Lector de Feeds

← Older revision Revision as of 17:26, 8 November 2025 (2 intermediate revisions by the same user not shown)Line 40: Line 40:    $ ls   $ ls    $ less <filename>   $ less <filename> −will show them locally. (The extra final ID... line is not our affair). Here is a typical security example:+will show them locally. The last line, starting with ID: is generated by the system that pushes updates from the testing to the updates repositories. The line is added to local copy of the advisory the first time 'svn up' is run after the update has been pushed. Here is a typical security example:  <pre> <pre>  type: security type: security Line 109: Line 109:     The following command should then work : The following command should then work :  +<pre>    $ svn ls svn+ssh://svn.mageia.org/svn/advisories/   $ svn ls svn+ssh://svn.mageia.org/svn/advisories/ − +</pre>  It is recommended to add a config for ssh, in ~/.ssh, so that it always automatically associates the MageiaUser with svn.mageia.org. It is recommended to add a config for ssh, in ~/.ssh, so that it always automatically associates the MageiaUser with svn.mageia.org.  Create ''~/.ssh/config'' with this inside it: Create ''~/.ssh/config'' with this inside it: Davidwhodgins

← Older revision Revision as of 19:36, 7 November 2025 (One intermediate revision by the same user not shown)Line 57: Line 57:    | Marja van Waes || marja || marja11 [at] freedom [dot] nl|| || '''Deputy''' ||   | Marja van Waes || marja || marja11 [at] freedom [dot] nl|| || '''Deputy''' ||    |-   |- −  | José Alberto Valle Cid || kanatek || j.alberto.vc@gmail.com  ||  ||  ||+  | José Alberto Valle Cid || katnatek || j.alberto.vc [at] gmail [dot] com  ||  ||  ||    |-   |- −  | Roelof Wobben || RoelofW || r.wobben@home.nl ||  ||  ||+  | Frank Sturm || sturmvogel || sturm-fr [at] web [dot] de ||  ||  ||  + |-  + | Frank Griffin || ftg || ftg [at] roadrunner [dot] com ||  ||  ||  |} |}    Lewyssmith

Publication date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53057 , CVE-2025-53066 Description Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2025-53057) Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. (CVE-2025-53066) References

• https://bugs.mageia.org/show_bug.cgi?id=34697
• https://access.redhat.com/errata/RHSA-2025:18815
• https://access.redhat.com/errata/RHSA-2025:18818
• https://access.redhat.com/errata/RHSA-2025:18821
• https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixJAVA
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53057
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53066

SRPMS 9/core

• java-1.8.0-openjdk-1.8.0.472.b08-1.mga9
• java-11-openjdk-11.0.29.0.7-1.mga9
• java-17-openjdk-17.0.17.0.10-1.mga9
• java-latest-openjdk-25.0.1.0.8-1.rolling.1.mga9

Publication date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6965 Description Integer Truncation on SQLite. (CVE-2025-6965) References

• https://bugs.mageia.org/show_bug.cgi?id=34626
• https://www.openwall.com/lists/oss-security/2025/09/06/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965

SRPMS 9/core

• sqlite3-3.40.1-1.3.mga9

Publication date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-5283 Description Double-free in libvpx encoder. (CVE-2025-5283) References

• https://bugs.mageia.org/show_bug.cgi?id=34346
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFW4D73K3AUKLCFQCO3CMQVM3FH6SE6V/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5283

SRPMS 9/core

• libvpx-1.12.0-1.4.mga9

Publication date: 07 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-9732 Description A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34718
• https://lists.debian.org/debian-lts-announce/2025/11/msg00006.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9732

SRPMS 9/core

• dcmtk-3.6.7-4.6.mga9

Publication date: 07 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description Added support for YCbCr 4:2:2 display modes over HDMI Fixed Rate Link (FRL). This capability is only supported on Blackwell or later. Downgraded an error message "Failed to allocate NvKmsKapiDevice" to an informational message "NUMA was not set up yet; ignoring this device" when initializing nvidia-drm in cases where initialization is expected to fail due to NUMA not being online. Fixed a bug that caused interactive object outlines to not be rendered in Indiana Jones and the Great Circle. Fixed a regression introduced in the 575 driver series that caused GPUs to be powered on unnecessarily when processing redundant system power source notifications from the ACPI subsystem. References

• https://bugs.mageia.org/show_bug.cgi?id=34712
• https://www.nvidia.com/en-us/drivers/details/254665/

SRPMS 9/nonfree

• nvidia-current-580.95.05-1.mga9.nonfree