Lector de Feeds

Versions update, do backup

← Older revision Revision as of 08:29, 8 September 2025 Line 80: Line 80:  '''Keep having latest non-backport''' lib64bpf1, cpupower, kernel-userspace-headers installed, and keep them updated.  ''- we do not backport lib64bpf1 and cpupower, to not break compatibility with non-backport kernels.'' '''Keep having latest non-backport''' lib64bpf1, cpupower, kernel-userspace-headers installed, and keep them updated.  ''- we do not backport lib64bpf1 and cpupower, to not break compatibility with non-backport kernels.''    −'''Regarding kernel-stable-userspace-headers''' contra ''kernel-userspace-headers for 6.6 kernels:'' The packages are used for building applications; use the one for the current kernel you build for. They conflict each other and are handled correctly by urpmi & drakrpm - when you have '''updated mageia-repos and meta-task packages''' to 9.4 versions (at time of writing found in updates_testing) - and using kernel versions 6.6.103+ and 6.12.44+.+'''Regarding kernel-stable-userspace-headers''' contra ''kernel-userspace-headers for 6.6 kernels:'' The packages are used for building applications; use the one for the current kernel you build for. They conflict each other and are handled correctly by urpmi & drakrpm - when you have '''updated mageia-repos and meta-task packages''' to 9.4 versions (at time of writing found in updates_testing) - and using kernel versions 6.6.104+ and 6.12.44+.     '''Remove-Old-Kernels''', {{prog|rok}}, do currently not see nor handle 6.12 kernels, so you need to manually uninstall excess kernels when needed to save space - like you did for any kernels before rok was introduced with Mageia 9.  Or, '''make it work''' by adding to {{file|/etc/remove-old-kernels.cfg}}: In the list under the line "LISTK=\", add <br> kernel-stable-desktop <br> kernel-stable-desktop-devel <br> kernel-stable-source '''Remove-Old-Kernels''', {{prog|rok}}, do currently not see nor handle 6.12 kernels, so you need to manually uninstall excess kernels when needed to save space - like you did for any kernels before rok was introduced with Mageia 9.  Or, '''make it work''' by adding to {{file|/etc/remove-old-kernels.cfg}}: In the list under the line "LISTK=\", add <br> kernel-stable-desktop <br> kernel-stable-desktop-devel <br> kernel-stable-source Line 99: Line 99:  Note that it is not guaranteed that all series cover all architectures and flavours. For some series, the build may be limited to a single architecture (e.g., x86_64) and single flavour (e.g., desktop), or new flavours may emerge (e.g., desktop-tunedv3 for x86_64-v3). Note that it is not guaranteed that all series cover all architectures and flavours. For some series, the build may be limited to a single architecture (e.g., x86_64) and single flavour (e.g., desktop), or new flavours may emerge (e.g., desktop-tunedv3 for x86_64-v3).    −'''WARNING:''' Avoid running too fresh kernels on any kind of production system, especially kernels that are still rc versions, release candidates. If you run them to test anyway, please monitor the Linux kernel mailing list and be aware that there is a strong likelihood of bugs that will cause data corruption or other severe issues.+'''WARNING:''' Avoid running too fresh kernels on any kind of production system, especially kernels that are still rc versions, release candidates. If you run them to test anyway, please monitor the Linux kernel mailing list and be aware that there is a strong likelihood of bugs that will cause data corruption or other severe issues. So now even more important that you have backups of your data.     '''TIP:''' Have more than one series installed, to have something to fall back to. '''TIP:''' Have more than one series installed, to have something to fall back to.    −As an example, on August 28 2025 we had the following kernels in Cauldron:+As an example, on September 8, 2025 we had the following kernels in Cauldron: −* kernel-mainline -> 6.17.0-rc3 (x86_64, desktop only)+* kernel-mainline -> 6.17.0-rc4 (x86_64, desktop only)  * kernel-stable-testing -> 6.16.2 (x86_64, desktop only) * kernel-stable-testing -> 6.16.2 (x86_64, desktop only)  ** ''(kernel-stablenew -> 6.15.7 (x86_64, desktop only) - this series gets obsoleted in favour of kernel-stable-testing.)'' ** ''(kernel-stablenew -> 6.15.7 (x86_64, desktop only) - this series gets obsoleted in favour of kernel-stable-testing.)''  * kernel-stable -> 6.15.11 (x86_64, desktop only) * kernel-stable -> 6.15.11 (x86_64, desktop only) −* kernel -> 6.12.43 (all arches, all flavours)+* kernel -> 6.12.45 (all arches, all flavours)  * kernel-lts -> 6.6.100 (all arches, all flavours) * kernel-lts -> 6.6.100 (all arches, all flavours) Morgano

Publication date: 05 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6424 , CVE-2025-6425 , CVE-2025-6429 , CVE-2025-6430 , CVE-2025-8027 , CVE-2025-8028 , CVE-2025-8029 , CVE-2025-8030 , CVE-2025-8031 , CVE-2025-8032 , CVE-2025-8033 , CVE-2025-8034 , CVE-2025-8035 , CVE-2025-9179 , CVE-2025-9180 , CVE-2025-9181 , CVE-2025--9185 Description Use-after-free in FontFaceSet. (CVE-2025-6424) The WebCompat WebExtension shipped exposed a persistent UUID. (CVE-2025-6425) Incorrect parsing of URLs could have allowed embedding of youtube.com. (CVE-2025-6429) Content-Disposition header ignored when a file is included in an embed or object tag. (CVE-2025-6430) JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8035) Sandbox escape due to invalid pointer in the Audio/Video: GMP component. (CVE-2025-9179) Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180) Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. (CVE-2025-9185). For the armv7hl architecture this package fixes additional vulnerabilities; see the links below: https://advisories.mageia.org/MGASA-2025-0197.html https://advisories.mageia.org/MGASA-2025-0168.html https://advisories.mageia.org/MGASA-2025-0151.html https://advisories.mageia.org/MGASA-2025-0126.html https://advisories.mageia.org/MGASA-2025-0093.html https://advisories.mageia.org/MGASA-2025-0048.html https://advisories.mageia.org/MGASA-2025-0010.html https://advisories.mageia.org/MGASA-2024-0395.html https://advisories.mageia.org/MGASA-2024-0384.html https://advisories.mageia.org/MGASA-2024-0365.html https://advisories.mageia.org/MGASA-2024-0350.html https://advisories.mageia.org/MGASA-2024-0336.html https://advisories.mageia.org/MGASA-2024-0332.html References

• https://bugs.mageia.org/show_bug.cgi?id=34415
• https://www.thunderbird.net/en-US/thunderbird/128.12.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-55/
• https://www.thunderbird.net/en-US/thunderbird/128.13.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/
• https://www.thunderbird.net/en-US/thunderbird/128.14.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6424
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6425
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6429
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6430
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8027
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8028
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8029
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8030
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8031
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8032
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8033
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8034
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8035
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9179
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9180
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9181
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025--9185

SRPMS 9/core

• thunderbird-128.14.0-1.mga9
• thunderbird-l10n-128.14.0-1.mga9

Publication date: 05 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8027 , CVE-2025-8028 , CVE-2025-8029 , CVE-2025-8030 , CVE-2025-8031 , CVE-2025-8032 , CVE-2025-8033 , CVE-2025-8034 , CVE-2025-8035 , CVE-2025-9179 , CVE-2025-9180 , CVE-2025-9181 , CVE-2025-9185 Description JavaScript engine only wrote partial return value to stack. (CVE-2025-8027) Large branch table could lead to truncated instruction. (CVE-2025-8028) Javascript: URLs executed on object and embed tags. (CVE-2025-8029) Potential user-assisted code execution in “Copy as cURL” command. (CVE-2025-8030) Incorrect URL stripping in CSP reports. (CVE-2025-8031) XSLT documents could bypass CSP. (CVE-2025-8032) Incorrect JavaScript state machine for generators. (CVE-2025-8033) Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8034) Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. (CVE-2025-8035) Sandbox escape due to invalid pointer in the Audio/Video: GMP component. (CVE-2025-9179) Same-origin policy bypass in the Graphics: Canvas2D component. (CVE-2025-9180) Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181) Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. (CVE-2025-9185) References

• https://bugs.mageia.org/show_bug.cgi?id=34552
• https://www.firefox.com/en-US/firefox/128.13.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/
• https://www.firefox.com/en-US/firefox/128.14.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/
• https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_114.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8027
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8028
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8029
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8030
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8031
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8032
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8033
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8034
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8035
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9179
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9180
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9181
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9185

SRPMS 9/core

• firefox-128.14.0-1.4.mga9
• firefox-l10n-128.14.0-1.mga9
• nss-3.115.1-1.mga9
• nspr-4.37-1.mga9
• rootcerts-20250808.00-1.mga9