Lector de Feeds
MGASA-2026-0179 - Updated golang-x-crypto & golang-x-sys-devel packages fix security vulnerability
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-48795 Description fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately after the secure channel was established without either side being aware. The impact of this attack is relatively limited, as it does not compromise confidentiality of the channel. Notably this attack would allow an attacker to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a handful of newer security features. References
- https://bugs.mageia.org/show_bug.cgi?id=32674
- https://www.openwall.com/lists/oss-security/2023/12/18/3
- https://www.openwall.com/lists/oss-security/2023/12/19/5
- https://www.openwall.com/lists/oss-security/2023/12/20/3
- https://www.cve.org/CVERecord?id=CVE-2023-48795
- golang-x-crypto-0.45.0-1.mga9
- golang-x-sys-0.30.0-2.mga9
MGASA-2026-0178 - Updated xdg-dbus-proxy packages fix security vulnerability
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-34080 Description A policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' (with a space before the equals sign) and similar cases. References
- https://bugs.mageia.org/show_bug.cgi?id=35347
- https://www.openwall.com/lists/oss-security/2026/04/10/15
- https://github.com/flatpak/xdg-dbus-proxy/security/advisories/GHSA-vjp5-hjfm-7677
- https://www.cve.org/CVERecord?id=CVE-2026-34080
- xdg-dbus-proxy-0.1.7-1.mga9
Mageia 10 Veröffentlichungshinweise-de
MGASA-2026-0177 - Updated kernel-linus packages fix security vulnerabilities
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-43491 , CVE-2026-43492 , CVE-2026-43493 , CVE-2026-43495 , CVE-2026-43496 , CVE-2026-43497 , CVE-2026-43499 , CVE-2026-43501 , CVE-2026-43502 , CVE-2026-43503 , CVE-2026-46300 , CVE-2026-46333 Description Vanilla upstream kernel version 6.6.141 fixes vulnerabilities. For information about the vulnerabilities see the links. References
- https://bugs.mageia.org/show_bug.cgi?id=35590
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.139
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.140
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.141
- https://www.cve.org/CVERecord?id=CVE-2026-43491
- https://www.cve.org/CVERecord?id=CVE-2026-43492
- https://www.cve.org/CVERecord?id=CVE-2026-43493
- https://www.cve.org/CVERecord?id=CVE-2026-43495
- https://www.cve.org/CVERecord?id=CVE-2026-43496
- https://www.cve.org/CVERecord?id=CVE-2026-43497
- https://www.cve.org/CVERecord?id=CVE-2026-43499
- https://www.cve.org/CVERecord?id=CVE-2026-43501
- https://www.cve.org/CVERecord?id=CVE-2026-43502
- https://www.cve.org/CVERecord?id=CVE-2026-43503
- https://www.cve.org/CVERecord?id=CVE-2026-46300
- https://www.cve.org/CVERecord?id=CVE-2026-46333
- kernel-linus-6.6.141-1.mga9
MGASA-2026-0176 - Updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security vulnerabilities
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-27551 , CVE-2025-27552 Description The updated perl-DBIx-Class-EncodedColumn and new perl-Crypt-URandom-Token packages fix security issues: DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Digest.pm (CVE-2025-27551) DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm (CVE-2025-27552) References
- https://bugs.mageia.org/show_bug.cgi?id=34215
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZO6ZQ5X5UGT2U2IHHPDXAJUDE27HTUX/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTXKJZJLOFULT3WQ46ITSLDFTLG4YKJ2/
- https://www.cve.org/CVERecord?id=CVE-2025-27551
- https://www.cve.org/CVERecord?id=CVE-2025-27552
- perl-DBIx-Class-EncodedColumn-0.110.0-1.mga9
- perl-Crypt-URandom-Token-0.005-1.mga9
Mageia 10 Release Notes
With removal on upgrade: add bookworm
← Older revision Revision as of 19:16, 5 June 2026 Line 720: Line 720: This category contains the following packages, alphabetically: This category contains the following packages, alphabetically: −*+* bookworm <!-- More? --> <!-- More? --> KatnatekMGASA-2026-0175 - Updated cockpit packages fix security vulnerabilities
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-4802 , CVE-2026-4631 , CVE-2026-4800 Description CVE-2026-4631, Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands, achieving code execution on the Cockpit host without valid credentials. The injection occurs during the authentication flow before any credential verification takes place, meaning no login is required to exploit the vulnerability. CVE-2026-4800, lodash vulnerable to Code Injection via `_.template` imports key names CVE-2026-4802, A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise. References
- https://bugs.mageia.org/show_bug.cgi?id=35563
- https://www.openwall.com/lists/oss-security/2026/05/20/19
- https://github.com/cockpit-project/cockpit/releases/tag/339
- https://github.com/cockpit-project/cockpit/releases/tag/340
- https://github.com/cockpit-project/cockpit/releases/tag/341
- https://github.com/cockpit-project/cockpit/releases/tag/341.1
- https://github.com/cockpit-project/cockpit/releases/tag/342
- https://github.com/cockpit-project/cockpit/releases/tag/343
- https://github.com/cockpit-project/cockpit/releases/tag/344
- https://github.com/cockpit-project/cockpit/releases/tag/345
- https://github.com/cockpit-project/cockpit/releases/tag/346
- https://github.com/cockpit-project/cockpit/releases/tag/347
- https://github.com/cockpit-project/cockpit/releases/tag/348
- https://github.com/cockpit-project/cockpit/releases/tag/349
- https://github.com/cockpit-project/cockpit/releases/tag/350
- https://github.com/cockpit-project/cockpit/releases/tag/351
- https://github.com/cockpit-project/cockpit/releases/tag/352
- https://github.com/cockpit-project/cockpit/releases/tag/353
- https://github.com/cockpit-project/cockpit/releases/tag/353.1
- https://github.com/cockpit-project/cockpit/releases/tag/354
- https://github.com/cockpit-project/cockpit/releases/tag/355
- https://github.com/cockpit-project/cockpit/releases/tag/356
- https://github.com/cockpit-project/cockpit/releases/tag/356.1
- https://github.com/cockpit-project/cockpit/releases/tag/356.2
- https://github.com/advisories/GHSA-rq49-h582-83m7
- https://github.com/advisories/GHSA-r5fr-rjxr-66jc
- https://github.com/advisories/GHSA-3wjm-5g86-c6p3
- https://www.cve.org/CVERecord?id=CVE-2026-4802
- https://www.cve.org/CVERecord?id=CVE-2026-4631
- https://www.cve.org/CVERecord?id=CVE-2026-4800
- cockpit-356.2-1.mga9
MGASA-2026-0174 - Updated kernel, kmod-virtualbox & kmod-xtables-addons packages fix security vulnerabilities
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-43491 , CVE-2026-43492 , CVE-2026-43493 , CVE-2026-43495 , CVE-2026-43496 , CVE-2026-43497 , CVE-2026-43499 , CVE-2026-43501 , CVE-2026-43502 , CVE-2026-43503 , CVE-2026-46300 , CVE-2026-46333 Description Upstream kernel version 6.6.141 fixes vulnerabilities. The kmod-virtualbox & kmod-xtables-addons packages have been updated to work with this new kernel. References
- https://bugs.mageia.org/show_bug.cgi?id=35579
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.139
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.140
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.141
- https://www.cve.org/CVERecord?id=CVE-2026-43491
- https://www.cve.org/CVERecord?id=CVE-2026-43492
- https://www.cve.org/CVERecord?id=CVE-2026-43493
- https://www.cve.org/CVERecord?id=CVE-2026-43495
- https://www.cve.org/CVERecord?id=CVE-2026-43496
- https://www.cve.org/CVERecord?id=CVE-2026-43497
- https://www.cve.org/CVERecord?id=CVE-2026-43499
- https://www.cve.org/CVERecord?id=CVE-2026-43501
- https://www.cve.org/CVERecord?id=CVE-2026-43502
- https://www.cve.org/CVERecord?id=CVE-2026-43503
- https://www.cve.org/CVERecord?id=CVE-2026-46300
- https://www.cve.org/CVERecord?id=CVE-2026-46333
- kernel-6.6.141-1.mga9
- kmod-virtualbox-7.1.18-20.mga9
- kmod-xtables-addons-3.24-92.mga9
MGASA-2026-0173 - Updated xmlrpc-c packages fix security vulnerabilities
Type: security
Affected Mageia releases : 9
CVE: CVE-2022-25236 , CVE-2022-25313 , CVE-2022-25314 , CVE-2022-25315 , CVE-2022-40674 , CVE-2022-43680 Description This update fixes the vulnerabilities by no longer building with the vulnerable bundled libexpat version. References
- https://bugs.mageia.org/show_bug.cgi?id=31123
- https://www.cve.org/CVERecord?id=CVE-2022-25236
- https://www.cve.org/CVERecord?id=CVE-2022-25313
- https://www.cve.org/CVERecord?id=CVE-2022-25314
- https://www.cve.org/CVERecord?id=CVE-2022-25315
- https://www.cve.org/CVERecord?id=CVE-2022-40674
- https://www.cve.org/CVERecord?id=CVE-2022-43680
- xmlrpc-c-1.51.08-1.1.mga9
MGAA-2026-0033 - Updated drakxtools packages fix bug
Type: bugfix
Affected Mageia releases : 9
Description Closing windows of applications launched from Mageia Control Center (aka MCC) should return to the main MCC window; currently that does not happen. This update fixes the reported issue. References SRPMS 9/core
- drakxtools-18.66.1-1.mga9
Medidas para proteger nuestros servicios web
Como muchos servicios en el mundo del software, nuestros servicios están sujetos a solicitudes automatizadas disruptivas que sobrecargan nuestros servidores. Es posible que hayas notado esto en forma de importantes retrasos en la carga o incluso que los servicios dejen de estar disponibles.
Por ello, hemos implementado un sistema de seguridad durante los últimos días que nos permite rechazar las solicitudes que consideramos inapropiadas. Este sistema requiere específicamente la ejecución de un programa JavaScript, lo que frustra una cantidad significativa de bots. Es posible que vea aparecer brevemente la siguiente pantalla.
La infraestructura que hemos implementado nos permite restaurar un nivel muy alto de disponibilidad del servicio. También nos permitirá realizar ajustes fácilmente.
Sin embargo, si nota que ciertas características se ven afectadas por estas medidas, háganoslo saber, ya que esto nos permitirá realizar ajustes más precisos.
Mageia 10 Veröffentlichungshinweise-de
Kernel-Arten-de
Mageia 10 Release Notes
fix broken link
← Older revision Revision as of 06:22, 5 June 2026 Line 421: Line 421: === Internet apps === === Internet apps === −* Chromium-browser have been dropped due to too much maintenance work. <!--#33609--> If you need it, install it as [[Flatpak]]; install app/org.chromium.Chromium/x86_64/stable, or Chrome Flatpak. Or [https://wiki.mageia.org/en/Installing_Google_Chrome_in_Mageia|use the Chrome RPM from Google]. +* Chromium-browser have been dropped due to too much maintenance work. <!--#33609--> If you need it, install it as [[Flatpak]]; install app/org.chromium.Chromium/x86_64/stable, or Chrome Flatpak. Or [[Installing_Google_Chrome_in_Mageia|use the Chrome RPM from Google]]. * Firefox has been updated to 140 ESR** * Firefox has been updated to 140 ESR** * We added browsers for Gemini protocol: Lagrange (SDL), Kristall (Qt), Offpunk (CLI). * We added browsers for Gemini protocol: Lagrange (SDL), Kristall (Qt), Offpunk (CLI). PsycaKernel flavours
Backport kernels: 6.18.33 now.
← Older revision Revision as of 21:10, 4 June 2026 Line 79: Line 79: '''In Mageia 9'''<br> '''In Mageia 9'''<br> −Kernel 6.18.4 is provided since January 2026 in the core backport repository (6.18.26 in backport_testing May 2026) for x86_64 in desktop and server flavour, and for i586 the same plus desktop586.<br>+Kernel 6.18 is provided since January 2026 in the core backport repository (at 6.18.33 in june) for x86_64 in desktop and server flavour, and for i586 the same plus desktop586.<br> For aarch64 and armv7hl we currently only provide source and doc packages. <br> For aarch64 and armv7hl we currently only provide source and doc packages. <br> You also find kernel 6.12.60 for all architectures in desktop flavour in core backort testing repository ''- note that it is old security wise now but you may like to test it if 6.18 is not compatible for your use.''<br> You also find kernel 6.12.60 for all architectures in desktop flavour in core backort testing repository ''- note that it is old security wise now but you may like to test it if 6.18 is not compatible for your use.''<br> MorganoMageia 10 Release Notes
Internet apps
← Older revision Revision as of 14:01, 4 June 2026 Line 421: Line 421: === Internet apps === === Internet apps === −* Chromium-browser have been dropped due to too much maintenance work. <!--#33609--> If you need it, install it as [[Flatpak]]; install app/org.chromium.Chromium/x86_64/stable, or Chrome Flatpak. Or use the Chrome RPM from Google. +* Chromium-browser have been dropped due to too much maintenance work. <!--#33609--> If you need it, install it as [[Flatpak]]; install app/org.chromium.Chromium/x86_64/stable, or Chrome Flatpak. Or [https://wiki.mageia.org/en/Installing_Google_Chrome_in_Mageia|use the Chrome RPM from Google]. * Firefox has been updated to 140 ESR** * Firefox has been updated to 140 ESR** * We added browsers for Gemini protocol: Lagrange (SDL), Kristall (Qt), Offpunk (CLI). * We added browsers for Gemini protocol: Lagrange (SDL), Kristall (Qt), Offpunk (CLI). BaudMGASA-2026-0172 - Updated lxc packages fix security vulnerability
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-39402 Description CVE-2026-39402, lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion References
- https://bugs.mageia.org/show_bug.cgi?id=35487
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/LRWSIWUURCABTGG26SGDYX7OCPQ7FIS7/
- https://github.com/lxc/lxc/security/advisories/GHSA-3m9j-g9gc-vcvq
- https://www.cve.org/CVERecord?id=CVE-2026-39402
- lxc-5.0.3-1.1.mga9
MGAA-2026-0032 - Updated ceph packages fix bug
Type: bugfix
Affected Mageia releases : 9
Description Updated ceph packages matching upstream bug fix release for the "Relief" branch References
- https://bugs.mageia.org/show_bug.cgi?id=35570
- https://ceph.io/en/news/blog/2026/v18-2-8-reef-released/
- ceph-18.2.8-1.mga9
Measures to protect our web services.
Like many services in the software world, our services are subject to disruptive automated requests that overload our servers. You may have noticed this in the form of significant loading delays or even services becoming unavailable.
We have therefore implemented a security system over the past few days that allows us to reject requests we deem inappropriate. This system specifically requires the execution of a JavaScript program, which thwarts a significant number of bots. You may see the following screen appear briefly.
The infrastructure we’ve put in place allows us to restore a very high level of service availability. It will also enable us to make adjustments easily.
However, if you notice that certain features are affected by these measures, please let us know, as this will allow us to make more precise adjustments.
MGASA-2026-0171 - Updated libcaca packages fix security vulnerability
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-42046 Description Heap OOB write in canvas import functions caused by int overflow. (CVE-2026-42046) References
- https://bugs.mageia.org/show_bug.cgi?id=35600
- https://ubuntu.com/security/notices/USN-8318-1
- https://github.com/cacalabs/libcaca/security/advisories/GHSA-4vvg-vrqv-m56w
- https://github.com/cacalabs/libcaca/issues/86
- https://www.cve.org/CVERecord?id=CVE-2026-42046
- libcaca-0.99-0.beta19.11.1.mga9




