Lector de Feeds

Publication date: 08 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8067 Description Out-of-bounds read in udisks daemon. (CVE-2025-8067) References

• https://bugs.mageia.org/show_bug.cgi?id=34602
• https://www.openwall.com/lists/oss-security/2025/08/28/1
• https://www.openwall.com/lists/oss-security/2025/08/28/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8067

SRPMS 9/core

• udisks2-2.10.1-1.2.mga9

Publication date: 08 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-8713 , CVE-2025-8714 , CVE-2025-8715 Description PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table. (CVE-2025-8713) PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client. (CVE-2025-8714) PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server. (CVE-2025-8715) References

• https://bugs.mageia.org/show_bug.cgi?id=34608
• https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8713
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8714
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8715

SRPMS 9/core

• postgresql15-15.14-1.mga9
• postgresql13-13.22-1.mga9

Publication date: 08 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-57833 Description Potential SQL injection in FilteredRelation column aliases. (CVE-2025-57833) References

• https://bugs.mageia.org/show_bug.cgi?id=34612
• https://www.openwall.com/lists/oss-security/2025/09/03/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57833

SRPMS 9/core

• python-django-4.1.13-1.6.mga9

Publication date: 08 Sep 2025
Type: bugfix
Affected Mageia releases : 9
Description Haproxy has a few medium and a few minor bugs fixed in the last upstream version 2.8.15 of branch 2.8. Fixed medium bug list: - backend: do not overwrite srv dst address on reuse (2) - backend: fix reuse with set-dst/set-dst-port - clock: make sure now_ms cannot be TICK_ETERNITY - debug: close a possible race between thread dump and panic() - fd: mark FD transferred to another process as FD_CLONED - filters: Handle filters registered on data with no payload callback - h3: trim whitespaces in header value prior to QPACK encoding - h3: trim whitespaces when parsing headers value - hlua/cli: fix cli applet UAF in hlua_applet_wakeup() - hlua: fix hlua_applet_{http,tcp}_fct() yield regression (lost data) - http-ana: Report 502 from req analyzer only during rsp forwarding - htx: wrong count computation in htx_xfer_blks() - mux-quic: do not attach on already closed stream - mux-quic: fix crash on RS/SS emission if already close local - peers: prevent learning expiration too far in futur from unsync node - sample: fix risk of overflow when replacing multiple regex back-refs - spoe: Don't wakeup idle applets in loop during stopping - ssl: chosing correct certificate using RSA-PSS with TLSv1.3 - startup: return to initial cwd only after check_config_validity() - thread: use pthread_self() not ha_pthread[tid] in set_affinity References

• https://bugs.mageia.org/show_bug.cgi?id=34599
• https://www.haproxy.org/download/2.8/src/CHANGELOG

SRPMS 9/core

• haproxy-2.8.15-1.mga9

Versions update, do backup

← Older revision Revision as of 08:29, 8 September 2025 Line 80: Line 80:  '''Keep having latest non-backport''' lib64bpf1, cpupower, kernel-userspace-headers installed, and keep them updated.  ''- we do not backport lib64bpf1 and cpupower, to not break compatibility with non-backport kernels.'' '''Keep having latest non-backport''' lib64bpf1, cpupower, kernel-userspace-headers installed, and keep them updated.  ''- we do not backport lib64bpf1 and cpupower, to not break compatibility with non-backport kernels.''    −'''Regarding kernel-stable-userspace-headers''' contra ''kernel-userspace-headers for 6.6 kernels:'' The packages are used for building applications; use the one for the current kernel you build for. They conflict each other and are handled correctly by urpmi & drakrpm - when you have '''updated mageia-repos and meta-task packages''' to 9.4 versions (at time of writing found in updates_testing) - and using kernel versions 6.6.103+ and 6.12.44+.+'''Regarding kernel-stable-userspace-headers''' contra ''kernel-userspace-headers for 6.6 kernels:'' The packages are used for building applications; use the one for the current kernel you build for. They conflict each other and are handled correctly by urpmi & drakrpm - when you have '''updated mageia-repos and meta-task packages''' to 9.4 versions (at time of writing found in updates_testing) - and using kernel versions 6.6.104+ and 6.12.44+.     '''Remove-Old-Kernels''', {{prog|rok}}, do currently not see nor handle 6.12 kernels, so you need to manually uninstall excess kernels when needed to save space - like you did for any kernels before rok was introduced with Mageia 9.  Or, '''make it work''' by adding to {{file|/etc/remove-old-kernels.cfg}}: In the list under the line "LISTK=\", add <br> kernel-stable-desktop <br> kernel-stable-desktop-devel <br> kernel-stable-source '''Remove-Old-Kernels''', {{prog|rok}}, do currently not see nor handle 6.12 kernels, so you need to manually uninstall excess kernels when needed to save space - like you did for any kernels before rok was introduced with Mageia 9.  Or, '''make it work''' by adding to {{file|/etc/remove-old-kernels.cfg}}: In the list under the line "LISTK=\", add <br> kernel-stable-desktop <br> kernel-stable-desktop-devel <br> kernel-stable-source Line 99: Line 99:  Note that it is not guaranteed that all series cover all architectures and flavours. For some series, the build may be limited to a single architecture (e.g., x86_64) and single flavour (e.g., desktop), or new flavours may emerge (e.g., desktop-tunedv3 for x86_64-v3). Note that it is not guaranteed that all series cover all architectures and flavours. For some series, the build may be limited to a single architecture (e.g., x86_64) and single flavour (e.g., desktop), or new flavours may emerge (e.g., desktop-tunedv3 for x86_64-v3).    −'''WARNING:''' Avoid running too fresh kernels on any kind of production system, especially kernels that are still rc versions, release candidates. If you run them to test anyway, please monitor the Linux kernel mailing list and be aware that there is a strong likelihood of bugs that will cause data corruption or other severe issues.+'''WARNING:''' Avoid running too fresh kernels on any kind of production system, especially kernels that are still rc versions, release candidates. If you run them to test anyway, please monitor the Linux kernel mailing list and be aware that there is a strong likelihood of bugs that will cause data corruption or other severe issues. So now even more important that you have backups of your data.     '''TIP:''' Have more than one series installed, to have something to fall back to. '''TIP:''' Have more than one series installed, to have something to fall back to.    −As an example, on August 28 2025 we had the following kernels in Cauldron:+As an example, on September 8, 2025 we had the following kernels in Cauldron: −* kernel-mainline -> 6.17.0-rc3 (x86_64, desktop only)+* kernel-mainline -> 6.17.0-rc4 (x86_64, desktop only)  * kernel-stable-testing -> 6.16.2 (x86_64, desktop only) * kernel-stable-testing -> 6.16.2 (x86_64, desktop only)  ** ''(kernel-stablenew -> 6.15.7 (x86_64, desktop only) - this series gets obsoleted in favour of kernel-stable-testing.)'' ** ''(kernel-stablenew -> 6.15.7 (x86_64, desktop only) - this series gets obsoleted in favour of kernel-stable-testing.)''  * kernel-stable -> 6.15.11 (x86_64, desktop only) * kernel-stable -> 6.15.11 (x86_64, desktop only) −* kernel -> 6.12.43 (all arches, all flavours)+* kernel -> 6.12.45 (all arches, all flavours)  * kernel-lts -> 6.6.100 (all arches, all flavours) * kernel-lts -> 6.6.100 (all arches, all flavours) Morgano