Actualizaciones de Seguridad
MGAA-2024-0191 - Updated attract package fixes lacking curl support
Publication date: 06 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description Attract was compiled without libcurl. This update fixes the issue, enabling downloads. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Attract was compiled without libcurl. This update fixes the issue, enabling downloads. References SRPMS 9/core
- attract-2.7.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0190 - Updated php packages fix bugs
Publication date: 03 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description Many bugfixes, memory leaks (network, enum) and segfaults have been fixed. See the official changelog for more details. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Many bugfixes, memory leaks (network, enum) and segfaults have been fixed. See the official changelog for more details. References SRPMS 9/core
- php-8.2.23-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0189 - Updated kodi packages fix bugs
Publication date: 31 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description Kodi has been updated to version 20.4 as a general bug fix release. References
Type: bugfix
Affected Mageia releases : 9
Description Kodi has been updated to version 20.4 as a general bug fix release. References
- https://bugs.mageia.org/show_bug.cgi?id=32889
- https://kodi.tv/article/kodi-20-4-nexus-release/
- https://kodi.tv/article/kodi-20-3-nexus-release/
- kodi-20.4-1.1.mga9.tainted
- kodi-20.4-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0282 - Updated nodejs & yarnpkg packages fix security vulnerabilities
Publication date: 28 Aug 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-22020 , CVE-2024-36137 , CVE-2024-36138 , CVE-2024-22018 , CVE-2024-37372 Description Nodejs 22 is the new active LTS branch and 5 CVE are fixed. CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High) CVE-2024-22020 - Bypass network import restriction via data URL (Medium) CVE-2024-22018 - fs.lstat bypasses permission model (Low) CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low) CVE-2024-37372 - Permission model improperly processes UNC paths (Low) yarn package is updated with npm 10.8.2 References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-22020 , CVE-2024-36137 , CVE-2024-36138 , CVE-2024-22018 , CVE-2024-37372 Description Nodejs 22 is the new active LTS branch and 5 CVE are fixed. CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High) CVE-2024-22020 - Bypass network import restriction via data URL (Medium) CVE-2024-22018 - fs.lstat bypasses permission model (Low) CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low) CVE-2024-37372 - Permission model improperly processes UNC paths (Low) yarn package is updated with npm 10.8.2 References
- https://bugs.mageia.org/show_bug.cgi?id=33415
- https://github.com/nodejs/node/releases/tag/v22.6.0
- https://github.com/nodejs/node/releases/tag/v22.5.1
- https://github.com/nodejs/node/releases/tag/v22.5.0
- https://github.com/nodejs/node/releases/tag/v22.4.1
- https://github.com/nodejs/node/releases/tag/v22.3.0
- https://github.com/nodejs/node/releases/tag/v22.2.0
- https://github.com/nodejs/node/releases/tag/v22.1.0
- https://github.com/nodejs/node/releases/tag/v22.0.0
- https://github.com/yarnpkg/yarn/releases/tag/v1.22.22
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22020
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36137
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22018
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37372
- nodejs-22.6.0-1.mga9
- yarnpkg-1.22.22-0.10.8.2.1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0188 - Updated emacs packages fix bug
Publication date: 28 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description Using the KDE Plasma desktop emacs toolbar displays text buttons instead of icon ones. This only happen when launched in Plasma. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Using the KDE Plasma desktop emacs toolbar displays text buttons instead of icon ones. This only happen when launched in Plasma. References SRPMS 9/core
- emacs-29.4-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0187 - Updated rawtherapee packages fix bugs
Publication date: 28 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description Since the current version available in Mageia, upstream fixed bugs and made enhancements. See the references. References
Type: bugfix
Affected Mageia releases : 9
Description Since the current version available in Mageia, upstream fixed bugs and made enhancements. See the references. References
- https://bugs.mageia.org/show_bug.cgi?id=33490
- https://raw.githubusercontent.com/Beep6581/RawTherapee/5.11/RELEASE_NOTES.txt
- https://raw.githubusercontent.com/Beep6581/RawTherapee/5.10/RELEASE_NOTES.txt
- rawtherapee-5.11-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0186 - Updated systemd packages fix bugs
Publication date: 24 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description SystemD has been updated as a general bug fix release. References
Type: bugfix
Affected Mageia releases : 9
Description SystemD has been updated as a general bug fix release. References
- https://bugs.mageia.org/show_bug.cgi?id=33477
- https://github.com/systemd/systemd-stable/compare/v253.16...v253.24
- systemd-253.24-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0185 - Updated qbittorrent packages fix bugs
Publication date: 23 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description qBittorrent has been updated to keep up with new technology and changes along with bug fixes. References
Type: bugfix
Affected Mageia releases : 9
Description qBittorrent has been updated to keep up with new technology and changes along with bug fixes. References
- https://bugs.mageia.org/show_bug.cgi?id=33479
- https://www.qbittorrent.org/news#sun-aug-18th-2024---qbittorrent-v4.6.6-and-v5.0.0rc1-releases
- qbittorrent-4.6.6-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0184 - Updated haproxy package fixes some bugs
Publication date: 22 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description Haproxy has three major, few medium and few minor bugs fixed in last upstream version 2.8.10 of branch 2.8 Fixed major bug list: - connection: fix server used_conns with H2 + reuse safe - quic: Crash with TLS_AES_128_CCM_SHA256 (libressl only) - server: do not delete srv referenced by session Fixed medium bug list: - applet: Fix applet API to put input data in a buffer - cache: Vary not working properly on anything other than accept-encoding - config: prevent communication with privileged ports - evports: do not clear returned events list on signal - fd: prevent memory waste in fdtab array - grpc: Fix several unaligned 32/64 bits accesses - h1: Reject CONNECT request if the target has a scheme - http-ana: Deliver 502 on keep-alive for fressh server connection - http_ana: ignore NTLM for reuse aggressive/always and no H1 - htx: mark htx_sl as packed since it may be realigned - mux-quic: Create sedesc in same time of the QUIC stream - peers: Fix exit condition when max-updates-at-once is reached - peers/trace: fix crash when listing event types - quic: don't blindly rely on unaligned accesses - quic: fix connection freeze on post handshake - quic_tls: prevent LibreSSL < 4.0 from negotiating CHACHA20_POLY1305 - server: fix dynamic servers initial settings - spoe: Always retry when an applet fails to send a frame - ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration - stconn: Don't forward channel data if input data must be filtered - stick-tables: properly mark stktable_data as packed References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description Haproxy has three major, few medium and few minor bugs fixed in last upstream version 2.8.10 of branch 2.8 Fixed major bug list: - connection: fix server used_conns with H2 + reuse safe - quic: Crash with TLS_AES_128_CCM_SHA256 (libressl only) - server: do not delete srv referenced by session Fixed medium bug list: - applet: Fix applet API to put input data in a buffer - cache: Vary not working properly on anything other than accept-encoding - config: prevent communication with privileged ports - evports: do not clear returned events list on signal - fd: prevent memory waste in fdtab array - grpc: Fix several unaligned 32/64 bits accesses - h1: Reject CONNECT request if the target has a scheme - http-ana: Deliver 502 on keep-alive for fressh server connection - http_ana: ignore NTLM for reuse aggressive/always and no H1 - htx: mark htx_sl as packed since it may be realigned - mux-quic: Create sedesc in same time of the QUIC stream - peers: Fix exit condition when max-updates-at-once is reached - peers/trace: fix crash when listing event types - quic: don't blindly rely on unaligned accesses - quic: fix connection freeze on post handshake - quic_tls: prevent LibreSSL < 4.0 from negotiating CHACHA20_POLY1305 - server: fix dynamic servers initial settings - spoe: Always retry when an applet fails to send a frame - ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration - stconn: Don't forward channel data if input data must be filtered - stick-tables: properly mark stktable_data as packed References SRPMS 9/core
- haproxy-2.8.10-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0281 - Updated quictls packages fix security vulnerabilities
Publication date: 19 Aug 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-5535 , CVE-2024-4741 , CVE-2024-4603 , CVE-2024-2511 , CVE-2024-0727 , CVE-2023-6237 , CVE-2023-6129 , CVE-2023-5678 Description The updated packages fix security vulnerabilities References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-5535 , CVE-2024-4741 , CVE-2024-4603 , CVE-2024-2511 , CVE-2024-0727 , CVE-2023-6237 , CVE-2023-6129 , CVE-2023-5678 Description The updated packages fix security vulnerabilities References
- https://bugs.mageia.org/show_bug.cgi?id=33468
- https://openssl-library.org/news/vulnerabilities-3.0/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5535
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4741
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4603
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2511
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678
- quictls-3.0.14-1.1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0183 - Updated mariadb packages fix bugs
Publication date: 19 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description InnoDB: - Some locking issues have been fixed - Perfomance was low on special queries Spider: - many crashes have been fixed Partitioning: - Some errors fixed Optimizer: - some crashes have been fixed - on some conditional queries, it now runs faster References
Type: bugfix
Affected Mageia releases : 9
Description InnoDB: - Some locking issues have been fixed - Perfomance was low on special queries Spider: - many crashes have been fixed Partitioning: - Some errors fixed Optimizer: - some crashes have been fixed - on some conditional queries, it now runs faster References
- https://bugs.mageia.org/show_bug.cgi?id=33470
- https://mariadb.com/kb/en/mariadb-10-11-9-release-notes/
- mariadb-10.11.9-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0280 - Updated packages fix security vulnerabilities
Publication date: 17 Aug 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-23184 , CVE-2024-23185 Description CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email. References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-23184 , CVE-2024-23185 Description CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email. References
- https://bugs.mageia.org/show_bug.cgi?id=33466
- https://dovecot.org/mailman3/hyperkitty/list/dovecot-news@dovecot.org/thread/2CSVL56LFPAXVLWMGXEIWZL736PSYHP5/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23184
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23185
- dovecot-2.3.21.1-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0182 - Updated rosegarden packages fix bugs
Publication date: 17 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description Since the current version of rosegarden in Mageia, upstream has fixed several bugs and added some features and enhancements. References
Type: bugfix
Affected Mageia releases : 9
Description Since the current version of rosegarden in Mageia, upstream has fixed several bugs and added some features and enhancements. References
- https://bugs.mageia.org/show_bug.cgi?id=32632
- https://bugs.mageia.org/show_bug.cgi?id=32576
- https://www.rosegardenmusic.com/wiki/dev:22.12
- https://www.rosegardenmusic.com/wiki/dev:22.12.1
- https://www.rosegardenmusic.com/wiki/dev:23.06
- https://www.rosegardenmusic.com/wiki/dev:23.12
- https://www.rosegardenmusic.com/wiki/dev:24.06
- rosegarden-24.06-1.mga9
Categorías: Actualizaciones de Seguridad
MGASA-2024-0279 - Updated roundcubemail packages fix security vulnerabilities
Publication date: 15 Aug 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-42010 , CVE-2024-42009 , CVE-2024-42008 Description Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] References
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-42010 , CVE-2024-42009 , CVE-2024-42008 Description Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] References
- https://bugs.mageia.org/show_bug.cgi?id=33460
- https://github.com/roundcube/roundcubemail/releases/tag/1.6.8
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42010
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008
- roundcubemail-1.6.8-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0181 - Updated yt-dlp packages fix support for sites
Publication date: 15 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description yt-dlp has long since ceased working correctly on many sites including YouTube. This update fixes the reported behavior. References SRPMS 9/core
Type: bugfix
Affected Mageia releases : 9
Description yt-dlp has long since ceased working correctly on many sites including YouTube. This update fixes the reported behavior. References SRPMS 9/core
- yt-dlp-2024.08.06-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0180 - Updated pdfarranger packages fix bugs
Publication date: 15 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description Since the current version in Mageia 9, upstream has fixed some bugs and provided enhancements. References
Type: bugfix
Affected Mageia releases : 9
Description Since the current version in Mageia 9, upstream has fixed some bugs and provided enhancements. References
- https://bugs.mageia.org/show_bug.cgi?id=33465
- https://github.com/pdfarranger/pdfarranger/releases/tag/1.10.0
- https://github.com/pdfarranger/pdfarranger/releases/tag/1.10.1
- https://github.com/pdfarranger/pdfarranger/releases/tag/1.11.0
- pdfarranger-1.11.0-1.mga9
Categorías: Actualizaciones de Seguridad
MGAA-2024-0179 - Updated mscore packages fix bugs
Publication date: 12 Aug 2024
Type: bugfix
Affected Mageia releases : 9
Description Several bugs were fixed and some new features are provided. See the references for more information. References
Type: bugfix
Affected Mageia releases : 9
Description Several bugs were fixed and some new features are provided. See the references for more information. References
- https://bugs.mageia.org/show_bug.cgi?id=32639
- https://github.com/musescore/MuseScore/releases/tag/v4.3.2
- https://github.com/musescore/MuseScore/releases/tag/v4.3.1
- https://github.com/musescore/MuseScore/releases/tag/v4.3.0
- https://github.com/musescore/MuseScore/releases/tag/v4.2.1
- https://github.com/musescore/MuseScore/releases/tag/v4.2.0
- https://github.com/musescore/MuseScore/releases/tag/v4.1.1
- https://github.com/musescore/MuseScore/releases/tag/v4.1.0
- mscore-4.3.2-1.1.mga9
Categorías: Actualizaciones de Seguridad
