Lector de Feeds

Publication date: 24 Oct 2025
Type: bugfix
Affected Mageia releases : 9
Description Fixed multiple shader bugs that were causing graphical artifacts and vegetation to not be visible Fixed a bug where messages from ATC were appearing on the splash screen before the user had fully spawned Fixed a bug in the launcher where dropdown boxes on the Flight Planner page were empty Fixed a memory bug in YASim that resulted in a crash under certain conditions Fixed missing maps in the FG1000 Fixed regional textures for random buildings Fixed minimum dewpoint calculation in JSBSim Fixed SID/STAR selection and modification in the route manager References

• https://bugs.mageia.org/show_bug.cgi?id=34659
• https://www.flightgear.org/download/releases/2024-1-2/

SRPMS 9/core

• simgear-2024.1.2-1.mga9
• flightgear-2024.1.2-1.mga9
• flightgear-data-2024.1.2-1.mga9

Publication date: 23 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-10527 , CVE-2025-10528 , CVE-2025-10529 , CVE-2025-10532 , CVE-2025-10533 , CVE-2025-10536 , CVE-2025-10537 , CVE-2025-11708 , CVE-2025-11709 , CVE-2025-11710 , CVE-2025-11711 , CVE-2025-11712 , CVE-2025-11713 , CVE-2025-11714 , CVE-2025-11715 Description CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could be modified CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other security fixes; please see the links. References

• https://bugs.mageia.org/show_bug.cgi?id=34638
• https://www.thunderbird.net/en-US/thunderbird/140.4.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/
• https://www.thunderbird.net/en-US/thunderbird/140.4.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/
• https://www.thunderbird.net/en-US/thunderbird/140.3.1esr/releasenotes/
• https://www.thunderbird.net/en-US/thunderbird/140.3.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10527
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10528
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10529
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10532
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10533
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10536
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10537
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11708
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11709
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11710
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11711
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11712
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11713
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11714
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11715

SRPMS 9/core

• thunderbird-140.4.0-1.2.mga9
• thunderbird-l10n-140.4.0-1.mga9

Publication date: 23 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-10527 , CVE-2025-10528 , CVE-2025-10529 , CVE-2025-10532 , CVE-2025-10533 , CVE-2025-10536 , CVE-2025-10537 , CVE-2025-11708 , CVE-2025-11709 , CVE-2025-11710 , CVE-2025-11711 , CVE-2025-11712 , CVE-2025-11713 , CVE-2025-11714 , CVE-2025-11715 Description CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could be modified CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144, and other security fixes; please see the links. References

• https://bugs.mageia.org/show_bug.cgi?id=34637
• https://www.firefox.com/en-US/firefox/140.4.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/
• https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_117.html
• https://www.firefox.com/en-US/firefox/140.3.1/releasenotes/
• https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_116.html
• https://www.firefox.com/en-US/firefox/140.3.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10527
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10528
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10529
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10532
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10533
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10536
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10537
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11708
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11709
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11710
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11711
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11712
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11713
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11714
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11715

SRPMS 9/core

• nss-3.117.0-1.mga9
• rootcerts-20251003.00-1.mga9
• firefox-140.4.0-1.2.mga9
• firefox-l10n-140.4.0-1.mga9

Publication date: 22 Oct 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53859 Description It was discovered that nginx contains a security issue in the ngx_mail_smtp_module which might allow an attacker to cause buffer over-read potentially resulting in sensitive information leak in a HTTP request to the authentication server (CVE-2025-53859). References

• https://bugs.mageia.org/show_bug.cgi?id=34585
• https://www.openwall.com/lists/oss-security/2025/08/13/5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53859

SRPMS 9/core

• nginx-1.26.3-1.1.mga9