Lector de Feeds

MGASA-2026-0191 - Updated libxmp packages fix security vulnerabilities

Mageia Security - 10 Junio, 2026 - 06:07
Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-45676 , CVE-2023-45677 , CVE-2023-45679 , CVE-2023-45680 , CVE-2023-45681 , CVE-2023-45682 , CVE-2025-47256 Description CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit() CVE-2023-45680: Null pointer dereference in vorbis_deinit() CVE-2023-45681: Out of bounds heap buffer write CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder() CVE-2023-45677: Heap buffer out of bounds write in start_decoder() CVE-2023-45682: Wild address read in vorbis_decode_packet_rest() CVE-2025-47256 stack-based buffer overflow in depack_pha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file. References SRPMS 9/core
  • libxmp-4.5.0-2.1.mga9

MGASA-2026-0190 - Updated golang-x-net packages fix security vulnerability

Mageia Security - 10 Junio, 2026 - 06:07
Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45338 Description CVE-2024-45338 An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. References SRPMS 9/core
  • golang-x-net-0.7.0-2.1.mga9

MGASA-2026-0189 - Updated libssh packages fix security vulnerabilities

Mageia Security - 10 Junio, 2026 - 06:07
Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4877 , CVE-2025-4878 , CVE-2025-5318 , CVE-2025-5351 , CVE-2025-5372 , CVE-2025-5449 , CVE-2025-5987 Description CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekey_from_file() CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 ssh_kdf() returns a success code on certain failures CVE-2025-5449 Likely read beyond bounds in sftp server message decoding CVE-2025-5987 Invalid return code for chacha20 poly1305 with OpenSSL backend References SRPMS 9/core
  • libssh-0.10.6-1.1.mga9

MGASA-2026-0188 - Updated jq packages fix security vulnerabilities

Mageia Security - 10 Junio, 2026 - 06:07
Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-23337 , CVE-2025-48060 , CVE-2026-32316 , CVE-2026-39979 , CVE-2026-33948 , CVE-2026-33947 , CVE-2026-39956 , CVE-2026-40164 Description An integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. (CVE-2024-23337) It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-32316) It was discovered that jq did not correctly handle recursion in certain circumstances. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-33947) It was discovered that jq did not correctly handle improperly terminated strings. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-33948) It was discovered that jq did not correctly handle checking certain variable types. An attacker could possibly use this issue to cause a denial of service or leak sensitive information. (CVE-2026-39956) It was discovered that jq did not correctly handle certain string formatting. An attacker could possibly use this issue to leak sensitive information or cause a denial of service. (CVE-2026-39979) It was discovered that jq used a fixed seed for hash table operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-40164) A heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz); (CVE-2025-48060) Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by x00 and arbitrary suffix compiles and executes as only the prefix before the NUL. This leaves jq with a post-CVE-2026-33948 prefix/full-buffer mismatch on the compilation path even though the JSON parser path has already been fixed. (CVE-2026-41256) The ordinary module loader recurses without cycle detection when two otherwise valid modules include each other (CVE-2026-44777) References SRPMS 9/core
  • jq-1.6-3.1.mga9

MGASA-2026-0184 - Updated wireshark packages fix security vulnerabilities

Mageia Security - 10 Junio, 2026 - 01:39
Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-11596 , CVE-2024-9781 , CVE-2025-11626 , CVE-2025-13499 , CVE-2025-13945 , CVE-2025-13946 , CVE-2025-1492 , CVE-2025-5601 , CVE-2025-9817 , CVE-2026-0960 , CVE-2026-5405 , CVE-2026-5653 , CVE-2026-6529 , CVE-2026-6530 , CVE-2026-6867 , CVE-2026-6868 , CVE-2026-6869 , CVE-2026-6870 , CVE-2026-7376 , CVE-2026-7378 , CVE-2026-7379 Description Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer, which could result in denial of service or the execution of arbitrary code. This update fixes the reported issue. References SRPMS 9/core
  • wireshark-4.0.17-1.2.mga9

MGASA-2026-0183 - Updated freeciv packages fix security vulnerabilities

Mageia Security - 10 Junio, 2026 - 01:39
Publication date: 10 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-33250 Description CVE-2026-33250, freeciv crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player's machine References SRPMS 9/core
  • freeciv-3.0.7-1.2.mga9

Mageia 10 Release Notes

Wiki Mageia - 9 Junio, 2026 - 21:19

‎Artwork: mageia-theme-extra information

← Older revision Revision as of 20:19, 9 June 2026 Line 65: Line 65:     For the main screensavers, we have chosen an image size of 3840×2160 and the JXL format, allowing them to look great on modern 2K and even 4K monitors, while maintaining a disk space footprint similar to those included in Mageia 9, which used lower resolutions and the JPG format. For the main screensavers, we have chosen an image size of 3840×2160 and the JXL format, allowing them to look great on modern 2K and even 4K monitors, while maintaining a disk space footprint similar to those included in Mageia 9, which used lower resolutions and the JPG format.  +  +Remember that we have the {{prog|mageia-theme-extra}} package with some additional backgrounds including some of the previous signature backgrounds for mageia.     == Major developments == == Major developments == Katnatek
Categorías: Wiki de Mageia

MGASA-2026-0181 - Updated suricata packages fix security vulnerabilities

Mageia Security - 9 Junio, 2026 - 06:29
Publication date: 09 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45797 , CVE-2024-47187 , CVE-2024-47188 , CVE-2024-47522 , CVE-2024-45795 , CVE-2024-45796 , CVE-2024-55605 , CVE-2024-55626 , CVE-2024-55627 , CVE-2024-55628 , CVE-2024-55629 , CVE-2025-29916 , CVE-2025-29917 , CVE-2025-29918 Description Various security, performance, accuracy, and stability issues have been fixed, plus we have moved to a supported version. References SRPMS 9/core
  • suricata-7.0.10-1.mga9

QA ISO testers

Wiki Mageia - 7 Junio, 2026 - 21:25

‎For Qa team:: added doktor5000

← Older revision Revision as of 20:25, 7 June 2026 Line 129: Line 129:     * Flavianoep - Flaviano Matos -  pehteimoso-bugzilla at yahoo dot com * Flavianoep - Flaviano Matos -  pehteimoso-bugzilla at yahoo dot com  +  +* doktor5000 - Florian Hubold - doktor5000 at arcor dot de Doktor5000
Categorías: Wiki de Mageia
Feed