Lector de Feeds

Publication date: 09 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-15269 , CVE-2025-15270 , CVE-2025-15275 , CVE-2025-15279 Description FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. (CVE-2025-15269) FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. (CVE-2025-15270) FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2025-15275) FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2025-15279) References

• https://bugs.mageia.org/show_bug.cgi?id=35091
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NFM3OPUTYR55GA65K3XOPK3FXAH7EWEJ/
• https://github.com/advisories/GHSA-hp8x-4h95-9799
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15269
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15270
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15275
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15279

SRPMS 9/core

• fontforge-20220308-2.2.mga9

Publication date: 09 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-1642 Description MitM injection. (CVE-2026-1642) References

• https://bugs.mageia.org/show_bug.cgi?id=35104
• https://www.openwall.com/lists/oss-security/2026/02/05/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1642

SRPMS 9/core

• nginx-1.26.3-1.2.mga9

← Older revision Revision as of 18:35, 9 February 2026 Line 9: Line 9:  | style="width:46%; font-size:102%; background-color: #fefefe; border-radius:12px; border: 4px solid darkgray; box-shadow: 4px 6px 4px rgba(0,0,0,0.3);"| | style="width:46%; font-size:102%; background-color: #fefefe; border-radius:12px; border: 4px solid darkgray; box-shadow: 4px 6px 4px rgba(0,0,0,0.3);"|  [[File:Wiki_main_box_one_v005.png|150px|right|link=]] [[File:Wiki_main_box_one_v005.png|150px|right|link=]] −'''Versión Actual'''<br>+'''Versión Actual'''<br>Mageia_10_Desarrollo  <small>''Tiempo de Soporte: hasta 3 meses después de la salida de la siguiente versión''</small> <small>''Tiempo de Soporte: hasta 3 meses después de la salida de la siguiente versión''</small>  * [[Notas sobre Mageia 9-es|Notas sobre Mageia 9]] * [[Notas sobre Mageia 9-es|Notas sobre Mageia 9]] Line 20: Line 20:  '''Desarrollo de la distribución'''<br> '''Desarrollo de la distribución'''<br>  <small>''Nuevas versiones de Mageia''</small> <small>''Nuevas versiones de Mageia''</small> −* [[Mageia_10_Development|Calendario de desarrollo]]+* [[Mageia_10_Desarrollo|Calendario de desarrollo]]  * [[Política de características|Política para proponer características]]   * [[Política de características|Política para proponer características]]    * [[:Category:ProposedFeatureMageia10|Información técnica de las características propuestas]] * [[:Category:ProposedFeatureMageia10|Información técnica de las características propuestas]] Joselp

← Older revision Revision as of 18:32, 9 February 2026 (One intermediate revision by the same user not shown)Line 45: Line 45:  |    |     |-   |-   −| '''[[Mageia_9_Release_Notes|Versión final]]'''+| '''[[Notas_sobre_Mageia_10|Versión final]]'''  | Candidato de lanzamiento 1 + 4 semanas | Candidato de lanzamiento 1 + 4 semanas  | alguien | alguien Joselp

Joselp moved page Notas sobre Mageia 10-es to Notas sobre Mageia 10 Language in Tittle

← Older revision Revision as of 18:29, 9 February 2026 (2 intermediate revisions by the same user not shown)Line 5: Line 5:  <!-- disable this so it's not in release note of isos medias--> <!-- disable this so it's not in release note of isos medias-->    −{{multi language banner-es|[[Mageia 10 Veröffentlichungshinweise-de|Deutsch]] ; [[Mageia 10 Release Notes|English]] ;[[Notas sobre Mageia 10-es|Español]]}}+{{multi language banner|[[Mageia 10 Veröffentlichungshinweise-de|Deutsch]] ; [[Mageia 10 Release Notes|English]] ;[[Notas sobre Mageia 10|Español]]}}     {{draft-es}} {{draft-es}} Joselp

← Older revision Revision as of 18:23, 9 February 2026 (4 intermediate revisions by the same user not shown)Line 21: Line 21:  |-   |-    | '''Alfa 1''' | '''Alfa 1''' −| 2024-09-23+| 2025-12-05  | desarrolladores, empaquetadores | desarrolladores, empaquetadores −|  +| 2025-12-09 para QA, 2026-01-10 al público  |- |-  | Congelación de versiones | Congelación de versiones −| 2024-10-07+| 2026-01-18  | desarrolladores, empaquetadores | desarrolladores, empaquetadores −| +| 2026-01-20  |- |- −| '''Beta 1'''+| '''Beta''' −| 2024-10-07+| 2026-02-08 −| desarrolladores, empaquetadores  −|    −|-   −| '''Beta 2'''  −| 2024-10-21   | desarrolladores, empaquetadores | desarrolladores, empaquetadores  |    |     |-   |-    | Congelación de lanzamiento | Congelación de lanzamiento −| Por determinar+| 2026-03-01  | Control de calidad, empaquetadores, creador de ISO | Control de calidad, empaquetadores, creador de ISO  |    |    Joselp

‎2. On each Puppet Agent

← Older revision Revision as of 14:33, 9 February 2026 (5 intermediate revisions by the same user not shown)Line 24: Line 24:       # Backup the existing PKI:        # Backup the existing PKI:         mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)        mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)   −    +      −    # Remove the old PKI:   −    mkdir /var/lib/puppet/ssl  −    chown puippet:puppet /var/lib/puppet/ssl/  −    chmod 775 /var/lib/puppet/ssl/  −            # Generate a new CA and master certificate:        # Generate a new CA and master certificate:         puppet cert generate $(hostname -f) --ca      puppet cert generate $(hostname -f) --ca Line 39: Line 34:     Remove the local SSL certificates: Remove the local SSL certificates: − + −     # Stop puppet agent+     # Rename old ssl −    systemctl stop puppet  −      −    # Remove old ssl        mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)        mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)   −    mkdir /var/lib/puppet/ssl  −    chown puippet:puppet /var/lib/puppet/ssl/  −    chmod 775 /var/lib/puppet/ssl/                 −     # Start puppet agent+     # Start puppet once to generate a SSL cert request −     systemctl start puppet+     puppet agent --server puppet.mageia.org --no-daemonize --verbose --waitforcert 60     === 3. Back on Puppet Master === === 3. Back on Puppet Master === Line 60: Line 49:       puppet cert sign <agent_hostname>      puppet cert sign <agent_hostname>    −=== 4. On each Puppet Agent ===+=== 4. Verification === −   −    # Re-run Puppet on the agent:  −    systemctl restart puppet  −   −=== 5. Verification ===      On the master: On the master: Wally

Add Puppet link

← Older revision Revision as of 23:05, 8 February 2026 Line 29: Line 29:       # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/openldap/ldap.mageia.org.pem -out /etc/ssl/openldap/ldap.mageia.org.pem -subj '/CN=ldap.mageia.org'      # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/openldap/ldap.mageia.org.pem -out /etc/ssl/openldap/ldap.mageia.org.pem -subj '/CN=ldap.mageia.org'     += Puppet certificates =  +  +See [[Puppet_re-newing_CA_&_Certs]].     = Wild card certificate = = Wild card certificate = Danf

Describe {media}{bootloader_entries}{message} key (coming in v1.23)

← Older revision Revision as of 21:17, 8 February 2026 (One intermediate revision by the same user not shown)Line 550: Line 550:     <div style="padding-left: 3em;"> <div style="padding-left: 3em;">  +  +{{cmd|message}} (optional)  +  +:({{prog|draklive2}} v1.23 or later)  +  +:An arbitrary string specifying the message that will be briefly displayed after the menu entry is selected. This is displayed using the GRUB2 {{cmd|echo}} command just before executing the following GRUB2 command.  +  +:If not specified, no message will be displayed.     {{cmd|command}} (optional) {{cmd|command}} (optional) Line 584: Line 592:     :If not specified, {{prog|draklive2}} will use {{prog|grub2-mkimage}} to build the El Torito boot loader image. :If not specified, {{prog|draklive2}} will use {{prog|grub2-mkimage}} to build the El Torito boot loader image.  +  +===== {{cmd|iso_level}} (optional) =====  +  +:({{prog|draklive2}} v1.22 or later)  +  +:A number specifying the ISO 9660 conformance level for the iso9660 filesystem. This should be an integer number between 1 and 3. Level 3 allows the {{file|/loopbacks.distrib.sqfs}} file size to exceed 4GB.  +  +:If not specified, a level 3 iso9660 filesystem will be created.     ===== {{cmd|iso_part_start}} (optional) ===== ===== {{cmd|iso_part_start}} (optional) ===== Martinw

Maat moved page Puppet REeewing Certs to Puppet re-newing CA & Certs Just renaming

New page

'''Nota : Last update 8 feb 2026 -> Next renewal before feb 2031'''

= Puppet 2/3 PKI Management =

== Context ==

Puppet v2/v3 does not support automatic CA renewal.

The Puppet CA certificate has a limited lifespan (typically ~5 years by default).

Before or after expiration, the procedure is the same: regenerate the full PKI (master + agents).

Operational difference:
Before expiration → planned maintenance, minimal disruption.
After expiration → agents stop communicating, urgent manual intervention required.

== CA / PKI Rotation Procedure ==

=== 1. On the Puppet Master ===

# Stop the Puppet service:
service puppetmaster stop

# Backup the existing PKI:
mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)

# Remove the old PKI:
mkdir /var/lib/puppet/ssl
chown puippet:puppet /var/lib/puppet/ssl/
chmod 775 /var/lib/puppet/ssl/

# Generate a new CA and master certificate:
puppet cert generate $(hostname -f) --ca

# Restart the Puppet service:
service puppetmaster start

=== 2. On each Puppet Agent ===

Remove the local SSL certificates:

# Stop puppet agent
systemctl stop puppet

# Remove old ssl
mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)
mkdir /var/lib/puppet/ssl
chown puippet:puppet /var/lib/puppet/ssl/
chmod 775 /var/lib/puppet/ssl/

# Start puppet agent
systemctl start puppet

=== 3. Back on Puppet Master ===

# On the master, list unsigned agent certificates
puppet cert list

# Sign agent certificates:
puppet cert sign <agent_hostname>

=== 4. On each Puppet Agent ===

# Re-run Puppet on the agent:
systemctl restart puppet

=== 5. Verification ===

On the master:

openssl x509 -in /var/lib/puppet/ssl/ca/ca_crt.pem -noout -dates

On each agent:

puppet agent -t --verbose

Expected outcome: Puppet applies the catalog without SSL errors.

== Best Practices ==

Monitor CA expiration with:

openssl x509 -in /var/lib/puppet/ssl/ca/ca_crt.pem -noout -enddate

Schedule rotation before expiration (e.g., 90 days prior).

Backup the entire /var/lib/puppet/ssl directory before any changes.

Ensure master hostname (FQDN) and system time are correct.

[[Category:Sysadmin]] Maat

Puppet CA & Certs renewal every 5 year

New page

'''Nota : Last update 8 feb 2026 -> Next renewal before feb 2031'''

= Puppet 2/3 PKI Management =

== Context ==

Puppet v2/v3 does not support automatic CA renewal.

The Puppet CA certificate has a limited lifespan (typically ~5 years by default).

Before or after expiration, the procedure is the same: regenerate the full PKI (master + agents).

Operational difference:
Before expiration → planned maintenance, minimal disruption.
After expiration → agents stop communicating, urgent manual intervention required.

== CA / PKI Rotation Procedure ==

=== 1. On the Puppet Master ===

# Stop the Puppet service:
service puppetmaster stop

# Backup the existing PKI:
mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)

# Remove the old PKI:
mkdir /var/lib/puppet/ssl
chown puippet:puppet /var/lib/puppet/ssl/
chmod 775 /var/lib/puppet/ssl/

# Generate a new CA and master certificate:
puppet cert generate $(hostname -f) --ca

# Restart the Puppet service:
service puppetmaster start

=== 2. On each Puppet Agent ===

Remove the local SSL certificates:

# Stop puppet agent
systemctl stop puppet

# Remove old ssl
mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)
mkdir /var/lib/puppet/ssl
chown puippet:puppet /var/lib/puppet/ssl/
chmod 775 /var/lib/puppet/ssl/

# Start puppet agent
systemctl start puppet

=== 3. Back on Puppet Master ===

# On the master, list unsigned agent certificates
puppet cert list

# Sign agent certificates:
puppet cert sign <agent_hostname>

=== 4. On each Puppet Agent ===

# Re-run Puppet on the agent:
systemctl restart puppet

=== 5. Verification ===

On the master:

openssl x509 -in /var/lib/puppet/ssl/ca/ca_crt.pem -noout -dates

On each agent:

puppet agent -t --verbose

Expected outcome: Puppet applies the catalog without SSL errors.

== Best Practices ==

Monitor CA expiration with:

openssl x509 -in /var/lib/puppet/ssl/ca/ca_crt.pem -noout -enddate

Schedule rotation before expiration (e.g., 90 days prior).

Backup the entire /var/lib/puppet/ssl directory before any changes.

Ensure master hostname (FQDN) and system time are correct.

[[Category:Sysadmin]] Maat