Lector de Feeds

MGASA-2026-0179 - Updated golang-x-crypto & golang-x-sys-devel packages fix security vulnerability

Mageia Security - 7 Junio, 2026 - 06:10
Publication date: 07 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-48795 Description fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately after the secure channel was established without either side being aware. The impact of this attack is relatively limited, as it does not compromise confidentiality of the channel. Notably this attack would allow an attacker to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a handful of newer security features. References SRPMS 9/core
  • golang-x-crypto-0.45.0-1.mga9
  • golang-x-sys-0.30.0-2.mga9

MGASA-2026-0178 - Updated xdg-dbus-proxy packages fix security vulnerability

Mageia Security - 7 Junio, 2026 - 06:10
Publication date: 07 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-34080 Description A policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' (with a space before the equals sign) and similar cases. References SRPMS 9/core
  • xdg-dbus-proxy-0.1.7-1.mga9

Mageia 10 Veröffentlichungshinweise-de

Wiki Mageia - 6 Junio, 2026 - 19:52

← Older revision Revision as of 18:52, 6 June 2026 Line 633: Line 633:     Diese Kategorie enthält die folgenden Pakete, alphabetisch: Diese Kategorie enthält die folgenden Pakete, alphabetisch:  +* bookworm Psyca
Categorías: Wiki de Mageia

MGASA-2026-0176 - Updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security vulnerabilities

Mageia Security - 6 Junio, 2026 - 06:36
Publication date: 06 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-27551 , CVE-2025-27552 Description The updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security issues: DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Digest.pm (CVE-2025-27551) DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm (CVE-2025-27552) References SRPMS 9/core
  • perl-DBIx-Class-EncodedColumn-0.110.0-1.mga9
  • perl-Crypt-URandom-Token-0.005-1.mga9

Mageia 10 Release Notes

Wiki Mageia - 5 Junio, 2026 - 20:16

‎With removal on upgrade: add bookworm

← Older revision Revision as of 19:16, 5 June 2026 Line 720: Line 720:  This category contains the following packages, alphabetically: This category contains the following packages, alphabetically:    −*+* bookworm        <!-- More? --> <!-- More? --> Katnatek
Categorías: Wiki de Mageia

MGASA-2026-0175 - Updated cockpit packages fix security vulnerabilities

Mageia Security - 5 Junio, 2026 - 18:37
Publication date: 05 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-4802 , CVE-2026-4631 , CVE-2026-4800 Description CVE-2026-4631, Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands, achieving code execution on the Cockpit host without valid credentials. The injection occurs during the authentication flow before any credential verification takes place, meaning no login is required to exploit the vulnerability. CVE-2026-4800, lodash vulnerable to Code Injection via `_.template` imports key names CVE-2026-4802, A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise. References SRPMS 9/core
  • cockpit-356.2-1.mga9

MGASA-2026-0174 - Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities

Mageia Security - 5 Junio, 2026 - 18:37

MGAA-2026-0033 - Updated drakxtools packages fix bug

Mageia Security - 5 Junio, 2026 - 18:37
Publication date: 05 Jun 2026
Type: bugfix
Affected Mageia releases : 9
Description Closing windows of applications launched from Mageia Control Center (aka MCC) should return to the main MCC window; currently that does not happen. This update fixes the reported issue. References SRPMS 9/core
  • drakxtools-18.66.1-1.mga9

Medidas para proteger nuestros servicios web

Blog de Mageia-ES - 5 Junio, 2026 - 11:27

Como muchos servicios en el mundo del software, nuestros servicios están sujetos a solicitudes automatizadas disruptivas que sobrecargan nuestros servidores. Es posible que hayas notado esto en forma de importantes retrasos en la carga o incluso que los servicios dejen de estar disponibles.

Por ello, hemos implementado un sistema de seguridad durante los últimos días que nos permite rechazar las solicitudes que consideramos inapropiadas. Este sistema requiere específicamente la ejecución de un programa JavaScript, lo que frustra una cantidad significativa de bots. Es posible que vea aparecer brevemente la siguiente pantalla.

La infraestructura que hemos implementado nos permite restaurar un nivel muy alto de disponibilidad del servicio. También nos permitirá realizar ajustes fácilmente.

Sin embargo, si nota que ciertas características se ven afectadas por estas medidas, háganoslo saber, ya que esto nos permitirá realizar ajustes más precisos.

Categorías: Blogs Oficiales

Mageia 10 Veröffentlichungshinweise-de

Wiki Mageia - 5 Junio, 2026 - 07:26

← Older revision Revision as of 06:26, 5 June 2026 Line 366: Line 366:     === Internetanwendungen === === Internetanwendungen === −* Der Chromium-Browser wurde entfernt, wegen zu viel Arbeit zur Pflege <!--#33609--> Falls Sie diesen benötigen, installieren Sie diesen als [[Flatpak-de|Flatpak]]; install app/org.chromium.Chromium/x86_64/stable, oder Chrome Flatpak. Verwenden Sie alternativ die von Google bereitgestellte RPM von Chrome.+* Der Chromium-Browser wurde entfernt, wegen zu viel Arbeit zur Pflege <!--#33609--> Falls Sie diesen benötigen, installieren Sie diesen als [[Flatpak-de|Flatpak]]; install app/org.chromium.Chromium/x86_64/stable, oder Chrome Flatpak. Verwenden Sie alternativ die von [[Google_Chrome-de|Google bereitgestellte RPM von Chrome]].  * Firefox wurde auf 140 ESR aktualisiert** * Firefox wurde auf 140 ESR aktualisiert**  * Wir haben Browser für das Gemini Protokoll hinzugefügt: Lagrange (SDL), Kristall (Qt), Offpunk (CLI) * Wir haben Browser für das Gemini Protokoll hinzugefügt: Lagrange (SDL), Kristall (Qt), Offpunk (CLI) Psyca
Categorías: Wiki de Mageia

Kernel-Arten-de

Wiki Mageia - 5 Junio, 2026 - 07:26

← Older revision Revision as of 06:26, 5 June 2026 Line 71: Line 71:  '''Für Mageia 9'''<br> '''Für Mageia 9'''<br>    −Kernel 6.18.4 wird seit Januar 2026 in den core backport Repositorien (6.18.26 in den backport Repositorien seit Mai 2026) für die x86 Architektur, für Desktop und Server, sowie als gleiche Arten für i586 und desktop586, angeboten.<br>+Kernel 6.18 wird seit Januar 2026 in den core backport Repositorien (6.18.33 seit Juni 2026) für die x86 Architektur, für Desktop und Server, sowie als gleiche Arten für i586 und desktop586, angeboten.<br>  Für aarch64 und armv7hl bieten wir aktuell nur die Pakete für den Quellcode und die Dokumentation.<br> Für aarch64 und armv7hl bieten wir aktuell nur die Pakete für den Quellcode und die Dokumentation.<br>  Sie finden auch Kernel 6.12.60 für alle Architekturen für den Desktop im core backport Repository '' - Beachten Sie, dass dieser sicherheitstechnisch alt ist, aber Sie möchten diesen gegebenenfalls zum ''testen'' verwenden, falls 6.18 nicht mit Ihrem System kompatibel ist.''<br> Sie finden auch Kernel 6.12.60 für alle Architekturen für den Desktop im core backport Repository '' - Beachten Sie, dass dieser sicherheitstechnisch alt ist, aber Sie möchten diesen gegebenenfalls zum ''testen'' verwenden, falls 6.18 nicht mit Ihrem System kompatibel ist.''<br> Psyca
Categorías: Wiki de Mageia

Mageia 10 Release Notes

Wiki Mageia - 5 Junio, 2026 - 07:22

fix broken link

← Older revision Revision as of 06:22, 5 June 2026 Line 421: Line 421:     === Internet apps === === Internet apps === −* Chromium-browser have been dropped due to too much maintenance work. <!--#33609--> If you need it, install it as [[Flatpak]]; install app/org.chromium.Chromium/x86_64/stable, or Chrome Flatpak. Or [https://wiki.mageia.org/en/Installing_Google_Chrome_in_Mageia|use the Chrome RPM from Google].  +* Chromium-browser have been dropped due to too much maintenance work. <!--#33609--> If you need it, install it as [[Flatpak]]; install app/org.chromium.Chromium/x86_64/stable, or Chrome Flatpak. Or [[Installing_Google_Chrome_in_Mageia|use the Chrome RPM from Google]].    * Firefox has been updated to 140 ESR** * Firefox has been updated to 140 ESR**  * We added browsers for Gemini protocol: Lagrange (SDL), Kristall (Qt), Offpunk (CLI). * We added browsers for Gemini protocol: Lagrange (SDL), Kristall (Qt), Offpunk (CLI). Psyca
Categorías: Wiki de Mageia

Kernel flavours

Wiki Mageia - 4 Junio, 2026 - 22:10

‎Backport kernels: 6.18.33 now.

← Older revision Revision as of 21:10, 4 June 2026 Line 79: Line 79:     '''In Mageia 9'''<br> '''In Mageia 9'''<br> −Kernel 6.18.4 is provided since January 2026 in the core backport repository (6.18.26 in backport_testing May 2026) for x86_64 in desktop and server flavour, and for i586 the same plus desktop586.<br>+Kernel 6.18 is provided since January 2026 in the core backport repository (at 6.18.33 in june) for x86_64 in desktop and server flavour, and for i586 the same plus desktop586.<br>  For aarch64 and armv7hl we currently only provide source and doc packages. <br> For aarch64 and armv7hl we currently only provide source and doc packages. <br>  You also find kernel 6.12.60 for all architectures in desktop flavour in core backort testing repository ''- note that it is old security wise now but you may like to test it if 6.18 is not compatible for your use.''<br> You also find kernel 6.12.60 for all architectures in desktop flavour in core backort testing repository ''- note that it is old security wise now but you may like to test it if 6.18 is not compatible for your use.''<br> Morgano
Categorías: Wiki de Mageia

Mageia 10 Release Notes

Wiki Mageia - 4 Junio, 2026 - 15:01

‎Internet apps

← Older revision Revision as of 14:01, 4 June 2026 Line 421: Line 421:     === Internet apps === === Internet apps === −* Chromium-browser have been dropped due to too much maintenance work. <!--#33609--> If you need it, install it as [[Flatpak]]; install app/org.chromium.Chromium/x86_64/stable, or Chrome Flatpak. Or use the Chrome RPM from Google.  +* Chromium-browser have been dropped due to too much maintenance work. <!--#33609--> If you need it, install it as [[Flatpak]]; install app/org.chromium.Chromium/x86_64/stable, or Chrome Flatpak. Or [https://wiki.mageia.org/en/Installing_Google_Chrome_in_Mageia|use the Chrome RPM from Google].    * Firefox has been updated to 140 ESR** * Firefox has been updated to 140 ESR**  * We added browsers for Gemini protocol: Lagrange (SDL), Kristall (Qt), Offpunk (CLI). * We added browsers for Gemini protocol: Lagrange (SDL), Kristall (Qt), Offpunk (CLI). Baud
Categorías: Wiki de Mageia

MGASA-2026-0172 - Updated lxc packages fix security vulnerability

Mageia Security - 4 Junio, 2026 - 06:19
Publication date: 04 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-39402 Description CVE-2026-39402, lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion References SRPMS 9/core
  • lxc-5.0.3-1.1.mga9

MGAA-2026-0032 - Updated ceph packages fix bug

Mageia Security - 4 Junio, 2026 - 06:19
Publication date: 04 Jun 2026
Type: bugfix
Affected Mageia releases : 9
Description Updated ceph packages matching upstream bug fix release for the "Relief" branch References SRPMS 9/core
  • ceph-18.2.8-1.mga9

Measures to protect our web services.

Blog de Mageia (English) - 2 Junio, 2026 - 16:49

Like many services in the software world, our services are subject to disruptive automated requests that overload our servers. You may have noticed this in the form of significant loading delays or even services becoming unavailable.

We have therefore implemented a security system over the past few days that allows us to reject requests we deem inappropriate. This system specifically requires the execution of a JavaScript program, which thwarts a significant number of bots. You may see the following screen appear briefly.

The infrastructure we’ve put in place allows us to restore a very high level of service availability. It will also enable us to make adjustments easily.

However, if you notice that certain features are affected by these measures, please let us know, as this will allow us to make more precise adjustments.

Categorías: Blogs Oficiales

MGASA-2026-0171 - Updated libcaca packages fix security vulnerability

Mageia Security - 2 Junio, 2026 - 06:23
Publication date: 02 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-42046 Description Heap OOB write in canvas import functions caused by int overflow. (CVE-2026-42046) References SRPMS 9/core
  • libcaca-0.99-0.beta19.11.1.mga9
Feed