Lector de Feeds

Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-40908 Description YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified. (CVE-2025-40908) References

• https://bugs.mageia.org/show_bug.cgi?id=34448
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/HKC72252CNE2PZENAI7UN24YB5X2Z5EK/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40908

SRPMS 9/core

• perl-YAML-LibYAML-0.860.0-1.1.mga9

Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-31484 , CVE-2024-56406 , CVE-2025-40909 Description CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. (CVE-2023-31484) Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes. (CVE-2024-56406) Perl threads have a working directory race condition where file operations may target unintended paths. (CVE-2025-40909) References

• https://bugs.mageia.org/show_bug.cgi?id=34209
• https://bugs.mageia.org/show_bug.cgi?id=31852
• https://www.openwall.com/lists/oss-security/2023/04/29/1
• https://ubuntu.com/security/notices/USN-6112-1
• https://openwall.com/lists/oss-security/2025/04/13/3
• https://lists.debian.org/debian-security-announce/2025/msg00064.html
• https://ubuntu.com/security/notices/USN-7434-1
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USJDDXS5I35D7CEPDILLJIEUAZOXW7YF/
• https://www.openwall.com/lists/oss-security/2025/05/22/2
• https://www.openwall.com/lists/oss-security/2025/05/23/1
• https://openwall.com/lists/oss-security/2025/05/30/4
• https://www.openwall.com/lists/oss-security/2025/06/02/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56406
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-40909

SRPMS 9/core

• perl-5.36.0-1.2.mga9

Publication date: 12 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-11411 Description Several multi-vendor cache poisoning vulnerabilities have been discovered in caching resolvers for non-DNSSEC protected data. Unbound is vulnerable for some of these cases that could lead to domain hijacking (CVE-2025-11411). References

• https://bugs.mageia.org/show_bug.cgi?id=34700
• https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11411

SRPMS 9/core

• unbound-1.24.1-1.mga9

Publication date: 12 Nov 2025
Type: bugfix
Affected Mageia releases : 9
Description Fixed an issue that caused the vfio-pci module to soft lockup after powering off a VM with passed-through NVIDIA GPUs. Fixed a recent regression which prevented HDMI FRL from working after hot unplugging and replugging a display. Fixed a bug that caused Rage2 to crash when loading the game menu: https://forums.developer.nvidia.com/t/rage-2-crashes-when-entering-the-m ap-seems-nvidia-specific-problem/169063 Fixed a bug that caused Metro Exodus EE to crash: https://forums.developer.nvidia.com/t/580-release-feedback-discussion/34 1205/53 Fixed a bug that allowed VRR to be enabled on some modes where it isn't actually possible, leading to a black screen. Fixed a bug that could cause some HDMI displays to remain blank after unplugging and re-plugging the display. Fixed an issue that would prevent large resolution or high References

• https://bugs.mageia.org/show_bug.cgi?id=34733
• https://www.nvidia.com/en-us/drivers/details/257493/

SRPMS 9/nonfree

• nvidia-current-580.105.08-1.mga9.nonfree