Lector de Feeds

Publication date: 29 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-5091 Description The updated package fixes a security vulnerability: Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. (CVE-2026-5091) References

• https://bugs.mageia.org/show_bug.cgi?id=35569
• https://www.openwall.com/lists/oss-security/2026/05/21/19
• https://metacpan.org/release/ETHER/Catalyst-Plugin-Authentication-0.10_025/changes
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5091

SRPMS 9/core

• perl-Catalyst-Plugin-Authentication-0.100.230-12.1.mga9

Publication date: 29 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-9256 Description The updated package fixes a security vulnerability: NGINX ngx_http_rewrite_module vulnerability. (CVE-2026-9256) References

• https://bugs.mageia.org/show_bug.cgi?id=35581
• https://www.openwall.com/lists/oss-security/2026/05/22/14
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9256

SRPMS 9/core

• nginx-1.30.2-1.mga9

Publication date: 29 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-15649 , CVE-2026-48959 , CVE-2026-48961 , CVE-2026-48962 Description The updated package fixes security vulnerabilities: IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date. (CVE-2025-15649) IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. (CVE-2026-48959) IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. (CVE-2026-48962) References

• https://bugs.mageia.org/show_bug.cgi?id=35593
• https://www.openwall.com/lists/oss-security/2026/05/27/1
• https://www.openwall.com/lists/oss-security/2026/05/27/2
• https://www.openwall.com/lists/oss-security/2026/05/27/3
• https://www.openwall.com/lists/oss-security/2026/05/27/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15649
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48959
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48961
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48962

SRPMS 9/core

• perl-IO-Compress-2.204.0-1.1.mga9

Publication date: 29 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8450 Description The updated package fixes a security vulnerability: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). (CVE-2026-8450) References

• https://bugs.mageia.org/show_bug.cgi?id=35594
• https://www.openwall.com/lists/oss-security/2026/05/27/5
• https://metacpan.org/release/OALDERS/HTTP-Daemon-6.17/changes
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8450

SRPMS 9/core

• perl-HTTP-Daemon-6.140.0-3.1.mga9

‎Einführung: Use translator to sync with english, please check

← Older revision Revision as of 01:30, 29 May 2026 Line 22: Line 22:  Verwenden eines IRC Clienten, wie zum Beispiel {{prog|hexchat}} : wählen Sie das Netwerk Libera.Chat aus und unter Menü Server > Einem Kanal beitreten > #mageia-irgendwas, aus der unten angezeigten Liste. Verwenden eines IRC Clienten, wie zum Beispiel {{prog|hexchat}} : wählen Sie das Netwerk Libera.Chat aus und unter Menü Server > Einem Kanal beitreten > #mageia-irgendwas, aus der unten angezeigten Liste.    −{{note-de|Versuchen Sie den Link aus dem Desktop Client zu kopieren, einen neuen Tab zu öffnen, den Link dort einzufügen und die '''''//''''' vor der URL zu entfernen und drücken Sie anschließend Enter. Falls dies nicht funktioniert, verwenden Sie einen Webclient Link oder treten Sie einfach einem Kanal über Ihren IRC Clienten bei.}}+{{note-de|Die Desktop-Links funktionieren in Firefox nicht. Verwende stattdessen die Webclient-Links oder verbinde dich einfach über deinen IRC-Client mit einem Kanal.}}     == Projektweite Kanäle == == Projektweite Kanäle == Katnatek

the mitre links need to be replaced

New page

The Endnotes need to be updated:

<span id="35">35 https://cve.mitre.org/</span> redirects to https://www.cve.org/

<span id="36">36 https://cve.mitre.org/cve/cna.html</span> redirects to https://www.cve.org/PartnerInformation/ListofPartners

<span id="37">37 https://cve.mitre.org/about/faqs.html#c3</span> redirects to https://www.cve.org/Resources/Media/Archives/OldWebsite/index.html#c3

What are the span ids used for?

Can 35 and 36 get the new link and 37 be removed?

--[[User:Marja|marja]] ([[User talk:Marja|talk]]) 20:36, 28 May 2026 (UTC) Marja

Sync with English version

← Older revision Revision as of 18:49, 28 May 2026 Line 4: Line 4:  <!-- disable this so it's not in release note of isos medias--> <!-- disable this so it's not in release note of isos medias-->    −{{TranslationOverview-es|Mageia 10 Release Notes|02/05/2026|65168}}+{{TranslationOverview-es|Mageia 10 Release Notes|28/05/2026|65324}}     {{multi language banner-es|[[Mageia 10 Veröffentlichungshinweise-de|Deutsch]] ; [[Mageia 10 Release Notes|English]] ; [[Notas sobre Mageia 10-es|Español]]}} {{multi language banner-es|[[Mageia 10 Veröffentlichungshinweise-de|Deutsch]] ; [[Mageia 10 Release Notes|English]] ; [[Notas sobre Mageia 10-es|Español]]}} Line 59: Line 59:  Encontrara que la extensión de los paquetes y la parte que indica la arquitectura en el nombre de las imagenes ISO ha cambiado de i586 a i686. Encontrara que la extensión de los paquetes y la parte que indica la arquitectura en el nombre de las imagenes ISO ha cambiado de i586 a i686.  Ademas debido a que la mayoria de los proyectos de software estan abandonando el soporte 32bit, puede encontrar que el soporte no es tan completo como para los sistemas x86_64. Ademas debido a que la mayoria de los proyectos de software estan abandonando el soporte 32bit, puede encontrar que el soporte no es tan completo como para los sistemas x86_64.  +  +=== Arte ===  +Nuestros equipos de atelier y dev han trabajado arduamente, buscando el mejor equilibrio entre una buena apariencia y el uso del espacio en disco.  +Para el fondo principal, como es costumbre, se ha realizado una selección  de resoluciones para cubrir un amplio rango de monitores, y además, se han optimizado en tamaño mediante algunas de las herramientas disponibles en nuestros repositorios.  +  +Para los salvapantallas principales, se ha elegido un tamaño de imagen de 3840x2160 y el formato JXL, permitiendonos que luzcan bien en monitores modernos de 2K e incluso 4K, y conservar un uso de espacio en disco similar al usado por los incluidos en mageia 9 que usaban resoluciones menores y el formato JPG.     == Principales desarrollos == == Principales desarrollos == Line 150: Line 156:     Desde Mageia 9, la herramienta de configuración de audio, draksound, en  el [https://doc.mageia.org/mcc/9/es/content/index.html CCM], se ha mejorado para facilitar el cambio entre PulseAudio y [[#Servidores de Sonido|PipeWire]]. Desde Mageia 9, la herramienta de configuración de audio, draksound, en  el [https://doc.mageia.org/mcc/9/es/content/index.html CCM], se ha mejorado para facilitar el cambio entre PulseAudio y [[#Servidores de Sonido|PipeWire]].  +  +El control parental (Drakguard) ha sido retirado; es necesario arreglarlo con una nueva versión de e2guardian.     ==== Otras ==== ==== Otras ==== Line 237: Line 245:     : También tenemos "nvidia-newfeature", opción "Controlador: New feature" -  Esta destinado como alternativa para tarjetas más recientes ''pero tenga en cuenta que tal vez no mantengamos actualizado nvidia-newfeature en sincronía con el kernel, y puede ser menos reciente que nvidia-current.''  Tento "nvidia-current" como "nvidia-newfeature" recibiran actualizaciones menores y actualizaciones a nuevas versiones Rxxx durante el teimpo de soporte para Mageia 10. La versión actual se refleja en la versión del paquete.'' : También tenemos "nvidia-newfeature", opción "Controlador: New feature" -  Esta destinado como alternativa para tarjetas más recientes ''pero tenga en cuenta que tal vez no mantengamos actualizado nvidia-newfeature en sincronía con el kernel, y puede ser menos reciente que nvidia-current.''  Tento "nvidia-current" como "nvidia-newfeature" recibiran actualizaciones menores y actualizaciones a nuevas versiones Rxxx durante el teimpo de soporte para Mageia 10. La versión actual se refleja en la versión del paquete.''  +  +:En algunas configuraciones, pueden ocurrir problemas con la imagenal regresar el sistema de la suspension. Basandonos en los reportes de los usuarios, normalmente esto se puede solucionar ajustando los parametros pasados al controlador NVIDIA como se detalla en el reporte {{bug|35242}}.  +  +:Para sistemas que usen nvidia-current (controlador para la series 500 de NVIDIA), descomente las siguientes lineas en {{file|/etc/nvidia-current/modprobe.conf}}:  +  +:''options nvidia-current NVreg_PreserveVideoMemoryAllocations=1''  +:''options nvidia-drm fbdev=0''  +  +:Para la tarjetas mas recientes basadas en la arquitectura Blackwell (RTX 50xx), el controlador nvidia-newfeature (actualmente con la serie 595 de NVIDIA) puede resolver este problema añadiendo el siguiente parametro en {{file|/etc/nvidia-:newfeature-wopengpu/display-driver.conf}}:  +  +:''options nvidia-newfeature-wopengpu NVreg_UseKernelSuspendNotifiers=1''  +  +:Este parametro fue introducido en el controlador NVIDIA 595.45.04 como reemplazo a los obsoletos servicios de suspencion en epacios de ususario, que eran fuente frecuente de inestabilidad.  +:Para aplicar estos cambios debe ejecutar el comando {{cmd|dracut -f}}y reiniciar el sistema.     * Para tarjetas de vídeo antiguas, se proporcionan los controladores propietarios para las series R470 "nvidia470", (el mismo de Mageia 9)  "Geforce 635 a Geforce 920" en nuestras herramientas. R470 fue "nvidia-current" en Mageia 8, y algunas trajetas que lo utilicen pueden necesitar ser configuradas manualmente para que utilicem R470.  ''Note que ya no esta soportado por el desarrollador y no recibira actualizaciones de seguridad, pero aun asi lo proporcionamos para conveniecia de los usuariosque lo necesiten. Los paquetes '' nvidia470 no se incluyen en las Imagenes Live de Mageia 10 <!-- Ref: https://bugs.mageia.org/show_bug.cgi?id=34545#c165 --> pero seran instalados desde el repositorio "nonfree" cuando asi lo elija. (En las imagenes Live necesitara activar [[Persistent_live_systems|la partción persistente]].) * Para tarjetas de vídeo antiguas, se proporcionan los controladores propietarios para las series R470 "nvidia470", (el mismo de Mageia 9)  "Geforce 635 a Geforce 920" en nuestras herramientas. R470 fue "nvidia-current" en Mageia 8, y algunas trajetas que lo utilicen pueden necesitar ser configuradas manualmente para que utilicem R470.  ''Note que ya no esta soportado por el desarrollador y no recibira actualizaciones de seguridad, pero aun asi lo proporcionamos para conveniecia de los usuariosque lo necesiten. Los paquetes '' nvidia470 no se incluyen en las Imagenes Live de Mageia 10 <!-- Ref: https://bugs.mageia.org/show_bug.cgi?id=34545#c165 --> pero seran instalados desde el repositorio "nonfree" cuando asi lo elija. (En las imagenes Live necesitara activar [[Persistent_live_systems|la partción persistente]].) Line 511: Line 533:  * Migrar una instalación de Mageia que '''NO''' estaba en modo  UEFI, , mediante el modo UEFI. * Migrar una instalación de Mageia que '''NO''' estaba en modo  UEFI, , mediante el modo UEFI.  - En estos casos debe realizar una instalación nueva (tal vez conservando la carpeta {{folder-es|/home}}.) - En estos casos debe realizar una instalación nueva (tal vez conservando la carpeta {{folder-es|/home}}.)  +  +- Recuerde que aun puede actualizar a Mageia 10 en modo Legacy. Pero debe estar atento a que las imagenes de Instalacion Clasica arraquen en modo Legacy (y no en modo UEFI), revise las opciones de su BIOS.     ==== Mediante Internet ==== ==== Mediante Internet ==== Katnatek

‎Artwork

← Older revision Revision as of 18:20, 28 May 2026 (2 intermediate revisions by the same user not shown)Line 59: Line 59:  You will find that extension for the packages and the part for architecture in the name of the ISO images have changed from i586 to i686. You will find that extension for the packages and the part for architecture in the name of the ISO images have changed from i586 to i686.  Also, due most of the software projects are dropping 32bit support, you can find that the support is not as full as in the x86_64 systems. Also, due most of the software projects are dropping 32bit support, you can find that the support is not as full as in the x86_64 systems.  +  +=== Artwork ===  +Our atelier and dev teams have worked hard to find the best balance between visual appeal and disk space usage.  +As usual, we’ve selected a range of resolutions for the main background to accommodate a wide variety of monitors, and we’ve also optimized their sizes using tools available in our repositories.  +  +For the main screensavers, we have chosen an image size of 3840×2160 and the JXL format, allowing them to look great on modern 2K and even 4K monitors, while maintaining a disk space footprint similar to those included in Mageia 9, which used lower resolutions and the JPG format.     == Major developments == == Major developments == Line 528: Line 534:  * Upgrading a Mageia installation which was '''NOT''' in UEFI, towards a UEFI-mode. * Upgrading a Mageia installation which was '''NOT''' in UEFI, towards a UEFI-mode.  - In these cases, you have to do a fresh installation. (Possibly keeping the {{folder|/home}} directory.) - In these cases, you have to do a fresh installation. (Possibly keeping the {{folder|/home}} directory.) −- Note that you can still perform the update to Mageia 10 in Legacy-mode. You should, however, pay attention to boot the Live images in Legacy-mode (and not in UEFI-mode), check your BIOS options for that.+- Note that you can still perform the update to Mageia 10 in Legacy-mode. You should, however, pay attention to boot the Classic Installer images in Legacy-mode (and not in UEFI-mode), check your BIOS options for that.     ==== Online-Upgrade ==== ==== Online-Upgrade ==== Katnatek

‎Apprenticeship in progress: Remove AurelianR and katnatek, because they graduated in 2025

← Older revision Revision as of 22:12, 26 May 2026 (3 intermediate revisions by the same user not shown)Line 122: Line 122:  !style="margin:auto"| interests / skills / comments !style="margin:auto"| interests / skills / comments  {{Pkg:appr-cand|example | ex name| example@foo.org | UTC+3 | pt, en | YYYY-MM-DD | What you would like to work with (example areas/programs), what coding and tools you master or like to learn, are you a long time user, do you work on other parts of Mageia.}} {{Pkg:appr-cand|example | ex name| example@foo.org | UTC+3 | pt, en | YYYY-MM-DD | What you would like to work with (example areas/programs), what coding and tools you master or like to learn, are you a long time user, do you work on other parts of Mageia.}} −|-+  −{{Pkg:appr-cand| dima2387 | Dmytro Selin | dima2387@ukr.net | UTC+2 | rus, en | 2018-12-09 | Mageia tools /want to learn C++ coding (have minimum experience)/I have a lot experience in shell and python scripting.  P.S. I am also longtime mga/mdv user }}   |- |-  {{Pkg:appr-cand| magicd3vil | Michael Slíva | michael@sliva.dev | UTC+1 | cs, en | 2022-03-12 | I am a Linux enthusiast, programmer, sysadmin, and avid supporter of open-source software and community. After a lot of distro-hopping, I chose Mageia back in 2018 and never turned back. I want to give back to this great community as a packager while learning something useful and new at the same time. I am knowledgeable at using terminal, shell scripting, bash, and I've repackaged a few packages for myself before. I've also contributed to the Czech translation of the Mageia doc_installer on the Transifex in the past.}}   {{Pkg:appr-cand| magicd3vil | Michael Slíva | michael@sliva.dev | UTC+1 | cs, en | 2022-03-12 | I am a Linux enthusiast, programmer, sysadmin, and avid supporter of open-source software and community. After a lot of distro-hopping, I chose Mageia back in 2018 and never turned back. I want to give back to this great community as a packager while learning something useful and new at the same time. I am knowledgeable at using terminal, shell scripting, bash, and I've repackaged a few packages for myself before. I've also contributed to the Czech translation of the Mageia doc_installer on the Transifex in the past.}}   −|-  −{{Pkg:appr-cand| irton | Alex Proklov | pro2_2000@mail.ru | UTC+9 | ru,en | 2026-05-17 | maintainer.   −}}   |} |}    Line 197: Line 193:  | Moufinure || papoteur || [https://ml.mageia.org/l/arc/dev/2025-08/msg00110.html 2025-08-25] ||  ||  ||  ||  || caprice32  || || ||  || | Moufinure || papoteur || [https://ml.mageia.org/l/arc/dev/2025-08/msg00110.html 2025-08-25] ||  ||  ||  ||  || caprice32  || || ||  ||  |-   |-   −|AurelianR    || DavidG ||[https://ml.mageia.org/l/arc/dev/2025-02/msg00006.html 2025-02-04] || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} ||  mingw-libgcrypt<br>ppsspp<br>vowpal-wabbit<br>zh-autoconvert<br>yodl<br>yencode<br>apr-utils<br>(and about a hundred more)|| {{yes|Done}} || {{yes|Done}} || tnef<br>vulkan-memory-allocator<br>dolphin-emu<br>virtuoso-opensource<br>mpich<br>xen<br>vde2<br>ntk<br>tkgate<br>sugar-artwork<br>fluxbox<br>kde-pdf-servicemenu<br>tcp_wrappers<br>goverlay<br>linphone stack || [https://ml.mageia.org/l/arc/dev/2025-07/msg00146.html {{yes|Done}} 2025-07-09  −|-  −| katnatek || papoteur || [https://ml.mageia.org/l/arc/dev/2023-10/msg00041.html 2023-10-11] || {{yes|Done}} || {{yes|Done}}  || {{yes|Done}} || {{yes|Done}} || lyx<br>mythtv<br>task-plasma5 (spectacle)<br>obconf<br>pidgin-googlechat || {{yes|Done}}  || {{yes|Done}} || python-setuptools-git-versioning python-sphinxcontrib-jquery whatsie evdi awf-extended   −|| [https://ml.mageia.org/l/arc/dev/2025-03/msg00058.html Done 2025-03-13]  −|-   |marja || doktor5000 || {{yes|Done}} || {{yes|Done}}  || {{yes|Done}} || {{yes|Done}}  || {{yes|Done}}  || 5/5<br>? || {{yes|Done}}  ||    || || |marja || doktor5000 || {{yes|Done}} || {{yes|Done}}  || {{yes|Done}} || {{yes|Done}}  || {{yes|Done}}  || 5/5<br>? || {{yes|Done}}  ||    || ||  |-   |-   Line 221: Line 212:  |- |-  | emel_punk || neoclust || [https://ml.mageia.org/l/arc/dev/2020-06/msg00431.html 2020-06-26] [https://ml.mageia.org/l/arc/dev/2022-02/msg00156.html 2022-02-17] || {{yes|Done}} ||  ||  ||  ||  ||  ||  ||  || | emel_punk || neoclust || [https://ml.mageia.org/l/arc/dev/2020-06/msg00431.html 2020-06-26] [https://ml.mageia.org/l/arc/dev/2022-02/msg00156.html 2022-02-17] || {{yes|Done}} ||  ||  ||  ||  ||  ||  ||  || −|-style="background-color:#eee;"  −| Papoteur || Eight_Doctor || [https://ml.mageia.org/l/arc/dev/2021-09/msg00014.html 2021-09-07] || {{yes|Done}} 32313 || [https://bugs.mageia.org/show_bug.cgi?id=27378 {{yes|Done}} ||  ||  ||solfege<br>qt3<br>nicotine+<br>pkcs11-helper  ||  {{yes|Done}} || {{yes|Done}} ||10/10 <br>python-twisted <br>python-django <br>python-django-registration<br>cockpit<br>python-waitress<br>python-ujson<br>python-rencode<br>msec<br>python-qt5-chart<br>xdotool||2022-05-31   |- |-  | linuxero || neoclust ||  || {{yes|Done}} ||  ||  ||  ||  ||  ||  ||  || | linuxero || neoclust ||  || {{yes|Done}} ||  ||  ||  ||  ||  ||  ||  || −|-style="background-color:#eee;"  −| pol4n || neoclust || [https://ml.mageia.org/l/arc/dev/2022-03/msg00117.html 2022-03-11] || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || {{yes|Done}} || rpcbind/sitecopy/spamassassin/ssdeep/sslsplit || {{yes|Done}} || {{yes|Done}} || tap<br>woff2<br>shairplay<br>ntpsec<br>clusterscripts<br>nagios-plugins<br>xymons<br>zathuras<br>rizins<br>vnstat || 2022-08-18   |- |-  | joselp || papoteur,mokraemer || {{yes|Done}} ||  || {{yes|Done}} ||  ||  ||  ||  ||  || photomontage<br>gimp-batcher-plugin ||   | joselp || papoteur,mokraemer || {{yes|Done}} ||  || {{yes|Done}} ||  ||  ||  ||  ||  || photomontage<br>gimp-batcher-plugin ||   Marja

‎Apprenticeship in progress

← Older revision Revision as of 04:51, 26 May 2026 Line 231: Line 231:  |- |-  | zekemx || kekepower || {{yes|Done}} ||  || ||  ||  || 1. conky ||  ||  || displaylink<br>new-lg4ff<br>oversteer || | zekemx || kekepower || {{yes|Done}} ||  || ||  ||  || 1. conky ||  ||  || displaylink<br>new-lg4ff<br>oversteer ||  +|-  +| irton || daviddavid || [https://ml.mageia.org/l/arc/dev/2026-05/msg00352.html 2026-05-17] ||  || ||  ||  ||  ||  ||  ||  ||  +|  |} |}    Daviddavid

Publication date: 26 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-40460 , CVE-2026-40701 , CVE-2026-42926 , CVE-2026-42934 , CVE-2026-42945 , CVE-2026-42946 Description NGINX ngx_quic_module vulnerability. (CVE-2026-40460) NGINX ngx_http_ssl_module vulnerability. (CVE-2026-40701) NGINX ngx_http_proxy_v2_module vulnerability. (CVE-2026-42926) NGINX ngx_http_charset_module vulnerability. (CVE-2026-42934) NGINX ngx_http_rewrite_module vulnerability. (CVE-2026-42945) NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability. (CVE-2026-42946) References

• https://bugs.mageia.org/show_bug.cgi?id=35529
• https://www.openwall.com/lists/oss-security/2026/05/13/7
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40460
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40701
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42926
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42934
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42945
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42946

SRPMS 9/core

• nginx-1.30.1-1.mga9

Publication date: 26 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-33999 , CVE-2026-34000 , CVE-2026-34001 , CVE-2026-34002 , CVE-2026-34003 Description XKB Integer Underflow in XkbSetCompatMap(). (CVE-2026-33999) XKB Out-of-bounds Read in CheckSetGeom(). (CVE-2026-34000) XSYNC Use-after-free in miSyncTriggerFence(). (CVE-2026-34001) XKB Out-of-bounds read in CheckModifierMap(). (CVE-2026-34002) XKB Buffer overflow in CheckKeyTypes(). (CVE-2026-34003) References

• https://bugs.mageia.org/show_bug.cgi?id=35366
• https://www.openwall.com/lists/oss-security/2026/04/14/8
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JGQLR43Z7T6IISLCOC2Q4WB3D4YWB4QS/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RULWKTYNOMHH3NTJ36SDNJVWKXYJ4VVO/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33999
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34000
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34001
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34002
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34003

SRPMS 9/core

• x11-server-21.1.8-7.10.mga9
• x11-server-xwayland-22.1.9-1.10.mga9
• tigervnc-1.13.1-2.11.mga9

Publication date: 26 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8669 Description Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. (CVE-2026-8669) References

• https://bugs.mageia.org/show_bug.cgi?id=35541
• https://www.openwall.com/lists/oss-security/2026/05/15/17
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8669

SRPMS 9/core

• perl-Imager-1.19.0-2.1.mga9

Publication date: 26 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-30997 , CVE-2026-40962 Description An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. (CVE-2026-30997) FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c. (CVE-2026-40962) References

• https://bugs.mageia.org/show_bug.cgi?id=35546
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4TOCC22G6AHEU62PA7DQARAPJYTW6XSE/
• https://excellent-oatmeal-319.notion.site/CVE-2026-30997-Out-of-Bounds-Access-a7929817b9794568b2f7774397c7d65f
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-30997
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40962

SRPMS 9/core

• ffmpeg-5.1.9-1.mga9

9/tainted

• ffmpeg-5.1.9-1.mga9.tainted

Publication date: 19 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-13878 , CVE-2026-1519 Description It was discovered that bind contained a vulnerability where a Malformed BRID/HHIT record can cause named to terminate unexpectedly (CVE-2025-13878). If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (CVE-2026-1519). References

• https://bugs.mageia.org/show_bug.cgi?id=35283
• https://bugs.mageia.org/show_bug.cgi?id=35049
• https://www.openwall.com/lists/oss-security/2026/01/21/3
• https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries
• https://kb.isc.org/docs/cve-2026-1519
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13878
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1519

SRPMS 9/core

• bind-9.18.47-1.mga9

Puedes haber notado que Mageia 10 RC1 fue lanzado hace unos días. Contiene las nuevas ilustraciones de Mageia 10, como el fondo de pantalla que se publicó aquí, pero también salvapantallas realmente bonitos.

Aparte de eso, contiene cientos de nuevos paquetes con correcciones de seguridad y otras que han sido añadidas desde 10beta1. Algunos de ellos están listados abajo:

• firefox-140.10.1
• gtk+3.0-3.24.52
• kernel-6.18.26
• libreoffice-26.2.3.2
• mesa-26.0.6
• nss-3.123.1
• postgresql18-18.3
• rootcerts-20260412.00
• samba-4.23.7
• systemd-258.7
• thunderbird-140.10.0
• urpmi-8.136

Las listas completas de paquetes incluidos se encuentran en los archivos .idx de los medios de instalación clásicos o en los archivos .lst de las imágenes iso en vivo.

Sin embargo, nuestros empaquetadores ya han publicado más correcciones de seguridad y otros errores después de que se crearan las ISO 10RC1. A continuación se mencionan algunas de ellas:

• kernel-6.18.30-2.mga10
• firefox-140.10.2-1.mga10
• gtk4.0-4.20.4-1.mga10
• glib2.0-2.86.5-1.mga10
• java-*-openjdk
• mariadb-12.2.2-2.mga10
• mutter-49.5-1.mga10
• python3-3.13.13-7.mga10
• sddm-0.21.0-17.mga10
• thunderbird-140.10.2-1.mga10

Por favor, prueba una o más ISOs e informa de cualquier problema en nuestro Bugzilla. Ten en cuenta que estamos siendo machacados por bots de IA, por favor ten paciencia si la conexión a Bugzilla es difícil.

No encontramos problemas impactantes al probar estas ISO antes de que fueran lanzadas, realmente necesitamos que las pruebes para detectar problemas que nos perdimos. Algunos de los problemas menos graves que puede encontrar se enumeran en las Erratas de Mageia 10.

¡Esperamos que disfrutes con esta nueva versión de prueba!

You may have noticed that Mageia 10 RC1 was released a few days ago. It contains the new Mageia 10 artwork, like the wallpaper that was published here, but also really nice screensavers.

Apart from that, it contains hundreds of newer packages with security and other fixes that have been added since 10beta1. Some of them are listed below:

• firefox-140.10.1
• gtk+3.0-3.24.52
• kernel-6.18.26
• libreoffice-26.2.3.2
• mesa-26.0.6
• nss-3.123.1
• postgresql18-18.3
• rootcerts-20260412.00
• samba-4.23.7
• systemd-258.7
• thunderbird-140.10.0
• urpmi-8.136

The full lists of included packages can be found in the .idx files for the classical installation media or the .lst files for the live iso images.

However, our packagers have already released more security and other bug fixes after the 10RC1 ISOs were built. Just a few of them are mentioned below:

• kernel-6.18.30-2.mga10
• firefox-140.10.2-1.mga10
• gtk4.0-4.20.4-1.mga10
• glib2.0-2.86.5-1.mga10
• java-*-openjdk
• mariadb-12.2.2-2.mga10
• mutter-49.5-1.mga10
• python3-3.13.13-7.mga10
• sddm-0.21.0-17.mga10
• thunderbird-140.10.2-1.mga10

Please test one or more ISOs and report any issues in our Bugzilla. Note that we are being hammered by AI bots, please be patient if connecting to Bugzilla is difficult.

We did not find shocking problems while testings these ISOs before they were released, we really need you to test them for issues we missed. Some of the less severe issues you might encounter, are listed in the Mageia 10 Errata.

Happy testing!

Publication date: 19 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-6472 , CVE-2026-6473 , CVE-2026-6474 , CVE-2026-6475 , CVE-2026-6476 , CVE-2026-6477 , CVE-2026-6478 , CVE-2026-6479 , CVE-2026-6575 , CVE-2026-6637 , CVE-2026-6638 Description PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege. (CVE-2026-6472) PostgreSQL server undersizes allocations, via integer wraparound. (CVE-2026-6473) PostgreSQL timeofday() can disclose portions of server memory. (CVE-2026-6474) PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice. (CVE-2026-6475) PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory. (CVE-2026-6477) PostgreSQL discloses MD5-hashed passwords via covert timing channel. (CVE-2026-6478) PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion. (CVE-2026-6479) PostgreSQL refint allows stack buffer overflow and SQL injection. (CVE-2026-6637) References

• https://bugs.mageia.org/show_bug.cgi?id=35534
• https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6472
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6473
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6474
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6475
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6476
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6477
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6478
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6479
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6575
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6637
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6638

SRPMS 9/core

• postgresql15-15.18-1.mga9

Publication date: 19 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8368 Description LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects References

• https://bugs.mageia.org/show_bug.cgi?id=35524
• https://www.openwall.com/lists/oss-security/2026/05/12/7
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8368

SRPMS 9/core

• perl-libwww-perl-6.830.0-1.mga9
• perl-HTTP-Message-7.10.0-1.mga9

Publication date: 18 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-8612 Description WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. References

• https://bugs.mageia.org/show_bug.cgi?id=35533
• https://www.openwall.com/lists/oss-security/2026/05/15/1
• https://metacpan.org/release/OALDERS/WWW-Mechanize-Cached-2.00/changes
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8612

SRPMS 9/core

• perl-WWW-Mechanize-Cached-2.0.0-1.mga9
• perl-Path-Tiny-0.150.0-1.mga9
• perl-File-XDG-1.30.0-1.mga9