JavaScript Engine: JIT component. (CVE-2026-8388) Use-after-free in the DOM: Bindings (WebIDL) component. (CVE-2026-8947) Other issue in the JavaScript Engine component. (CVE-2026-8391) Sandbox escape in the Profile Backup component. (CVE-2026-8401) Same-origin policy bypass in the Networking: HTTP component. (CVE-2026-8950) Sandbox escape due to use-after-free in the Disability Access APIs component. (CVE-2026-8953) Incorrect boundary conditions, integer overflow in the Audio/Video component. (CVE-2026-8954) Privilege escalation in the DOM: Workers component. (CVE-2026-8955) Integer overflow in the Networking: JAR component. (CVE-2026-8956) Privilege escalation in the Enterprise Policies component. (CVE-2026-8957) Information disclosure, sandbox escape in the Security: Process Sandboxing component. (CVE-2026-8958) Spoofing issue in the Form Autofill component. (CVE-2026-8961) Mitigation bypass in the DOM: Security component. (CVE-2026-8962) Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. (CVE-2026-8968) Privilege escalation in the Security component. (CVE-2026-8970) Memory safety bugs fixed in Thunderbird 140.11 and Thunderbird 151. (CVE-2026-8974) Memory safety bugs fixed in Thunderbird 140.11 and Thunderbird 151. (CVE-2026-8975) References

• https://bugs.mageia.org/show_bug.cgi?id=35560
• https://www.thunderbird.net/en-US/thunderbird/140.11.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8388
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8391
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8401
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8946
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8947
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8950
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8953
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8954
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8955
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8956
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8957
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8958
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8961
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8962
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8968
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8970
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8974
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8975

SRPMS 9/core

• thunderbird-140.11.0-1.mga9
• thunderbird-l10n-140.11.0-1.mga9

Publication date: 29 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-3039 , CVE-2026-3592 , CVE-2026-3593 , CVE-2026-5946 , CVE-2026-5947 , CVE-2026-5950 Description Updated bind package fixes security vulnerabilities: bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb BIND 9 server memory exhaustion during GSS-API TKEY negotiation (CVE-2026-3039) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Amplification vulnerabilities via self-pointed glue records (CVE-2026-3592) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation (CVE-2026-3593) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb Invalid handling of CLASS != IN (CVE-2026-5946) bashrc.bak bin certbot-auto.bak certchecker certis.vfmbofh check-mk-agent_1.6.0p17-1_all.deb config.txt Riferimenti KB Cloud Aruba.txt rss tailer.sh test-acme zabbix-release_4.0-2+jessie_all.deb SIG(0) validation during query flood may lead to undefined behavior (CVE-2026-5947) *Unbounded resend loop in BIND 9 resolver (CVE-2026-5950) References

• https://bugs.mageia.org/show_bug.cgi?id=35557
• https://www.openwall.com/lists/oss-security/2026/05/20/11
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3039
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3592
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3593
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5946
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5947
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5950

SRPMS 9/core

• bind-9.18.49-1.mga9

Publication date: 29 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-42050 Description The updated packages fix a security vulnerability: Stack buffer overflow in XTileImage. (CVE-2026-42050) References

• https://bugs.mageia.org/show_bug.cgi?id=35556
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/O6OYKKQT2LLKS52FQTHRZ7GJJSUXW3YH/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42050

SRPMS 9/core

• graphicsmagick-1.3.40-1.6.mga9

9/tainted

• graphicsmagick-1.3.40-1.6.mga9.tainted

Publication date: 29 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-35979 Description The updated package fixes a security vulnerability: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing microcode updates to mitigate this potential vulnerability. (CVE-2025-35979) References

• https://bugs.mageia.org/show_bug.cgi?id=35558
• https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260512
• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01420.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-35979

SRPMS 9/nonfree

• microcode-0.20260512-1.mga9.nonfree