Lector de Feeds

Publication date: 10 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31115 Description XZ has a heap-use-after-free bug in threaded .xz decoder. (CVE-2025-31115) References

• https://bugs.mageia.org/show_bug.cgi?id=34164
• https://www.openwall.com/lists/oss-security/2025/04/03/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31115

SRPMS 9/core

• xz-5.4.3-1.1.mga9

Publication date: 10 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-40635 Description containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. References

• https://bugs.mageia.org/show_bug.cgi?id=34145
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IAMUEOAZJQQS6MSFKLEO72TDYAONTTXF/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635

SRPMS 9/core

• docker-containerd-1.7.27-1.mga9

Publication date: 10 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31160 Description atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop. (CVE-2025-31160) References

• https://bugs.mageia.org/show_bug.cgi?id=34139
• https://www.openwall.com/lists/oss-security/2025/03/26/2
• https://www.openwall.com/lists/oss-security/2025/03/26/3
• https://rachelbythebay.com/w/2025/03/26/atop/
• https://news.ycombinator.com/item?id=43485980
• https://news.ycombinator.com/item?id=43477057
• https://www.openwall.com/lists/oss-security/2025/03/29/1
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3K7T3QBXEP6TWTVJEMB47AVS2B2R5O5V/
• https://lists.debian.org/debian-security-announce/2025/msg00054.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31160

SRPMS 9/core

• atop-2.8.1-1.1.mga9

Publication date: 10 Apr 2025
Type: bugfix
Affected Mageia releases : 9
Description arte.tv has changed the URL of the videos and qarte is unable to retrieve the lists and the videos. Version 5.9.0 fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34159
• https://bugs.launchpad.net/qarte/+bug/2102036

SRPMS 9/core

• qarte-5.9.0-1.mga9

In Mageia/9/x86_64: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/aarch64: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/armv7hl: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/i586: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/cauldron/x86_64: Rachota is a portable application for timetracking different projects. It runs everywhere. It displays time data in diagram form, creates customized reports and invoices or analyses measured data and suggests hints to improve user's time usage. The totally portable yet personal timetracker.

In Mageia/cauldron/i586: Rachota is a portable application for timetracking different projects. It runs everywhere. It displays time data in diagram form, creates customized reports and invoices or analyses measured data and suggests hints to improve user's time usage. The totally portable yet personal timetracker.

In Mageia/cauldron/i586: A program to convert images from PPM format into the control language for the Alps Micro-Dry printers, at various times sold by Citizen, Alps and Okidata. This program drives the Alps Micro-Dry series of printers, including the Citizen Printiva series, Alps MD series, and Oki DP series (but not yet the DP-7000). In the current release, the program drives the standard mode fairly well; the dye sublimation mode very well; and the VPhoto mode reasonably well. It supports all the colours available up to the DP-5000, including the foil colours.

In Mageia/cauldron/x86_64: A program to convert images from PPM format into the control language for the Alps Micro-Dry printers, at various times sold by Citizen, Alps and Okidata. This program drives the Alps Micro-Dry series of printers, including the Citizen Printiva series, Alps MD series, and Oki DP series (but not yet the DP-7000). In the current release, the program drives the standard mode fairly well; the dye sublimation mode very well; and the VPhoto mode reasonably well. It supports all the colours available up to the DP-5000, including the foil colours.

In Mageia/cauldron/x86_64: This tool tries to recover JFIF (JPEG) pictures and MOV movies (using recovermov) from a peripheral. This may be useful if you mistakenly overwrite a partition or if a device such as a digital camera memory card is bogus.

In Mageia/cauldron/i586: This tool tries to recover JFIF (JPEG) pictures and MOV movies (using recovermov) from a peripheral. This may be useful if you mistakenly overwrite a partition or if a device such as a digital camera memory card is bogus.

In Mageia/cauldron/x86_64: Rdfind is a program that finds duplicate files. It is useful for compressing backup directories or just finding duplicate files. It compares files based on their content, NOT on their file names.

In Mageia/cauldron/i586: Rdfind is a program that finds duplicate files. It is useful for compressing backup directories or just finding duplicate files. It compares files based on their content, NOT on their file names.

In Mageia/cauldron/x86_64: Unifont is a Unicode font with a glyph for every visible Unicode Basic Multilingual Plane code point and more, with supporting utilities to modify the font. This package contains tools and glyph descriptions.

In Mageia/cauldron/i586: Unifont is a Unicode font with a glyph for every visible Unicode Basic Multilingual Plane code point and more, with supporting utilities to modify the font. This package contains tools and glyph descriptions.