Lector de Feeds

In Mageia/cauldron/i586: A friendly onboarding wizard for Plasma.

In Mageia/cauldron/x86_64: This module implements a GUI for the Wacom Linux Drivers and extends it with profile support to handle different button/pen layouts per profile.

In Mageia/cauldron/i586: This module implements a GUI for the Wacom Linux Drivers and extends it with profile support to handle different button/pen layouts per profile.

In Mageia/cauldron/x86_64: Printer Applet is a system tray utility that shows current print jobs, shows printer warnings and errors and shows when printers that have been plugged in for the first time are being auto-configured by hal-cups-utils.

In Mageia/cauldron/i586: Printer Applet is a system tray utility that shows current print jobs, shows printer warnings and errors and shows when printers that have been plugged in for the first time are being auto-configured by hal-cups-utils.

In Mageia/cauldron/x86_64: The KCM allows changing what permissions have been granted to installed Flatpak applications.

In Mageia/cauldron/i586: The KCM allows changing what permissions have been granted to installed Flatpak applications.

In Mageia/cauldron/x86_64: Plasma Sytem settings module and a KDED module to handle authorization of Thunderbolt devices connected to the computer.

In Mageia/cauldron/i586: Plasma Sytem settings module and a KDED module to handle authorization of Thunderbolt devices connected to the computer.

In Mageia/cauldron/x86_64: Plasma applet and services for creating encrypted vaults.

In Mageia/cauldron/i586: Plasma applet and services for creating encrypted vaults.

In Mageia/cauldron/x86_64: DrKonqi: The KDE Crash Handler.

In Mageia/cauldron/i586: DrKonqi: The KDE Crash Handler.

Publication date: 17 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-42353 Description When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. References

• https://bugs.mageia.org/show_bug.cgi?id=33532
• https://lists.suse.com/pipermail/sle-security-updates/2024-August/019276.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42353

SRPMS 9/core

• python-webob-1.8.8-1.mga9

Publication date: 17 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-20505 , CVE-2024-20506 Description Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition. (CVE-2024-20505) Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. (CVE-2024-20506) References

• https://bugs.mageia.org/show_bug.cgi?id=33561
• https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506

SRPMS 9/core

• clamav-1.0.7-1.mga9

Publication date: 17 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-37151 , CVE-2024-38534 , CVE-2024-38535 , CVE-2024-38536 Description CVE-2024-37151 Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. CVE-2024-38534 Crafted modbus traffic can lead to unlimited resource accumulation within a flow CVE-2024-38535, CVE-2024-38536 Suricata can run out of memory when parsing crafted HTTP/2 traffic. References

• https://bugs.mageia.org/show_bug.cgi?id=33431
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJWELU75TPOICUA2UGNZDY7QQJBB7HYJ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37151
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38534
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38535
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38536

SRPMS 9/core

• suricata-6.0.20-1.mga9

Publication date: 17 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description This updates poedit to the latest upstream release and also wxgtk and icu are updated to make it build. References

• https://bugs.mageia.org/show_bug.cgi?id=33553
• https://poedit.net/news/poedit-3.5-excel-and-blade/

SRPMS 9/core

• poedit-3.5-1.mga9
• wxgtk-3.2.6-1.mga9
• icu-73.2-1.mga9

Katnatek uploaded File:Flag-brazil02.png

New page

Katnatek

Publication date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-3024 Description A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. References

• https://bugs.mageia.org/show_bug.cgi?id=33432
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4BWGIIYEAY4GRICOGIWO26TNMKVEV62/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3024

SRPMS 9/core

• tcpreplay-4.5.1-1.mga9

Publication date: 16 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45751 Description tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. (CVE-2024-45751) References

• https://bugs.mageia.org/show_bug.cgi?id=33545
• https://www.openwall.com/lists/oss-security/2024/09/07/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45751

SRPMS 9/core

• tgt-1.0.85-1.1.mga9