Lector de Feeds

Publication date: 09 Sep 2025
Type: bugfix
Affected Mageia releases : 9
Description Fixed a bugregression introduced in 580.65.06 that could cause Vulkan applications to hang on Wayland. Added support for NVIDIA Smooth Motion on GeForce RTX 40 Series GPUs. Fixed a bug that caused /sys/class/drm/.../enabled to always report "disabled" for NVIDIA GPU connectors. References

• https://bugs.mageia.org/show_bug.cgi?id=34610
• https://www.nvidia.com/en-us/drivers/details/253003/

SRPMS 9/nonfree

• nvidia-current-580.82.07-1.mga9.nonfree

Publication date: 08 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8067 Description Out-of-bounds read in udisks daemon. (CVE-2025-8067) References

• https://bugs.mageia.org/show_bug.cgi?id=34602
• https://www.openwall.com/lists/oss-security/2025/08/28/1
• https://www.openwall.com/lists/oss-security/2025/08/28/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8067

SRPMS 9/core

• udisks2-2.10.1-1.2.mga9

Publication date: 08 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8713 , CVE-2025-8714 , CVE-2025-8715 Description PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table. (CVE-2025-8713) PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client. (CVE-2025-8714) PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server. (CVE-2025-8715) References

• https://bugs.mageia.org/show_bug.cgi?id=34608
• https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715

SRPMS 9/core

• postgresql15-15.14-1.mga9
• postgresql13-13.22-1.mga9

Publication date: 08 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-57833 Description Potential SQL injection in FilteredRelation column aliases. (CVE-2025-57833) References

• https://bugs.mageia.org/show_bug.cgi?id=34612
• https://www.openwall.com/lists/oss-security/2025/09/03/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

SRPMS 9/core

• python-django-4.1.13-1.6.mga9

Publication date: 08 Sep 2025
Type: bugfix
Affected Mageia releases : 9
Description Haproxy has a few medium and a few minor bugs fixed in the last upstream version 2.8.15 of branch 2.8. Fixed medium bug list: - backend: do not overwrite srv dst address on reuse (2) - backend: fix reuse with set-dst/set-dst-port - clock: make sure now_ms cannot be TICK_ETERNITY - debug: close a possible race between thread dump and panic() - fd: mark FD transferred to another process as FD_CLONED - filters: Handle filters registered on data with no payload callback - h3: trim whitespaces in header value prior to QPACK encoding - h3: trim whitespaces when parsing headers value - hlua/cli: fix cli applet UAF in hlua_applet_wakeup() - hlua: fix hlua_applet_{http,tcp}_fct() yield regression (lost data) - http-ana: Report 502 from req analyzer only during rsp forwarding - htx: wrong count computation in htx_xfer_blks() - mux-quic: do not attach on already closed stream - mux-quic: fix crash on RS/SS emission if already close local - peers: prevent learning expiration too far in futur from unsync node - sample: fix risk of overflow when replacing multiple regex back-refs - spoe: Don't wakeup idle applets in loop during stopping - ssl: chosing correct certificate using RSA-PSS with TLSv1.3 - startup: return to initial cwd only after check_config_validity() - thread: use pthread_self() not ha_pthread[tid] in set_affinity References

• https://bugs.mageia.org/show_bug.cgi?id=34599
• https://www.haproxy.org/download/2.8/src/CHANGELOG

SRPMS 9/core

• haproxy-2.8.15-1.mga9