Lector de Feeds
[dev] strange message when building linuxsampler for Cauldron with mock - philippedidier@laposte.net
MGASA-2025-0271 - Updated opencontainers-runc packages fix security vulnerabilities
Publication date: 09 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31133 , CVE-2025-52565 , CVE-2025-52881 Description The way masked paths are implemented in runc can be exploited to cause the host system to crash or halt (CVE-2025-31133) and a flaw in /dev/console bind-mounts can lead to container escape (CVE-2025-52565). Also, arbitrary write gadgets and procfs write redirects could be used to engineer container escape and denial of service (CVE-2025-52881). References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31133 , CVE-2025-52565 , CVE-2025-52881 Description The way masked paths are implemented in runc can be exploited to cause the host system to crash or halt (CVE-2025-31133) and a flaw in /dev/console bind-mounts can lead to container escape (CVE-2025-52565). Also, arbitrary write gadgets and procfs write redirects could be used to engineer container escape and denial of service (CVE-2025-52881). References
- https://bugs.mageia.org/show_bug.cgi?id=34719
- https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2
- https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm
- https://www.openwall.com/lists/oss-security/2025/11/05/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881
- opencontainers-runc-1.2.8-2.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0270 - Updated xen packages fix security vulnerabilities
Publication date: 09 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-31143 , CVE-2024-31144 , CVE-2024-31145 , CVE-2024-31146 , CVE-2024-45817 , CVE-2024-45818 , CVE-2024-45819 , CVE-2024-53240 , CVE-2024-53241 , CVE-2025-1713 , CVE-2024-28956 , CVE-2025-27462 , CVE-2025-27463 , CVE-2025-27464 , CVE-2025-27465 , CVE-2024-36350 , CVE-2024-36357 Description Double unlock in x86 guest IRQ handling. (CVE-2024-31143) Xapi: Metadata injection attack against backup/restore functionality. (CVE-2024-31144) Error handling in x86 IOMMU identity mapping. (CVE-2024-31145) PCI device pass-through with shared resources. (CVE-2024-31146) x86: Deadlock in vlapic_error(). (CVE-2024-45817) Deadlock in x86 HVM standard VGA handling. (CVE-2024-45818) libxl leaks data to PVH guests via ACPI tables. (CVE-2024-45819) Backend can crash Linux netfront. (CVE-2024-53240) Xen hypercall page unsafe against speculative attacks. (CVE-2024-53241) Deadlock potential with VT-d and legacy PCI device pass-through. (CVE-2025-1713) x86: Indirect Target Selection. (CVE-2024-28956) x86: Incorrect stubs exception handling for flags recovery. (CVE-2025-27465) TSA-SQ (TSA in the Store Queues). (CVE-2024-36350) TSA-L1 (TSA in the L1 data cache). (CVE-2024-36357) A NULL pointer dereference in the updating of the reference TSC area. (CVE-2025-27466) A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. (CVE-2025-58142) A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. (CVE-2025-58143) An assertion is wrong there, where the case actually needs handling. A NULL pointer de-reference could result on a release build. (CVE-2025-58144) The P2M lock isn't held until a page reference was actually obtained (or the attempt to do so has failed). Otherwise the page can not only change type, but even ownership in between, thus allowing domain boundaries to be violated. (CVE-2025-58145) XAPI UTF-8 string handling. (CVE-2025-58146) Hypercalls using the HV_VP_SET Sparse format can cause vpmask_set() to write out of bounds when converting the bitmap to Xen's format. (CVE-2025-58147) Hypercalls using any input format can cause send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild vCPU pointer.(CVE-2025-58148) Incorrect removal of permissions on PCI device unplug. (CVE-2025-58149) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-31143 , CVE-2024-31144 , CVE-2024-31145 , CVE-2024-31146 , CVE-2024-45817 , CVE-2024-45818 , CVE-2024-45819 , CVE-2024-53240 , CVE-2024-53241 , CVE-2025-1713 , CVE-2024-28956 , CVE-2025-27462 , CVE-2025-27463 , CVE-2025-27464 , CVE-2025-27465 , CVE-2024-36350 , CVE-2024-36357 Description Double unlock in x86 guest IRQ handling. (CVE-2024-31143) Xapi: Metadata injection attack against backup/restore functionality. (CVE-2024-31144) Error handling in x86 IOMMU identity mapping. (CVE-2024-31145) PCI device pass-through with shared resources. (CVE-2024-31146) x86: Deadlock in vlapic_error(). (CVE-2024-45817) Deadlock in x86 HVM standard VGA handling. (CVE-2024-45818) libxl leaks data to PVH guests via ACPI tables. (CVE-2024-45819) Backend can crash Linux netfront. (CVE-2024-53240) Xen hypercall page unsafe against speculative attacks. (CVE-2024-53241) Deadlock potential with VT-d and legacy PCI device pass-through. (CVE-2025-1713) x86: Indirect Target Selection. (CVE-2024-28956) x86: Incorrect stubs exception handling for flags recovery. (CVE-2025-27465) TSA-SQ (TSA in the Store Queues). (CVE-2024-36350) TSA-L1 (TSA in the L1 data cache). (CVE-2024-36357) A NULL pointer dereference in the updating of the reference TSC area. (CVE-2025-27466) A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. (CVE-2025-58142) A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. (CVE-2025-58143) An assertion is wrong there, where the case actually needs handling. A NULL pointer de-reference could result on a release build. (CVE-2025-58144) The P2M lock isn't held until a page reference was actually obtained (or the attempt to do so has failed). Otherwise the page can not only change type, but even ownership in between, thus allowing domain boundaries to be violated. (CVE-2025-58145) XAPI UTF-8 string handling. (CVE-2025-58146) Hypercalls using the HV_VP_SET Sparse format can cause vpmask_set() to write out of bounds when converting the bitmap to Xen's format. (CVE-2025-58147) Hypercalls using any input format can cause send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild vCPU pointer.(CVE-2025-58148) Incorrect removal of permissions on PCI device unplug. (CVE-2025-58149) References
- https://bugs.mageia.org/show_bug.cgi?id=33401
- https://www.openwall.com/lists/oss-security/2024/07/16/3
- https://www.openwall.com/lists/oss-security/2024/07/16/4
- https://www.openwall.com/lists/oss-security/2024/08/14/2
- https://www.openwall.com/lists/oss-security/2024/08/14/3
- https://www.openwall.com/lists/oss-security/2024/09/24/1
- https://www.openwall.com/lists/oss-security/2024/11/12/2
- https://www.openwall.com/lists/oss-security/2024/11/12/1
- https://www.openwall.com/lists/oss-security/2024/12/17/1
- https://www.openwall.com/lists/oss-security/2024/12/17/2
- https://www.openwall.com/lists/oss-security/2025/02/27/1
- https://www.openwall.com/lists/oss-security/2025/05/12/4
- https://www.openwall.com/lists/oss-security/2025/05/12/5
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KEACKX57LEHS2YKZ4PO5DYNOQRGQSDO2/
- https://www.openwall.com/lists/oss-security/2025/05/27/1
- https://www.openwall.com/lists/oss-security/2025/07/01/1
- https://www.openwall.com/lists/oss-security/2025/07/08/2
- https://www.openwall.com/lists/oss-security/2025/08/28/2
- https://www.openwall.com/lists/oss-security/2025/09/09/1
- https://www.openwall.com/lists/oss-security/2025/09/09/2
- https://www.openwall.com/lists/oss-security/2025/09/09/3
- https://www.openwall.com/lists/oss-security/2025/10/21/1
- https://www.openwall.com/lists/oss-security/2025/10/24/1
- https://www.openwall.com/lists/oss-security/2025/11/05/4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31143
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31144
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31145
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31146
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45817
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45818
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45819
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53240
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53241
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1713
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28956
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27462
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27463
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27464
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27465
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36350
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36357
- xen-4.17.5-1.git20251028.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2025-0269 - Updated libxml2 & libxslt packages fix security vulnerabilities
Publication date: 09 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49794 , CVE-2025-49795 , CVE-2025-49796 , CVE-2025-6021 , CVE-2025-6170 , CVE-2025-7424 , CVE-2025-7425 Description Heap use after free (UAF) leads to Denial of service (DoS). (CVE-2025-49794) Null pointer dereference leads to Denial of service (DoS). (CVE-2025-49795) Type confusion leads to Denial of service (DoS). (CVE-2025-49796) Integer Overflow Leading to Buffer Overflow in xmlBuildQName(). (CVE-2025-6021) Stack-based Buffer Overflow in xmllint Shell. (CVE-2025-6170) Type confusion in xmlNode.psvi between stylesheet and source nodes. (CVE-2025-7424) Heap-use-after-free in xmlFreeID caused by `atype` corruption. (CVE-2025-7425) References
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49794 , CVE-2025-49795 , CVE-2025-49796 , CVE-2025-6021 , CVE-2025-6170 , CVE-2025-7424 , CVE-2025-7425 Description Heap use after free (UAF) leads to Denial of service (DoS). (CVE-2025-49794) Null pointer dereference leads to Denial of service (DoS). (CVE-2025-49795) Type confusion leads to Denial of service (DoS). (CVE-2025-49796) Integer Overflow Leading to Buffer Overflow in xmlBuildQName(). (CVE-2025-6021) Stack-based Buffer Overflow in xmllint Shell. (CVE-2025-6170) Type confusion in xmlNode.psvi between stylesheet and source nodes. (CVE-2025-7424) Heap-use-after-free in xmlFreeID caused by `atype` corruption. (CVE-2025-7425) References
- https://bugs.mageia.org/show_bug.cgi?id=34378
- https://www.openwall.com/lists/oss-security/2025/06/16/6
- https://www.openwall.com/lists/oss-security/2025/07/11/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49795
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7424
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7425
- libxml2-2.10.4-1.8.mga9
- libxslt-1.1.38-1.2.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2025-0092 - Updated qarte packages fix bug
Publication date: 09 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description Changes in arte.tv make the current version of qrte fail to work. This update fixes the issue. Errata: the package's changelog makes reference to an invalid bug number. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Changes in arte.tv make the current version of qrte fail to work. This update fixes the issue. Errata: the package's changelog makes reference to an invalid bug number. References SRPMS 9/core
- qarte-5.14.0-1.mga9
Categorías: Actualizaciones de Seguridad
