OpenSSH security flaw fixed   

Posted on July 15, 2024 by Filip Komar

OpenSSH is a set of free software tools enabling secure communications over a computer network using the SSH protocol.

In particular, this tool enables remote server administration.

Recently, researchers demonstrated that under very specific conditions, when establishing a connection using the SSH protocol, a malicious operator could establish the connection without having the necessary rights. This is due to a desynchronization of controls during connection establishment.

This security flaw could compromise the integrity of a server by a malicious third party.

Fortunately, we were able to count on our packaging and quality assurance teams to quickly take this correction into account and distribute it to users. The Mageia team showed as much responsiveness as larger teams such as Debian, Ubuntu or Fedora.

So don’t delay, and don’t forget to update as packages fixed for CVE-2024-6387 was published on 1st of July.

Our responsive teams are always on the lookout for support and manpower to ensure timely updates.

If you’d like to maintain a plurality of distributions and, above all, if you like Mageia for its community and warmth, come and reinforce our packaging, quality assurance and communication teams!

Together, let’s continue to make Mageia a responsive, high-quality, high-performance distribution for many years to come.

If you’d like to join one of our teams, please visit the Mageia contribution page.

Posted in Uncategorized | 1 Comment

Server failure

Posted on April 7, 2024 by papoteur


As you may have noticed, our servers are down. Investigations are underway. The wiki, build system, bug tracker and mirror list are offline. We’ll keep you informed of any developments here.

[Update Monday April 8 at 15:00] The servers have been restarted. This was due to an air-conditioning fault. The site, wiki, bug tracker and mirror list are back. We’re still updating the build system.

Posted in Uncategorized | Tagged , | 1 Comment

Multi Version Support for PHP in Mageia 9

Posted on April 3, 2024 by joselp

We are proud to announce the introduction of multi version support for php in mageia 9.

Now php 8.3 can be installed in parallel to the existing php 8.2 packages. Due to this, we also update the pecl packages as they would interfere with the process.
Please note, that the default configuration is used by both versions. In order to prevent warnings, all packages from php 8.2 have to be installed for php 8.3 too.

Update notice:
If you have installed php 8.2, and want to install the same packages, use

rpm -qa '*php*' --qf '%{name}\n'|sed 's/php/php8.3/'|\
xargs urpmi --auto

Remember that for the command to work you must have backports repositories enabled.

List of package that are available in 9/core/backports

apache-mod_php8.3-8.3.4-4.mga9
php-latest-8.3.4-4.mga9
php8.3-amqp-2.1.1-2.mga9
php8.3-apcu-5.1.23-5.mga9
php8.3-apcu-admin-5.1.23-5.mga9
php8.3-ast-1.1.1-2.mga9
php8.3-bcmath-8.3.4-4.mga9
php8.3-bitset-3.0.1-18.mga9
php8.3-bz2-8.3.4-4.mga9
php8.3-calendar-8.3.4-4.mga9
php8.3-cgi-8.3.4-4.mga9
php8.3-cli-8.3.4-4.mga9
php8.3-ctype-8.3.4-4.mga9
php8.3-curl-8.3.4-4.mga9
php8.3-dba-8.3.4-4.mga9
php8.3-dbase-7.0.1-13.mga9
php8.3-devel-8.3.4-4.mga9
php8.3-dio-0.2.1-8.mga9
php8.3-doc-8.3.4-4.mga9
php8.3-dom-8.3.4-4.mga9
php8.3-ds-1.5.0-2.mga9
php8.3-enchant-8.3.4-4.mga9
php8.3-event-3.1.0-2.mga9
php8.3-exif-8.3.4-4.mga9
php8.3-expect-0.4.0-10.mga9
php8.3-fileinfo-8.3.4-4.mga9
php8.3-filter-8.3.4-4.mga9
php8.3-fpm-8.3.4-4.mga9
php8.3-fpm-apache-8.3.4-4.mga9
php8.3-fpm-nginx-8.3.4-4.mga9
php8.3-ftp-8.3.4-4.mga9
php8.3-gd-8.3.4-4.mga9
php8.3-gender-1.1.0-21.mga9
php8.3-gettext-8.3.4-4.mga9
php8.3-gmagick-2.0.6-0.RC1.9.mga9
php8.3-gmp-8.3.4-4.mga9
php8.3-gnupg-1.5.1-8.mga9
php8.3-iconv-8.3.4-4.mga9
php8.3-igbinary-3.2.15-2.mga9
php8.3-imagick-3.7.0-10.mga9
php8.3-imap-8.3.4-4.mga9
php8.3-ini-8.3.4-4.mga9
php8.3-inotify-3.0.0-9.mga9
php8.3-intl-8.3.4-4.mga9
php8.3-jsmin-3.0.0-19.mga9
php8.3-ldap-8.3.4-4.mga9
php8.3-mailparse-3.1.6-3.mga9
php8.3-mbstring-8.3.4-4.mga9
php8.3-mcrypt-1.0.7-2.mga9
php8.3-memcached-3.2.0-6.mga9
php8.3-mongodb-1.17.2-2.mga9
php8.3-msgpack-2.2.0-4.mga9
php8.3-mysqli-8.3.4-4.mga9
php8.3-mysqlnd-8.3.4-4.mga9
php8.3-odbc-8.3.4-4.mga9
php8.3-opcache-8.3.4-4.mga9
php8.3-openssl-8.3.4-4.mga9
php8.3-pcntl-8.3.4-4.mga9
php8.3-pdo-8.3.4-4.mga9
php8.3-pdo_dblib-8.3.4-4.mga9
php8.3-pdo_firebird-8.3.4-4.mga9
php8.3-pdo_mysql-8.3.4-4.mga9
php8.3-pdo_odbc-8.3.4-4.mga9
php8.3-pdo_pgsql-8.3.4-4.mga9
php8.3-pdo_sqlite-8.3.4-4.mga9
php8.3-pear-1.10.14-3.mga9
php8.3-pgsql-8.3.4-4.mga9
php8.3-phar-8.3.4-4.mga9
php8.3-posix-8.3.4-4.mga9
php8.3-pspell-1.0.1-2.mga9
php8.3-raphf-2.0.1-9.mga9
php8.3-readline-8.3.4-4.mga9
php8.3-redis-6.0.2-2.mga9
php8.3-rrd-2.0.3-9.mga9
php8.3-session-8.3.4-4.mga9
php8.3-shmop-8.3.4-4.mga9
php8.3-snmp-8.3.4-4.mga9
php8.3-soap-8.3.4-4.mga9
php8.3-sockets-8.3.4-4.mga9
php8.3-sodium-8.3.4-4.mga9
php8.3-sqlite3-8.3.4-4.mga9
php8.3-ssh2-1.4-3.mga9
php8.3-sysvmsg-8.3.4-4.mga9
php8.3-sysvsem-8.3.4-4.mga9
php8.3-sysvshm-8.3.4-4.mga9
php8.3-tidy-8.3.4-4.mga9
php8.3-tokenizer-8.3.4-4.mga9
php8.3-translit-0.7.1-10.mga9
php8.3-uuid-1.2.0-10.mga9
php8.3-xattr-1.4.0-11.mga9
php8.3-xdebug-3.3.1-2.mga9
php8.3-xmlreader-8.3.4-4.mga9
php8.3-xmlwriter-8.3.4-4.mga9
php8.3-xsl-8.3.4-4.mga9
php8.3-yaml-2.2.3-3.mga9
php8.3-zip-8.3.4-4.mga9
php8.3-zlib-8.3.4-4.mga9
php8.3-zstd-0.13.1-2.mga9
phpdbg8.3-8.3.4-4.mga9

SRPMS:
php-8.3.4-4.mga9.src.rpm
php-amqp-2.1.1-2.mga9.src.rpm
php-apcu-5.1.23-5.mga9.src.rpm
php-ast-1.1.1-2.mga9.src.rpm
php-bitset-3.0.1-18.mga9.src.rpm
php-dbase-7.0.1-13.mga9.src.rpm
php-dio-0.2.1-8.mga9.src.rpm
php-ds-1.5.0-2.mga9.src.rpm
php-event-3.1.0-2.mga9.src.rpm
php-expect-0.4.0-10.mga9.src.rpm
php-gender-1.1.0-21.mga9.src.rpm
php-gmagick-2.0.6-0.RC1.9.mga9.src.rpm
php-gnupg-1.5.1-8.mga9.src.rpm
php-igbinary-3.2.15-2.mga9.src.rpm
php-imagick-3.7.0-10.mga9.src.rpm
php-inotify-3.0.0-9.mga9.src.rpm
php-jsmin-3.0.0-19.mga9.src.rpm
php-mailparse-3.1.6-3.mga9.src.rpm
php-mcrypt-1.0.7-2.mga9.src.rpm
php-memcached-3.2.0-6.mga9.src.rpm
php-mongodb-1.17.2-2.mga9.src.rpm
php-msgpack-2.2.0-4.mga9.src.rpm
php-pear-1.10.14-3.mga9.src.rpm
php-pspell-1.0.1-2.mga9.src.rpm
php-raphf-2.0.1-9.mga9.src.rpm
php-redis-6.0.2-2.mga9.src.rpm
php-rrd-2.0.3-9.mga9.src.rpm
php-ssh2-1.4-3.mga9.src.rpm
php-translit-0.7.1-10.mga9.src.rpm
php-uuid-1.2.0-10.mga9.src.rpm
php-xattr-1.4.0-11.mga9.src.rpm
php-xdebug-3.3.1-2.mga9.src.rpm
php-yaml-2.2.3-3.mga9.src.rpm
php-zstd-0.13.1-2.mga9.src.rpm

We will announce on backports-announce@ml.mageia.org when new backports are available for testing and when they be promoted to backports repository, We are still tuning the process and the format for the announces.

Let us know what you think.

P.S: Some corrections received were applied to the suggested command to install the php 8.3 packages from the php 8.2 packages installed on your system.

Posted in Uncategorized | 6 Comments

Problems with servers

Posted on April 3, 2024 by joselp

http://distrib-coffee.ipsl.jussieu.fr/pub/linux/Mageia is not synchronized, and several of the servers use it as a source for synchronization.
We recommend setting up a custom server to urpmi or dnf .

Keep an eye on this article and the page https://mirrors.mageia.org/status.

Posted in Uncategorized | 1 Comment

About backdoor security alert for xz

Posted on March 30, 2024 by papoteur

You may have been alerted by the announcement that the xz software has been modified to introduce a backdoor (CVE-2024-3094).

This software is a file compression utility. It is widely used in Mageia, since RPM packages are compressed using this utility.

The alert concerns versions 5.6.0 and 5.6.1 of the software. Mageia does not use and has never used these versions. Mageia users therefore have no particular action to take.

Posted in Uncategorized | Tagged | Comments Off on About backdoor security alert for xz