Lector de Feeds

In Mageia/cauldron/x86_64: o Tetris clone using SDL o Sound o Menu o Controls can be redefined o Block preview o Starting level between 0 and 9 o Various backgrounds o HighScores o Nice graphics o Smooth gameplay o Cool effects (transparency, animations) o Two player mode o Two game modes

In Mageia/cauldron/i586: o Tetris clone using SDL o Sound o Menu o Controls can be redefined o Block preview o Starting level between 0 and 9 o Various backgrounds o HighScores o Nice graphics o Smooth gameplay o Cool effects (transparency, animations) o Two player mode o Two game modes

In Mageia/cauldron/i586: Pythran is an ahead of time compiler for a subset of the Python language, with a focus on scientific computing. It takes a Python module annotated with a few interface descriptions and turns it into a native Python module with the same interface, but (hopefully) faster. It is meant to efficiently compile scientific programs, and takes advantage of multi-cores and SIMD instruction units.

In Mageia/cauldron/x86_64: Pythran is an ahead of time compiler for a subset of the Python language, with a focus on scientific computing. It takes a Python module annotated with a few interface descriptions and turns it into a native Python module with the same interface, but (hopefully) faster. It is meant to efficiently compile scientific programs, and takes advantage of multi-cores and SIMD instruction units.

Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-40724 Description Heap-based buffer overflow vulnerability in Assimp allows a local attacker to execute arbitrary code by inputting a specially crafted file into the program. References

• https://bugs.mageia.org/show_bug.cgi?id=33531
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GRHXRZKHWQMKKB7V55J2TDPZAKJSN2BF/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40724

SRPMS 9/core

• assimp-5.2.2-4.1.mga9

Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34062 Description Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable. References

• https://bugs.mageia.org/show_bug.cgi?id=33533
• https://lists.suse.com/pipermail/sle-security-updates/2024-August/019257.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34062

SRPMS 9/core

• python-tqdm-4.64.1-2.1.mga9

Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-47016 Description radare2 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c, causing a crash in r_read_le32 in libr/include/r_endian References

• https://bugs.mageia.org/show_bug.cgi?id=33534
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIWVQC4JNA2JCJ7L3XNZBGYJ52KSQWKC/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47016

SRPMS 9/core

• radare2-5.8.8-1.2.mga9

Publication date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34703 Description An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at most 521 bits. No known workarounds are available. Note that support for explicit encoding of elliptic curve parameters is deprecated in Botan. References

• https://bugs.mageia.org/show_bug.cgi?id=33429
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNLPSUOQTRVMV6WYZLISDVNWVFZEBQR5/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34703

SRPMS 9/core

• botan2-2.19.5-1.mga9

Publication date: 13 Sep 2024
Type: bugfix
Affected Mageia releases : 9
Description The current version of purple-googlechat has started to fail to connect to the service. This update fixes the reported issue. References

• https://bugs.mageia.org/show_bug.cgi?id=33495

SRPMS 9/core

• purple-googlechat-0-1.20240101gitddc118b.mga9

‎Security Team: Fix dead link https://osvdb.org/

← Older revision Revision as of 13:22, 13 September 2024 Line 76: Line 76:  * Monitor security mailing lists and other sources of security information for issues affecting supported releases, as well as Cauldron * Monitor security mailing lists and other sources of security information for issues affecting supported releases, as well as Cauldron  ** https://oss-security.openwall.org/wiki/mailing-lists ** https://oss-security.openwall.org/wiki/mailing-lists −** https://osvdb.org/ (once you have an account, there's an aggregator that will forward you selected vendor's update announcements)+** https://lwn.net/Alerts/  +** https://osv.dev/list  * Open bugs or notify maintainer of issues (as always, a bugzilla entry is something concrete people can work off of and ensures things don't "fall through the cracks") * Open bugs or notify maintainer of issues (as always, a bugzilla entry is something concrete people can work off of and ensures things don't "fall through the cracks")  * Design POC (Proof Of Concept) if necessary/possible to test whether updated build is immune to the issue * Design POC (Proof Of Concept) if necessary/possible to test whether updated build is immune to the issue Ns80

In Mageia/cauldron/x86_64: cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

In Mageia/cauldron/i586: cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

In Mageia/cauldron/x86_64: TDLib (Telegram Database library) is a cross-platform library for building Telegram clients. It can be easily used from almost any programming language.

In Mageia/cauldron/i586: TDLib (Telegram Database library) is a cross-platform library for building Telegram clients. It can be easily used from almost any programming language.

In Mageia/cauldron/x86_64: Thonny is a simple Python IDE with features useful for learning programming.

In Mageia/cauldron/i586: Thonny is a simple Python IDE with features useful for learning programming.

In Mageia/cauldron/x86_64: Qsynth is a fluidsynth GUI front-end application written in C++ around the Qt5 toolkit using Qt Designer. Eventually it may evolve into a softsynth management application allowing the user to control and manage a variety of command line softsynth but for the moment it wraps the excellent FluidSynth.

In Mageia/cauldron/i586: Qsynth is a fluidsynth GUI front-end application written in C++ around the Qt5 toolkit using Qt Designer. Eventually it may evolve into a softsynth management application allowing the user to control and manage a variety of command line softsynth but for the moment it wraps the excellent FluidSynth.

In Mageia/cauldron/x86_64: PHP is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.

In Mageia/cauldron/i586: PHP is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.