Lector de Feeds

Publication date: 02 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53905 , CVE-2025-53906 Description Path traversal issue with tar.vim and special crafted tar archives in Vim < 9.1.1552. (CVE-2025-53905) Path traversal issue with zip.vim and special crafted zip archives in Vim < v9.1.1551. (CVE-2025-53906) References

• https://bugs.mageia.org/show_bug.cgi?id=34486
• https://www.openwall.com/lists/oss-security/2025/07/15/1
• https://www.openwall.com/lists/oss-security/2025/07/15/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53905
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53906

SRPMS 9/core

• vim-9.1.1552-1.mga9

Publication date: 02 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-6395 , CVE-2025-32988 , CVE-2025-32989 , CVE-2025-32990 Description null pointer dereference in _gnutls_figure_common_ciphersuite(). (CVE-2025-6395) Vulnerability in gnutls othername san export. (CVE-2025-32988) Vulnerability in gnutls sct extension parsing. (CVE-2025-32989) Vulnerability in gnutls certtool template parsing. (CVE-2025-32990) References

• https://bugs.mageia.org/show_bug.cgi?id=34484
• https://www.openwall.com/lists/oss-security/2025/07/11/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6395
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32988
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990

SRPMS 9/core

• gnutls-3.8.4-1.2.mga9

Publication date: 02 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-54389 , CVE-2025-54409 Description Improper output neutralization (potential AIDE detection bypass). (CVE-2025-54389) Null pointer dereference after reading incorrectly encoded xattr attributes from database (local DoS). (CVE-2025-54409) References

• https://bugs.mageia.org/show_bug.cgi?id=34586
• https://www.openwall.com/lists/oss-security/2025/08/14/7
• https://www.openwall.com/lists/oss-security/2025/08/14/8
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54389
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54409

SRPMS 9/core

• aide-0.18.6-1.1.mga9

Publication date: 02 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-52434 , CVE-2025-52520 , CVE-2025-53506 , CVE-2025-48989 Description APR/Native Connector crash leading to DoS. (CVE-2025-52434) DoS via integer overflow in multipart file upload. (CVE-2025-52520) DoS via excessive h2 streams at connection start. (CVE-2025-53506) H2 DoS - Made You Reset. (CVE-2025-48989) References

• https://bugs.mageia.org/show_bug.cgi?id=34465
• https://www.openwall.com/lists/oss-security/2025/07/10/11
• https://www.openwall.com/lists/oss-security/2025/07/10/12
• https://www.openwall.com/lists/oss-security/2025/07/10/13
• https://www.openwall.com/lists/oss-security/2025/08/13/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48989

SRPMS 9/core

• tomcat-9.0.108-1.mga9

Publication date: 02 Sep 2025
Type: bugfix
Affected Mageia releases : 9
Description This update fixes a packaging issue allowing for conflicting libraries to be installed. References

• https://bugs.mageia.org/show_bug.cgi?id=34589

SRPMS 9/core

• slurm-23.11.11-1.2.mga9

In Mageia/9/x86_64: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/aarch64: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/armv7hl: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/i586: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/cauldron/x86_64: Rachota is a portable application for timetracking different projects. It runs everywhere. It displays time data in diagram form, creates customized reports and invoices or analyses measured data and suggests hints to improve user's time usage. The totally portable yet personal timetracker.

In Mageia/cauldron/i586: Rachota is a portable application for timetracking different projects. It runs everywhere. It displays time data in diagram form, creates customized reports and invoices or analyses measured data and suggests hints to improve user's time usage. The totally portable yet personal timetracker.

In Mageia/cauldron/i586: A program to convert images from PPM format into the control language for the Alps Micro-Dry printers, at various times sold by Citizen, Alps and Okidata. This program drives the Alps Micro-Dry series of printers, including the Citizen Printiva series, Alps MD series, and Oki DP series (but not yet the DP-7000). In the current release, the program drives the standard mode fairly well; the dye sublimation mode very well; and the VPhoto mode reasonably well. It supports all the colours available up to the DP-5000, including the foil colours.

In Mageia/cauldron/x86_64: A program to convert images from PPM format into the control language for the Alps Micro-Dry printers, at various times sold by Citizen, Alps and Okidata. This program drives the Alps Micro-Dry series of printers, including the Citizen Printiva series, Alps MD series, and Oki DP series (but not yet the DP-7000). In the current release, the program drives the standard mode fairly well; the dye sublimation mode very well; and the VPhoto mode reasonably well. It supports all the colours available up to the DP-5000, including the foil colours.

In Mageia/cauldron/x86_64: This tool tries to recover JFIF (JPEG) pictures and MOV movies (using recovermov) from a peripheral. This may be useful if you mistakenly overwrite a partition or if a device such as a digital camera memory card is bogus.

In Mageia/cauldron/i586: This tool tries to recover JFIF (JPEG) pictures and MOV movies (using recovermov) from a peripheral. This may be useful if you mistakenly overwrite a partition or if a device such as a digital camera memory card is bogus.