Lector de Feeds

← Older revision Revision as of 09:51, 1 December 2024 Line 190: Line 190:  | works very well with steam and Proton 8.0-4. | works very well with steam and Proton 8.0-4.  Launch option : DXVK_FRAME_RATE=60 PROTON_USE_WINED3D=1 %command% Launch option : DXVK_FRAME_RATE=60 PROTON_USE_WINED3D=1 %command%  +  +|-  +| style="width: 5%"| [[File:App-accessories.png|25px|center]]  +| The Witcher 2 - Assassins of kings  +| works very well with steam avec proton 9.0-3  +Launch option : PROTON_USE_WINED3D11=1 %command%     |- |- Scroll44

← Older revision Revision as of 08:49, 1 December 2024 Line 188: Line 188:  | marchent très bien avec steam and Proton 8.0-4. | marchent très bien avec steam and Proton 8.0-4.  Option de lancement : DXVK_FRAME_RATE=60 PROTON_USE_WINED3D=1 %command% Option de lancement : DXVK_FRAME_RATE=60 PROTON_USE_WINED3D=1 %command%  +  +|-  +| style="width: 5%"| [[File:App-accessories.png|25px|center]]  +| The Witcher 2 - Assassins of kings  +| marche très bien sur steam avec proton 9.0-3  +Option de lancement : PROTON_USE_WINED3D11=1 %command%     |- |- Scroll44

Publication date: 29 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-52530 , CVE-2024-52531 , CVE-2024-52532 Description GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. (CVE-2024-52530) GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. (CVE-2024-52531) GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. (CVE-2024-52532) References

• https://bugs.mageia.org/show_bug.cgi?id=33765
• https://www.openwall.com/lists/oss-security/2024/11/09/2
• https://www.openwall.com/lists/oss-security/2024/11/12/8
• https://ubuntu.com/security/notices/USN-7126-1
• https://ubuntu.com/security/notices/USN-7127-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52530
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52531
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52532

SRPMS 9/core

• libsoup3-3.4.2-1.1.mga9
• libsoup-2.74.3-1.1.mga9

Publication date: 29 Nov 2024
Type: bugfix
Affected Mageia releases : 9
Description This update fixes a file conflict on installation between lxqt-menu-data and lxqt-panel. References

• https://bugs.mageia.org/show_bug.cgi?id=33813

SRPMS 9/core

• lxqt-menu-data-1.4.1-1.1.mga9

Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-52949 Description The updated package fixes a security vulnerability: CVE-2024-52949. References

• https://bugs.mageia.org/show_bug.cgi?id=33799
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/D6UQOVVH4Y5FENNI3EJA5R7V3JBWCKEK/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52949

SRPMS 9/core

• iptraf-ng-1.2.2-1.mga9

Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-27628 Description A buffer overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. (CVE-2024-27628) References

• https://bugs.mageia.org/show_bug.cgi?id=33798
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/U3LXLFP2Q7LBLGBNWEPO3O2ZZ2JPCYEU/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27628

SRPMS 9/core

• dcmtk-3.6.7-4.2.mga9

Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-52316 , CVE-2024-52318 Description Authentication bypass when using Jakarta Authentication API. (CVE-2024-52316) Incorrect JSP tag recycling leads to XSS. (CVE-2024-52318) References

• https://bugs.mageia.org/show_bug.cgi?id=33781
• https://www.openwall.com/lists/oss-security/2024/11/18/2
• https://www.openwall.com/lists/oss-security/2024/11/18/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52316
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52318

SRPMS 9/core

• tomcat-9.0.97-1.mga9

Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10524 Description Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. (CVE-2024-10524) References

• https://bugs.mageia.org/show_bug.cgi?id=33780
• https://www.openwall.com/lists/oss-security/2024/11/18/6
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10524

SRPMS 9/core

• wget-1.21.4-1.2.mga9

Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-21853 , CVE-2024-23918 , CVE-2024-21820 Description Improper Finite State Machines (FSMs) in the Hardware logic in some 4th and 5th Generation Intel® Xeon® Processors may allow an authorized user to potentially enable denial of service via local access. (CVE-2024-21853) Improper conditions check in some Intel® Xeon® processor memory controller configurations when using Intel® SGX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-23918) Incorrect default permissions in some Intel® Xeon® processor memory controller configurations when using Intel® SGX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2024-21820) References

• https://bugs.mageia.org/show_bug.cgi?id=33770
• https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20241112
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21853
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23918
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21820

SRPMS 9/nonfree

• microcode-0.20241112-1.mga9.nonfree

Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34155 , CVE-2024-34156 , CVE-2024-34158 Description Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.CVE-2024-34158 References

• https://bugs.mageia.org/show_bug.cgi?id=33526
• https://www.openwall.com/lists/oss-security/2024/09/05/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158

SRPMS 9/core

• golang-1.22.9-1.mga9

Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-8932 , CVE-2024-8929 , CVE-2024-11236 , CVE-2024-11233 , CVE-2024-11234 Description Some heap errors, segmentation faults and security vulnerabilities have been found and corrected. It is advised to install this update. References

• https://bugs.mageia.org/show_bug.cgi?id=33793
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8932
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8929
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11236
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11233
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11234

SRPMS 9/core

• php-8.2.26-1.mga9

Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-40889 , CVE-2023-40890 Description A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. CVE-2023-40889 A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. CVE-2023-40890 References

• https://bugs.mageia.org/show_bug.cgi?id=33790
• https://ubuntu.com/security/notices/USN-7118-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40889
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40890

SRPMS 9/core

• zbar-0.23.93-1.mga9

Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-50612 Description libsndfile suffers from an out-of-bounds read in ogg_vorbis.c vorbis_analysis_wrote. References

• https://bugs.mageia.org/show_bug.cgi?id=33789
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PYXWUCWTDAITTQHM72BGA2ENVXC7G5M/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50612

SRPMS 9/core

• libsndfile-1.2.0-3.2.mga9

Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10976 , CVE-2024-10977 , CVE-2024-10978 , CVE-2024-10979 Description PostgreSQL row security below e.g. subqueries disregards user ID changes. (CVE-2024-10976) PostgreSQL libpq retains an error message from man-in-the-middle. (CVE-2024-10977) PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID. (CVE-2024-10978) PostgreSQL PL/Perl environment variable changes execute arbitrary code. (CVE-2024-10979) References

• https://bugs.mageia.org/show_bug.cgi?id=33779
• https://www.postgresql.org/about/news/postgresql-171-165-159-1414-1317-and-1221-released-2955/
• https://www.postgresql.org/about/news/postgresql-172-166-1510-1415-1318-and-1222-released-2965/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10976
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10977
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10978
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10979

SRPMS 9/core

• postgresql15-15.10-1.mga9
• postgresql13-13.18-1.mga9

Publication date: 27 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-38517 Description Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege. (CVE-2024-38517) References

• https://bugs.mageia.org/show_bug.cgi?id=33803
• https://ubuntu.com/security/notices/USN-7125-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38517

SRPMS 9/core

• rapidjson-1.1.0-6.1.mga9

Add pt-BR

← Older revision Revision as of 17:39, 27 November 2024 Line 2: Line 2:  [[Category:Howtos]] [[Category:Howtos]]    −{{multi_language_banner|[[Flatpak-de|Deutsch]] ; [[Flatpak|English]] ; [[Flatpak-es|Español]]; [[Flatpak-fr|Français]] ; [[Flatpak-nl|Nederlands]] ;}}+{{multi_language_banner|[[Flatpak-de|Deutsch]] ; [[Flatpak|English]] ; [[Flatpak-es|Español]]; [[Flatpak-fr|Français]] ; [[Flatpak-nl|Nederlands]] ; [[Flatpak_pt-BR|Português (Brasil)]] ;}}     {{introduction|{{prog|Flatpak}} is one way to get access to many more applications than are packaged by Mageia - even though we have quite a few already.  For even more ways, see [[Ways to install programs]].}} {{introduction|{{prog|Flatpak}} is one way to get access to many more applications than are packaged by Mageia - even though we have quite a few already.  For even more ways, see [[Ways to install programs]].}} Xgrind