Lector de Feeds

Publication date: 09 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-27624 Description IPv4-mapped IPv6 (::ffff:0:0/96) bypasses denied-peer-ip ACL. (CVE-2026-27624) References

• https://bugs.mageia.org/show_bug.cgi?id=35179
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37LHFMZ3OPUJRL3DZ3WVCJ7FO62HMVUT/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27624

SRPMS 9/core

• coturn-4.6.2-1.1.mga9

Publication date: 06 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-25674 Description Potential incorrect permissions on newly created file system objects. (CVE-2026-25674) References

• https://bugs.mageia.org/show_bug.cgi?id=35176
• https://www.openwall.com/lists/oss-security/2026/03/03/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25674

SRPMS 9/core

• python-django-4.1.13-1.11.mga9

Publication date: 06 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-28417 , CVE-2026-28418 , CVE-2026-28419 , CVE-2026-28420 , CVE-2026-28421 , CVE-2026-28422 Description OS Command Injection in netrw affects Vim < 9.2.0073. (CVE-2026-28417) Heap-based Buffer Overflow in Emacs tags parsing affects Vim < 9.2.0074. (CVE-2026-28418) Heap-based Buffer Underflow in Emacs tags parsing affects Vim < 9.2.0075. (CVE-2026-28419) Heap-based Buffer Overflow and OOB Read in :terminal affects Vim < 9.2.0076. (CVE-2026-28420) Multiple Vulnerabilities in Swap File Recovery affect Vim < 9.2.0077. (CVE-2026-28421) Stack-buffer-overflow in build_stl_str_hl() affects Vim < 9.2.0078. (CVE-2026-28422) References

• https://bugs.mageia.org/show_bug.cgi?id=35167
• https://www.openwall.com/lists/oss-security/2026/02/27/6
• https://www.openwall.com/lists/oss-security/2026/02/27/7
• https://www.openwall.com/lists/oss-security/2026/02/27/8
• https://www.openwall.com/lists/oss-security/2026/02/27/9
• https://www.openwall.com/lists/oss-security/2026/02/27/10
• https://www.openwall.com/lists/oss-security/2026/02/27/11
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28417
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28418
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28419
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28420
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28421
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28422

SRPMS 9/core

• vim-9.2.106-1.mga9

Publication date: 06 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-10158 Description Out of bounds array access via negative index. (CVE-2025-10158) References

• https://bugs.mageia.org/show_bug.cgi?id=35177
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QZOPBIA4TYYH7HBPKXO4XFIWVXML27HR/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10158

SRPMS 9/core

• rsync-3.2.7-1.3.mga9

Publication date: 26 Feb 2026
Type: bugfix
Affected Mageia releases : 9
Description The update includes a patch from Fedora which allows the production of metadata for python3-libsolv. References

• https://bugs.mageia.org/show_bug.cgi?id=35148
• https://bugzilla.redhat.com/show_bug.cgi?id=2252743

SRPMS 9/core

• libsolv-0.7.35-1.1.mga9

Publication date: 23 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2049 , CVE-2026-2050 Description ZDI-CAN-28618: New Vulnerability Report at rgbe.c. (CVE-2026-2049) ZDI-CAN-28266: New Vulnerability Report at rgbe.c. (CVE-2026-2050) References

• https://bugs.mageia.org/show_bug.cgi?id=35147
• https://lists.debian.org/debian-security-announce/2026/msg00051.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2049
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2050

SRPMS 9/core

• gegl-0.4.42-1.1.mga9

Publication date: 22 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-23530 , CVE-2026-23531 , CVE-2026-23532 , CVE-2026-23533 , CVE-2026-23534 , CVE-2026-23948 , CVE-2026-24491 , CVE-2026-24675 , CVE-2026-24676 , CVE-2026-24677 , CVE-2026-24678 , CVE-2026-24679 , CVE-2026-24680 , CVE-2026-24681 , CVE-2026-24682 , CVE-2026-24683 , CVE-2026-24684 Description FreeRDP has heap-buffer-overflow in planar_decompress_plane_rle. (CVE-2026-23530) FreeRDP has heap-buffer-overflow in clear_decompress. (CVE-2026-23531) FreeRDP has heap-buffer-overflow in gdi_SurfaceToSurface. (CVE-2026-23532) FreeRDP has heap-buffer-overflow in clear_decompress_residual_data. (CVE-2026-23533) FreeRDP has heap-buffer-overflow in clear_decompress_bands_data. (CVE-2026-23534) FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2(). (CVE-2026-23948) FreeRDP has a heap-use-after-free in video_timer. (CVE-2026-24491) FreeRDP has a Heap-use-after-free in urb_select_interface. (CVE-2026-24675) FreeRDP has a heap-use-after-free in audio_format_compatible. (CVE-2026-24676) FreeRDP has a heap-buffer-overflow in ecam_encoder_compress_h264. (CVE-2026-24677) FreeRDP has a Heap-use-after-free in cam_v4l_stream_capture_thread. (CVE-2026-24678) FreeRDP has a heap-buffer-overflow in urb_select_interface. (CVE-2026-24679) FreeRDP has a heap-use-after-free in update_pointer_new(SDL). (CVE-2026-24680) FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb. (CVE-2026-24681) FreeRDP has a Heap-buffer-overflow in audio_formats_free. (CVE-2026-24682) FreeRDP has a heap-use-after-free in ainput_send_input_event. (CVE-2026-24683) FreeRDP has a Heap-use-after-free in play_thread. (CVE-2026-24684) References

• https://bugs.mageia.org/show_bug.cgi?id=35038
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3PECP75D65BGMOXX4VA6VFZW5A365UOB/
• https://www.openwall.com/lists/oss-security/2026/02/09/8
• https://www.openwall.com/lists/oss-security/2026/02/10/1
• https://ubuntu.com/security/notices/USN-8004-1
• https://ubuntu.com/security/notices/USN-8042-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23530
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23531
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23532
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23533
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23534
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23948
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24491
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24675
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24676
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24677
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24678
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24679
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24680
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24681
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24682
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24683
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24684

SRPMS 9/core

• freerdp-2.11.7-1.2.mga9

Publication date: 22 Feb 2026
Type: bugfix
Affected Mageia releases : 9
Description The updated packages fix several crashes and rendering issues. References

• https://bugs.mageia.org/show_bug.cgi?id=35144
• https://webkitgtk.org/2026/02/09/webkitgtk2.50.5-released.html

SRPMS 9/core

• webkit2-2.50.5-1.mga9

Publication date: 20 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14831 Description Denial of service via excessive resource consumption during certificate verification. (CVE-2025-14831) References

• https://bugs.mageia.org/show_bug.cgi?id=35114
• https://www.openwall.com/lists/oss-security/2026/02/09/6
• https://lists.debian.org/debian-security-announce/2026/msg00049.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831

SRPMS 9/core

• gnutls-3.8.4-1.4.mga9

Publication date: 20 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2447 Description Heap buffer overflow in libvpx. (CVE-2026-2447) References

• https://bugs.mageia.org/show_bug.cgi?id=35137
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-10/
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-11/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2447

SRPMS 9/core

• libvpx-1.12.0-1.5.mga9

Publication date: 20 Feb 2026
Type: bugfix
Affected Mageia releases : 9
Description Updated mariadb package fix crashes when not using grant tables. The latest update introduced a bug which makes mariadb crash in case it was started with skip-grant-tables. E.g. akonadi uses mariadb as a backend and does not use the rights management. This update fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=35139
• https://bugs.kde.org/show_bug.cgi?id=515873

SRPMS 9/core

• mariadb-11.4.10-1.1.mga9

Publication date: 20 Feb 2026
Type: bugfix
Affected Mageia releases : 9
Description Minor fixes to our alternative sddm theme. References

• https://bugs.mageia.org/show_bug.cgi?id=35119

SRPMS 9/core

• sddm-theme-coffee-ng-2.0-1.2.mga9

Publication date: 18 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-24853 , CVE-2025-31648 Description The updated package updates AMD CPUs microcodes and fixes security vulnerabilities in Intel CPUs microcodes: Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-24853) Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts. (CVE-2025-31648) References

• https://bugs.mageia.org/show_bug.cgi?id=35130
• https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20260210-rev1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24853
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31648

SRPMS 9/nonfree

• microcode-0.20260210-1.mga9.nonfree

Publication date: 18 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-26269 Description Vim has a Netbeans specialKeys Stack Buffer Overflow. (CVE-2026-26269) References

• https://bugs.mageia.org/show_bug.cgi?id=35135
• https://www.openwall.com/lists/oss-security/2026/02/13/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26269

SRPMS 9/core

• vim-9.1.2148-1.mga9

Publication date: 17 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-2003 , CVE-2026-2004 , CVE-2026-2005 , CVE-2026-2006 , CVE-2026-2007 Description PostgreSQL oidvector discloses a few bytes of memory. (CVE-2026-2003) PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code. (CVE-2026-2004) PostgreSQL pgcrypto heap buffer overflow executes arbitrary code. (CVE-2026-2005) PostgreSQL missing validation of multibyte character length executes arbitrary code. (CVE-2026-2006) PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory. (CVE-2026-2007 References

• https://bugs.mageia.org/show_bug.cgi?id=35133
• https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2004
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2007

SRPMS 9/core

• postgresql15-15.16-1.mga9

‎Backports: Use sudo for mga-move-pkg

← Older revision Revision as of 16:49, 16 February 2026 Line 93: Line 93:  # Run a command of this form on duvel: # Run a command of this form on duvel:  <pre> <pre> −mga-move-pkg --sync --backport 9/core/foobar-0.1-1.mga10.src.rpm+sudo -u schedbot mga-move-pkg --sync --backport 9/core/foobar-0.1-1.mga10.src.rpm −find /distrib/{bootstrap,mirror}/ -user root \! -type l -exec chown schedbot:schedbot {} +   </pre> </pre>  +Several packages can be moved by repeating ''--backport 9/core/XXX'' as often as necessary.  :3. Add a comment to the bug manually to confirm that the package has been moved. Assign the bug to qa-bugs@ml.mageia.org. The QA team will then draft an announcement that they will post to [https://ml.mageia.org/l/info/backports-announce backports-announce]. :3. Add a comment to the bug manually to confirm that the package has been moved. Assign the bug to qa-bugs@ml.mageia.org. The QA team will then draft an announcement that they will post to [https://ml.mageia.org/l/info/backports-announce backports-announce].    Danf

Publication date: 16 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14607 , CVE-2025-14841 Description OFFIS DCMTK dcmdata dcbytstr.cc makeDicomByteString memory corruption. (CVE-2025-14607) OFFIS DCMTK dcmqrscp dcmqrdbi.cc startMoveRequest null pointer dereference. (CVE-2025-14841) References

• https://bugs.mageia.org/show_bug.cgi?id=34946
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/WA2BG2LFPVCYESQA5KLHS3YDK74NTELX/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14607
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14841

SRPMS 9/core

• dcmtk-3.6.7-4.7.mga9

Publication date: 16 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-66004 Description Local privilege escalation in usbmuxd from arbitrary local user to usbmux. (CVE-2025-66004) References

• https://bugs.mageia.org/show_bug.cgi?id=35118
• https://lists.debian.org/debian-security-announce/2026/msg00034.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66004

SRPMS 9/core

• usbmuxd-1.1.1-3.1.mga9

Publication date: 16 Feb 2026
Type: bugfix
Affected Mageia releases : 9
Description Regular update of mariadb which brings some bugfixes. References

• https://bugs.mageia.org/show_bug.cgi?id=35112
• https://mariadb.com/docs/release-notes/community-server/11.4/11.4.10

SRPMS 9/core

• mariadb-11.4.10-1.mga9