Lector de Feeds

Publication date: 05 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1153 , CVE-2025-1176 , CVE-2025-1178 , CVE-2025-1181 , CVE-2025-1182 Description GNU Binutils format.c bfd_set_format memory corruption. (CVE-2025-1153) GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow. (CVE-2025-1176) GNU Binutils ld libbfd.c bfd_putl64 memory corruption. (CVE-2025-1178) GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption. (CVE-2025-1181) GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption. (CVE-2025-1182) References

• https://bugs.mageia.org/show_bug.cgi?id=34180
• https://ubuntu.com/security/notices/USN-7423-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1153
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1176
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1178
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1181
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1182

SRPMS 9/core

• binutils-2.40-11.2.mga9

Publication date: 05 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2784 , CVE-2025-32049 , CVE-2025-32050 , CVE-2025-32051 , CVE-2025-32052 , CVE-2025-32053 , CVE-2025-32906 , CVE-2025-32907 , CVE-2025-32908 , CVE-2025-32909 , CVE-2025-32910 , CVE-2025-32911 , CVE-2025-32912 , CVE-2025-32913 , CVE-2025-32914 Description Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content. (CVE-2025-2784) Libsoup: denial of service attack to websocket server. (CVE-2025-32049) Libsoup: integer overflow in append_param_quoted. (CVE-2025-32050) Libsoup: segmentation fault when parsing malformed data uri. (CVE-2025-32051) Libsoup: heap buffer overflow in sniff_unknown(). (CVE-2025-32052) Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space(). (CVE-2025-32053) Libsoup: out of bounds reads in soup_headers_parse_request(). (CVE-2025-32906) Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header. (CVE-2025-32907) Libsoup: denial of service on libsoup through http/2 server. (CVE-2025-32908) Libsoup: null pointer dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c. (CVE-2025-32909) Libsoup: null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an unauthorized response with digest authentication. (CVE-2025-32910) Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value. (CVE-2025-32911) Libsoup: null pointer dereference in client when server omits the "nonce" parameter in an unauthorized response with digest authentication. (CVE-2025-32912) Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header. (CVE-2025-32913) Libsoup: oob read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process. (CVE-2025-32914) Libsoup: memory leak on soup_header_parse_quality_list() via soup-headers.c. (CVE-2025-46420) Libsoup: information disclosure may leads libsoup client sends authorization header to a different host when being redirected by a server. (CVE-2025-46421) Libsoup: null pointer dereference in libsoup may lead to denial of service. (CVE-2025-4476) Libsoup: integer overflow in cookie expiration date handling in libsoup. (CVE-2025-4945) References

• https://bugs.mageia.org/show_bug.cgi?id=34187
• https://ubuntu.com/security/notices/USN-7432-1
• https://openwall.com/lists/oss-security/2025/04/18/4
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/53THXHSDPP4TLMFRSP5DPLY4DK72M7XY/
• https://ubuntu.com/security/notices/USN-7543-1
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/NK7USYFSJPRTIVISSEDBLS53JCM5ETOI/
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/EPLHUVQI4JICGWTVGG7KI7D4BMHB34YD/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2784
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32049
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32050
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32051
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32052
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32053
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32906
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32907
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32908
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32909
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32910
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32911
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32912
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32913
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32914

SRPMS 9/core

• libsoup3-3.4.2-1.2.mga9
• libsoup-2.74.3-1.2.mga9

Publication date: 05 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-3469 , CVE-2025-32696 , CVE-2025-32697 , CVE-2025-32698 , CVE-2025-32699 , CVE-2025-32700 , CVE-2025-32072 , CVE-2025-11173 , CVE-2025-11261 , CVE-2025-61635 , CVE-2025-61638 , CVE-2025-61639 , CVE-2025-61640 , CVE-2025-61641 , CVE-2025-61643 , CVE-2025-61646 , CVE-2025-61653 Description i18n XSS vulnerability in HTMLMultiSelectField when sections are used. (CVE-2025-3469) "reupload-own" restriction can be bypassed by reverting file. (CVE-2025-32696) Cascading protection is not preventing file reversions. (CVE-2025-32697) LogPager.php: Restriction enforcer functions do not correctly enforce suppression restrictions. (CVE-2025-32698) Potential javascript injection attack enabled by Unicode normalization in Action API. (CVE-2025-32699) AbuseFilter log interfaces expose global private and hidden filters when central DB is not available. (CVE-2025-32700) HTML injection in feed output from i18n message. (CVE-2025-32072) OATHAuth extension: Reauthentication for enabling 2FA can be bypassed by submitting a form in Special:OATHManage. (CVE-2025-11173) Stored i18n Cross-site scripting (XSS) vulnerability in mw.language.listToText. (CVE-2025-11261) ConfirmEdit extension: Missing rate limiting in ApiFancyCaptchaReload. (CVE-2025-61635) Parsoid: Validation bypass for `data-` attributes. (CVE-2025-61638) Log entries which are hidden from the creation of the entry may be disclosed to the public recent change entry. (CVE-2025-61639) Stored i18n Cross-site scripting (XSS) vulnerability in Special:RecentChangesLinked. (CVE-2025-61640) DDoS vulnerability in QueryAllPages API in miser mode. The `maxsize` value is now ignored in that mode. (CVE-2025-61641) Suppressed recent changes may be disclosed to the public RCFeeds. (CVE-2025-61643) Public Watchlist/RecentChanges pages may disclose hidden usernames when an individual editor makes consecutive revisions on a single page, and only some are marked as hidden username. (CVE-2025-61646) TextExtracts extension: Information disclosure vulnerability in the extracts API action endpoint due to missing read permission check. (CVE-2025-61653) VisualEditor extension: Stored i18n Cross-site scripting (XSS) vulnerability in `lastModifiedAt` system messages. (CVE-2025-61655) VisualEditor extension: Missing attribute validation for attributes unwrapped from `data-ve-attributes`. (CVE-2025-61656) References

• https://bugs.mageia.org/show_bug.cgi?id=34211
• https://lists.debian.org/debian-security-announce/2025/msg00063.html
• https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/CIXFJVC57OFRBCCEIDRLZCLFGMYGEYTT/
• https://lists.debian.org/debian-security-announce/2025/msg00121.html
• https://lists.debian.org/debian-lts-announce/2025/10/msg00034.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3469
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32696
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32697
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32698
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32699
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32700
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32072
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11173
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11261
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61635
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61638
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61639
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61640
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61641
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61643
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61646
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61653

SRPMS 9/core

• mediawiki-1.35.14-1.1.mga9

Publication date: 05 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46836 Description net-tools Stack-based Buffer Overflow vulnerability. (CVE-2025-46836) References

• https://bugs.mageia.org/show_bug.cgi?id=34295
• https://lists.debian.org/debian-security-announce/2025/msg00086.html
• https://ubuntu.com/security/notices/USN-7537-1
• https://ubuntu.com/security/notices/USN-7537-2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46836

SRPMS 9/core

• net-tools-2.10-1.1.mga9

Publication date: 05 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-36347 Description AMD CPU Microcode Signature Verification Vulnerability. (CVE-2024-36347) References

• https://bugs.mageia.org/show_bug.cgi?id=34706
• https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7033.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36347

SRPMS 9/nonfree

• microcode-0.20250812-3.mga9.nonfree

Remove the temporary copy of the English translation of our constitution, because it has been available on https://www.mageia.org/en/about/constitution/ since long ago

Show changes Marja

‎USA: Update the Remy Services entry

← Older revision Revision as of 15:29, 5 November 2025 (2 intermediate revisions by the same user not shown)Line 1: Line 1:  {{multi language banner|[[Commercial_vendors|English]] ; [[Commercial_vendors_pl|Polski]] ; [[Área_Comercial_pt-PT|Português (Portugal)]] ; [[Fornecedores comerciais - pt-BR|português brasileiro]] ;}} {{multi language banner|[[Commercial_vendors|English]] ; [[Commercial_vendors_pl|Polski]] ; [[Área_Comercial_pt-PT|Português (Portugal)]] ; [[Fornecedores comerciais - pt-BR|português brasileiro]] ;}}    −{{Draft}}      For-profit organizations are part of the Mageia ecosystem. The following companies provide commercial services with or around Mageia software, tools or project. For-profit organizations are part of the Mageia ecosystem. The following companies provide commercial services with or around Mageia software, tools or project. Line 8: Line 7:     == Consulting, training, development services == == Consulting, training, development services ==  +  +=== France ===  +  +* '''Open Source Software Assurance''' - https://www.linagora.com/ - From Open Source Leader company ! Our mission : bug hunting, support, assistance and Open Source lifecycle management from Open Source experts !  +  +* '''SIVEO''' - http://www.siveo.net/ - SIVEO is an infrastructure automation software company; it is a young company creates innovative in November 2008. First French company labelled in the INTEL CLOUD Builder initiative for its eVA solution, SIVEO works with publishers, SSII, public and private accounts. [https://blog.mageia.org/en/2015/11/17/siveo-joins-mageia/ SIVEO joins Mageia <!--is first official sponsor of the Mageia project (To be discussed, this is ambiguous - Stormi). (Commenting that part out for now, to avoid that companies feel offended who have donated in whichever way to Mageia and were earlier in time to do that marja, 2016-04-21)-->] [https://twitter.com/eVPlanet Follow us on twitter.]  +  +=== USA ===  +  +* '''Remy Services, LLC''' - https://www.remyservices.net/remyservices/about/ - (2025-11-05: currently only for existing customers) We offer remote and onsite computer maintenance and repair to help you with all your computer needs. Everything from virus or malware removal, data recovery, network installations, hardware installation, laptop repairs and general cleanup. Our recent work: Mageia Package QA Testing.     <!--- * '''Name''' - url or contact - City, Country <!--- * '''Name''' - url or contact - City, Country Line 13: Line 22:     == Hosting == == Hosting ==  +*  '''GigaTux''' - http://www.gigatux.com/distro/mageia_vps Gigatux supports the latest Mageia stable version on demand     <!--- * '''Name''' - url, city --> <!--- * '''Name''' - url, city -->     == Hardware vendors == == Hardware vendors ==  +=== United Kingdom ===  +* '''Ministry of Freedom''' - https://minifree.org/ (website in English) - Essex - Selling laptop, desktop and server computers with Mageia preinstalled, along with a free/opensource BIOS called [https://libreboot.org/ Libreboot]  +  +=== Belgium ===  +* '''PC-Fixer.be''' - http://www.pc-fixer.be/ (website in French) - Brussels - Selling laptop and desktop computers with Mageia preinstalled     === Germany === === Germany === Marja

Publication date: 04 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-48174 , CVE-2025-48175 Description In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. (CVE-2025-48174) In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. (CVE-2025-48175) References

• https://bugs.mageia.org/show_bug.cgi?id=34336
• https://lists.debian.org/debian-security-announce/2025/msg00094.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48174
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48175

SRPMS 9/core

• libavif-0.11.1-1.1.mga9

Publication date: 04 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-47912 , CVE-2025-58183 , CVE-2025-58185 , CVE-2025-58186 , CVE-2025-58187 , CVE-2025-58188 , CVE-2025-58189 , CVE-2025-61723 , CVE-2025-61724 , CVE-2025-61725 Description Insufficient validation of bracketed IPv6 hostnames in net/url. (CVE-2025-47912) Unbounded allocation when parsing GNU sparse map in archive/tar. (CVE-2025-58183) Parsing DER payload can cause memory exhaustion in encoding/asn1. (CVE-2025-58185) Lack of limit when parsing cookies can cause memory exhaustion in net/http. (CVE-2025-58186) Quadratic complexity when checking name constraints in crypto/x509. (CVE-2025-58187) Panic when validating certificates with DSA public keys in crypto/x509. (CVE-2025-58188) ALPN negotiation error contains attacker controlled information in crypto/tls. (CVE-2025-58189) Quadratic complexity when parsing some invalid inputs in encoding/pem. (CVE-2025-61723) Excessive CPU consumption in Reader.ReadResponse in net/textproto. (CVE-2025-61724) Excessive CPU consumption in ParseAddress in net/mail. (CVE-2025-61725) These packages fix the issues for the compiler only; applications using the functions still need to be rebuilt. References

• https://bugs.mageia.org/show_bug.cgi?id=34651
• https://www.openwall.com/lists/oss-security/2025/10/08/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47912
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58185
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58186
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58187
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58188
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58189
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61723
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61724
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61725

SRPMS 9/core

• golang-1.24.9-1.mga9

‎France: Removing Hupstream because it no longer exists since 2023-12-31 https://www.pappers.fr/entreprise/hupstream-532262268

← Older revision Revision as of 12:44, 4 November 2025 (One intermediate revision by the same user not shown)Line 1: Line 1:  {{multi language banner|[[Commercial_vendors|English]] ; [[Commercial_vendors_pl|Polski]] ; [[Área_Comercial_pt-PT|Português (Portugal)]] ; [[Fornecedores comerciais - pt-BR|português brasileiro]] ;}} {{multi language banner|[[Commercial_vendors|English]] ; [[Commercial_vendors_pl|Polski]] ; [[Área_Comercial_pt-PT|Português (Portugal)]] ; [[Fornecedores comerciais - pt-BR|português brasileiro]] ;}}    −{{Draft}}      For-profit organizations are part of the Mageia ecosystem. The following companies provide commercial services with or around Mageia software, tools or project. For-profit organizations are part of the Mageia ecosystem. The following companies provide commercial services with or around Mageia software, tools or project. Line 8: Line 7:     == Consulting, training, development services == == Consulting, training, development services ==  +  +=== France ===  +  +* '''Open Source Software Assurance''' - https://www.linagora.com/ - From Open Source Leader company ! Our mission : bug hunting, support, assistance and Open Source lifecycle management from Open Source experts !  +  +* '''SIVEO''' - http://www.siveo.net/ - SIVEO is an infrastructure automation software company; it is a young company creates innovative in November 2008. First French company labelled in the INTEL CLOUD Builder initiative for its eVA solution, SIVEO works with publishers, SSII, public and private accounts. [https://blog.mageia.org/en/2015/11/17/siveo-joins-mageia/ SIVEO joins Mageia <!--is first official sponsor of the Mageia project (To be discussed, this is ambiguous - Stormi). (Commenting that part out for now, to avoid that companies feel offended who have donated in whichever way to Mageia and were earlier in time to do that marja, 2016-04-21)-->] [https://twitter.com/eVPlanet Follow us on twitter.]  +  +=== USA ===  +  +* '''Remy Services, LLC''' - https://community.spiceworks.com/service-providers/975-remy-services-llc - We offer remote and onsite computer maintenance and repair to help you with all your computer needs. Everything from virus or malware removal, data recovery, network installations, hardware installation, laptop repairs and general cleanup. Our recent work: Mageia Package QA Testing.     <!--- * '''Name''' - url or contact - City, Country <!--- * '''Name''' - url or contact - City, Country Line 13: Line 22:     == Hosting == == Hosting ==  +*  '''GigaTux''' - http://www.gigatux.com/distro/mageia_vps Gigatux supports the latest Mageia stable version on demand     <!--- * '''Name''' - url, city --> <!--- * '''Name''' - url, city -->     == Hardware vendors == == Hardware vendors ==  +=== United Kingdom ===  +* '''Ministry of Freedom''' - https://minifree.org/ (website in English) - Essex - Selling laptop, desktop and server computers with Mageia preinstalled, along with a free/opensource BIOS called [https://libreboot.org/ Libreboot]  +  +=== Belgium ===  +* '''PC-Fixer.be''' - http://www.pc-fixer.be/ (website in French) - Brussels - Selling laptop and desktop computers with Mageia preinstalled     === Germany === === Germany === Marja

‎Reply to Marja: Reply to Yuusha

← Older revision Revision as of 10:48, 4 November 2025 Line 64: Line 64:  --[[User:Yuusha|yuusha]] ([[User talk:Yuusha|talk]]) 20:54, 29 October 2025 (UTC) --[[User:Yuusha|yuusha]] ([[User talk:Yuusha|talk]]) 20:54, 29 October 2025 (UTC)  No, I don't take time to contact the vendors. But I was very conservative with the deletion. I delete link only when I was almost certain that these websites doesn't have any activities related to Mageia or even related to Linux distributions. That's why I let the websites that seem to still have Mageia product. No, I don't take time to contact the vendors. But I was very conservative with the deletion. I delete link only when I was almost certain that these websites doesn't have any activities related to Mageia or even related to Linux distributions. That's why I let the websites that seem to still have Mageia product.  +===Reply to Yuusha===  +--[[User:Marja|marja]] ([[User talk:Marja|talk]]) 10:48, 4 November 2025 (UTC)  +Thanks for the reply.  +The last note on the page is there for a reason, it happened before that a vendor was wrongly removed. Therefore I'll revert your changes, even if I think it was very good that you looked into this.  +The companies should be contacted and asked whether their entry on the page is still valid and, if not, asked whether it should be updated (and then how) or removed.  +If you don't receive a mail from me to our council and board about this today, then please send one yourself or ping me. Marja