ALT Linux Team

Branch sisyphus update on 2018-09-20

2018-09-20

ALT-BU-2018-3471-3

Branch sisyphus update bulletin.

ALT-PU-2018-2346-1

Package f2fs-tools updated to version 1.11.0-alt1 for branch sisyphus in task 213041.

Closed bugs

Bug #34021

Обновить до 1.9

ALT-PU-2018-2348-1

Package LibreOffice updated to version 6.1.1.2-alt1 for branch sisyphus in task 213089.

Closed bugs

Bug #35135

New version 6.1.0.1

Bug #35171

[PATCH] mipsel support

ALT-PU-2018-2349-1

Package rpm updated to version 4.13.0.1-alt3 for branch sisyphus in task 213219.

Closed bugs

Bug #33190

Новый rpm разучился переводить описание пакета в текущую локаль

ALT-PU-2018-3695-2

Package lasso updated to version 2.6.0-alt1 for branch sisyphus in task 209228.

Closed vulnerabilities

Published: 2026-04-13
Modified: 2026-04-20

BDU:2026-05071

Уязвимость функции g_assert_not_reached() библиотеки Lasso, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2026-04-13
Modified: 2026-04-20

BDU:2026-05074

Уязвимость функции lasso_node_impl_init_from_xml() библиотеки Lasso, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-11-05
Modified: 2025-11-07

CVE-2025-46404

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2025-11-05
Modified: 2025-11-07

CVE-2025-46705

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2025-11-05
Modified: 2025-11-07

CVE-2025-46784

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2025-11-05
Modified: 2025-11-07

CVE-2025-47151

A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top