Lector de Feeds

Publication date: 22 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-11230 Description Haproxy has a critical, a major, few medium and few minor bugs fixed in the last upstream version 2.8.16 of branch 2.8. Fixed critical bug list: - mjson: fix possible DoS when parsing numbers Fixed major bug list: - listeners: transfer connection accounting when switching listeners Fixed medium bugs list: - check: Requeue healthchecks on I/O events to handle check timeout - check: Set SOCKERR by default when a connection error is reported - checks: fix ALPN inheritance from server - dns: Reset reconnect tempo when connection is finally established - fd: Use the provided tgid in fd_insert() to get tgroup_info - h1: Allow reception if we have early data - h1/h2/h3: reject forbidden chars in the Host header field - h2/h3: reject some forbidden chars in :authority before reassembly - hlua: Add function to change the body length of an HTTP Message - hlua: Forbid any L6/L7 sample fetche functions from lua services - hlua: Report to SC when data were consumed on a lua socket - hlua: Report to SC when output data are blocked on a lua socket - http-client: Ask for more room when request data cannot be xferred - http-client: Don't wake http-client applet if nothing was xferred - http-client: Drain the request if an early response is received - http-client: Notify applet has more data to deliver until the EOM - http-client: Properly inc input data when HTX blocks are xferred - http-client: Test HTX_FL_EOM flag before commiting the HTX buffer - httpclient: Throw an error if an lua httpclient instance is reused - mux-h2: Properly handle connection error during preface sending - server: Duplicate healthcheck's alpn inherited from default server - ssl: ca-file directory mode must read every certificates of a file - ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers - ssl: create the mux immediately on early data - ssl: Fix 0rtt to the server - ssl: fix build with AWS-LC - threads: Disable the workaround to load libgcc_s on macOS References

• https://bugs.mageia.org/show_bug.cgi?id=34673
• https://www.haproxy.org/download/2.8/src/CHANGELOG
• https://www.haproxy.com/blog/october-2025-cve-2025-11230-haproxy-mjson-library-denial-of-service-vulnerability
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11230

SRPMS 9/core

• haproxy-2.8.16-1.mga9

In Mageia/9/x86_64: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/aarch64: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/armv7hl: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/i586: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/cauldron/x86_64: Rachota is a portable application for timetracking different projects. It runs everywhere. It displays time data in diagram form, creates customized reports and invoices or analyses measured data and suggests hints to improve user's time usage. The totally portable yet personal timetracker.

In Mageia/cauldron/i586: Rachota is a portable application for timetracking different projects. It runs everywhere. It displays time data in diagram form, creates customized reports and invoices or analyses measured data and suggests hints to improve user's time usage. The totally portable yet personal timetracker.

In Mageia/cauldron/i586: A program to convert images from PPM format into the control language for the Alps Micro-Dry printers, at various times sold by Citizen, Alps and Okidata. This program drives the Alps Micro-Dry series of printers, including the Citizen Printiva series, Alps MD series, and Oki DP series (but not yet the DP-7000). In the current release, the program drives the standard mode fairly well; the dye sublimation mode very well; and the VPhoto mode reasonably well. It supports all the colours available up to the DP-5000, including the foil colours.

In Mageia/cauldron/x86_64: A program to convert images from PPM format into the control language for the Alps Micro-Dry printers, at various times sold by Citizen, Alps and Okidata. This program drives the Alps Micro-Dry series of printers, including the Citizen Printiva series, Alps MD series, and Oki DP series (but not yet the DP-7000). In the current release, the program drives the standard mode fairly well; the dye sublimation mode very well; and the VPhoto mode reasonably well. It supports all the colours available up to the DP-5000, including the foil colours.

In Mageia/cauldron/x86_64: This tool tries to recover JFIF (JPEG) pictures and MOV movies (using recovermov) from a peripheral. This may be useful if you mistakenly overwrite a partition or if a device such as a digital camera memory card is bogus.

In Mageia/cauldron/i586: This tool tries to recover JFIF (JPEG) pictures and MOV movies (using recovermov) from a peripheral. This may be useful if you mistakenly overwrite a partition or if a device such as a digital camera memory card is bogus.

In Mageia/cauldron/x86_64: Rdfind is a program that finds duplicate files. It is useful for compressing backup directories or just finding duplicate files. It compares files based on their content, NOT on their file names.

In Mageia/cauldron/i586: Rdfind is a program that finds duplicate files. It is useful for compressing backup directories or just finding duplicate files. It compares files based on their content, NOT on their file names.

In Mageia/cauldron/x86_64: Unifont is a Unicode font with a glyph for every visible Unicode Basic Multilingual Plane code point and more, with supporting utilities to modify the font. This package contains tools and glyph descriptions.

In Mageia/cauldron/i586: Unifont is a Unicode font with a glyph for every visible Unicode Basic Multilingual Plane code point and more, with supporting utilities to modify the font. This package contains tools and glyph descriptions.

In Mageia/cauldron/i586: RANCID monitors a router's (or more generally a device's) configuration, including software and hardware (cards, serial numbers, etc) and uses CVS (Concurrent Version System) or Subversion to maintain history of changes. RANCID does this by the very simple process summarized here: * login to each device in the router table (router.db), * run various commands to get the information that will be saved, * cook the output; re-format, remove oscillating or incrementing data, * email any differences (sample) from the previous collection to a mail list, * and finally commit those changes to the revision control system RANCID also includes looking glass software. It is based on Ed Kern's looking glass which was once used for http://nitrous.digex.net/, for the old-school folks who remember it. Our version has added functions, supports Cisco, Juniper, and Foundry and uses the login scripts that come with rancid; so it can use telnet or ssh to connect to your devices(s). Rancid currently supports Cisco routers, Juniper routers, Catalyst switches, Foundry switches, Redback NASs, ADC EZT3 muxes, MRTd (and thus likely IRRd), Alteon switches, and HP Procurve switches and a host of others. Rancid is known to be used at: AOL, Global Crossing, MFN, NTT America, Certainty Solutions Inc.

In Mageia/cauldron/x86_64: RANCID monitors a router's (or more generally a device's) configuration, including software and hardware (cards, serial numbers, etc) and uses CVS (Concurrent Version System) or Subversion to maintain history of changes. RANCID does this by the very simple process summarized here: * login to each device in the router table (router.db), * run various commands to get the information that will be saved, * cook the output; re-format, remove oscillating or incrementing data, * email any differences (sample) from the previous collection to a mail list, * and finally commit those changes to the revision control system RANCID also includes looking glass software. It is based on Ed Kern's looking glass which was once used for http://nitrous.digex.net/, for the old-school folks who remember it. Our version has added functions, supports Cisco, Juniper, and Foundry and uses the login scripts that come with rancid; so it can use telnet or ssh to connect to your devices(s). Rancid currently supports Cisco routers, Juniper routers, Catalyst switches, Foundry switches, Redback NASs, ADC EZT3 muxes, MRTd (and thus likely IRRd), Alteon switches, and HP Procurve switches and a host of others. Rancid is known to be used at: AOL, Global Crossing, MFN, NTT America, Certainty Solutions Inc.

In Mageia/cauldron/x86_64: Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also.

In Mageia/cauldron/i586: Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also.

In Mageia/cauldron/i586: qpwgraph is a graph manager dedicated to PipeWire, using the Qt C++ framework, based and pretty much like the same of QjackCtl.