Lector de Feeds

MGASA-2026-0170 - Updated assimp packages fix security vulnerabilities

Mageia Security - 2 Junio, 2026 - 06:23
Publication date: 02 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2750 , CVE-2025-2751 , CVE-2025-2757 , CVE-2025-3158 , CVE-2025-3548 , CVE-2025-11277 , CVE-2025-70067 Description CVE-2025-2750,- A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. CVE-2025-2757, A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AI_MD5_PARSE_STRING_IN_QUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipulation of the argument data leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. CVE-2025-2757, A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AI_MD5_PARSE_STRING_IN_QUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipulation of the argument data leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. CVE-2025-3158, A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. CVE-2025-3548, A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. CVE-2025-11277, A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. CVE-2025-70067, Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation References SRPMS 9/core
  • assimp-5.2.5-1.mga9

MGASA-2026-0169 - Updated sdl2_sound packages fix security vulnerability

Mageia Security - 2 Junio, 2026 - 06:23
Publication date: 02 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14369 Description Updated packages fix CVE-2025-14369 in bundled dr_flac. References SRPMS 9/core
  • sdl2_sound-1.0.4-0.hg653.7.mga9

MGASA-2026-0168 - Updated tar packages fix security vulnerability

Mageia Security - 2 Junio, 2026 - 06:23
Publication date: 02 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-5704 Description A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection. This update fixes the reported issue. References SRPMS 9/core
  • tar-1.35-4.mga9

MGAA-2026-0031 - Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk fix security vulnerabilities

Mageia Security - 2 Junio, 2026 - 06:23
Publication date: 02 Jun 2026
Type: bugfix
Affected Mageia releases : 9
CVE: CVE-2026-22007 , CVE-2026-22008 , CVE-2026-22013 , CVE-2026-22016 , CVE-2026-22018 , CVE-2026-22021 , CVE-2026-23865 , CVE-2026-34268 , CVE-2026-34282 Description Enhance crypto algorithm support. (CVE-2026-22007) Improved Arena allocations. (CVE-2026-22008) Improve Kerberos credentialing. (CVE-2026-22013) Enhance Path Factories Redux. (CVE-2026-22016) Enhance Zip file reading. (CVE-2026-22018) Enhance certificate chain validation. (CVE-2026-22021) Updating FreeType 2.14.1 . (CVE-2026-23865) Enhance key generation. (CVE-2026-34268) Enhance TLS connection handling. (CVE-2026-34282) References SRPMS 9/core
  • java-1.8.0-openjdk-1.8.0.492.b09-1.mga9
  • java-11-openjdk-11.0.31.0.11-1.mga9
  • java-17-openjdk-17.0.19.0.10-1.mga9
  • java-latest-openjdk-25.0.3.0.9-1.rolling.1.mga9

IsoDumper Writing ISO images on USB sticks

Wiki Mageia - 1 Junio, 2026 - 17:37

‎Interface on Mageia 9

← Older revision Revision as of 16:37, 1 June 2026 Line 52: Line 52:  Results of the checks are reported in the logg. Results of the checks are reported in the logg.    −== Interface on Mageia 9 ==+== Interface on Mageia 9 and later ==  The interface have been redesigned for a clear workflow, from top to bottom: The interface have been redesigned for a clear workflow, from top to bottom:  # Select the device in the top left dropdown.  If you plug in or out devices, press the button at right to update the list. # Select the device in the top left dropdown.  If you plug in or out devices, press the button at right to update the list. Papoteur
Categorías: Wiki de Mageia

Mageia 10 Release Notes

Wiki Mageia - 1 Junio, 2026 - 13:56

‎dnfdragora

← Older revision Revision as of 12:56, 1 June 2026 (One intermediate revision by the same user not shown)Line 161: Line 161:  ===== MageiaWelcome ===== ===== MageiaWelcome =====    −The 'Welcome' screen is an application that is presented to users when booting into a fresh installation of Mageia. It has now been entirely reworked to have a linear approach, with successive steps following in a logical order of important things to know and do post-installation. By default, it will run at each subsequent boot, but this behaviour is optional. Even if the auto-run option is disabled - it can be invoked at any time as an application (mageiawelcome).+The 'Welcome' screen is an application that is presented to users when booting into a fresh installation of Mageia. It has been updated to follow novelties in Mageia 10. By default, it will run at each subsequent boot, but this behaviour is optional. Even if the auto-run option is disabled - it can be invoked at any time as an application (mageiawelcome).     ===== Isodumper ===== ===== Isodumper =====    −[[IsoDumper_Writing_ISO_images_on_USB_sticks|Isodumper]] is a tool to write ISO images on memory devices. The interface has been reworked to allow successive operations to be done in one shot.+[[IsoDumper_Writing_ISO_images_on_USB_sticks|Isodumper]] is a tool to write ISO images on memory devices. The interface has been reworked to allow successive operations to be done in one shot. It now also uses the graphical layer AUI from python-manatools (see below).  +   +   +===== dnfdragora =====  +{{cmd|dnfdragora}} has been extensively reworked. This packages manager now uses the dnf5 libraries. The interface now uses a new graphical abstraction layer AUI provided by python-manatools, which completely replaces the previously used libyui layer.  +   +===== manafirewall =====  +This tool provides a graphical interface for firewalld and allows users to manage firewall zones, services, ports, and rules without touching the command line. It now also uses the graphical layer AUI from python-manatools.  +   +===== python-manatools =====  +This set of services for other tools now provides a graphical abstraction layer, allowing applications that use it to be rendered using Qt6, GTK4, or in text mode (ncurses). This library is entirely written in Python. We hope this will make it easier to maintain and extend its functionality without the constraints of the upstream project.     ===== Docker ===== ===== Docker ===== Line 207: Line 217:     {{prog|dhcpcd}} replaces the obsolete {{prog|dhcp-client}}. {{prog|dhcpcd}} replaces the obsolete {{prog|dhcp-client}}. −Our network configuration tools have been adapted to use {{prog|dhcpcd}} in replace of {{prog|dhcp-client}}+Our network configuration tools have been adapted to use {{prog|dhcpcd}} in replacement of {{prog|dhcp-client}}     ==== dmesg ==== ==== dmesg ==== Papoteur
Categorías: Wiki de Mageia
Feed