ALT Linux Team

Branch p11 update on 2025-08-29

2025-08-29

ALT-BU-2025-11025-2

Branch p11 update bulletin.

ALT-PU-2025-10850-3

Package chromium updated to version 139.0.7258.138-alt0.p11.1 for branch p11 in task 392851.

Closed vulnerabilities

Published: 2025-08-06
Modified: 2026-03-04

BDU:2025-09421

Уязвимость интерфейса MediaStream браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-08-07
Modified: 2026-03-04

BDU:2025-09454

Уязвимость браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю реализовать спуфинг-атаку или вызвать отказ в обслуживании

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2025-08-07
Modified: 2026-03-04

BDU:2025-09455

Уязвимость элемента управления Разрешения (Permissions) браузера Google Chrome, позволяющая нарушителю выполнить подмену пользовательского интерфейса

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
Published: 2025-08-07
Modified: 2026-03-04

BDU:2025-09456

Уязвимость компонента Extensions (Расширения) браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
Published: 2025-08-07
Modified: 2026-03-04

BDU:2025-09463

Уязвимость компонента Cast (Трансляция) браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
References:
Published: 2025-08-07
Modified: 2026-03-04

BDU:2025-09475

Уязвимость интерфейса chrome.fileSystem браузера Google Chrome, позволяющая нарушителю выполнить подмену пользовательского интерфейса

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
Published: 2025-08-18
Modified: 2026-03-04

BDU:2025-09932

Уязвимость браузера Google Chrome, связанная с ошибками реализации проверки безопасности для стандартных элементов, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: HIGH (8.1)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Severity: CRITICAL (9.4)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:C
References:
Published: 2025-08-18
Modified: 2026-03-04

BDU:2025-09933

Уязвимость браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
References:
Published: 2025-08-18
Modified: 2026-03-04

BDU:2025-09934

Уязвимость браузера Google Chrome, связанная с ошибками реализации проверки безопасности для стандартных элементов, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
Published: 2025-08-22
Modified: 2026-03-04

BDU:2025-10156

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-08-22
Modified: 2026-03-04

BDU:2025-10157

Уязвимость функции free компонента Aura браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-08-22
Modified: 2026-03-04

BDU:2025-10158

Уязвимость компонента File Picker браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
References:
Published: 2025-08-22
Modified: 2026-03-04

BDU:2025-10159

Уязвимость библиотеки libaom браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-08-22
Modified: 2026-03-04

BDU:2025-10160

Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-09-15
Modified: 2026-03-04

BDU:2025-11093

Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2026-01-12
Modified: 2026-01-20

BDU:2026-00271

Уязвимость браузера Google Chrome, связанная с некорректной защитой физических сторонних каналов, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.7)Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
Published: 2025-12-03
Modified: 2025-12-05

CVE-2025-13992

Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.7)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
References:
Published: 2025-07-30
Modified: 2025-08-01

CVE-2025-8292

Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-08-07
Modified: 2025-11-13

CVE-2025-8576

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-08-07
Modified: 2025-08-08

CVE-2025-8577

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
Published: 2025-08-07
Modified: 2025-11-13

CVE-2025-8578

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-08-07
Modified: 2025-08-08

CVE-2025-8579

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
Published: 2025-08-07
Modified: 2025-08-08

CVE-2025-8580

Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
Published: 2025-08-07
Modified: 2025-08-08

CVE-2025-8581

Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
References:
Published: 2025-08-07
Modified: 2025-11-13

CVE-2025-8582

Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
Published: 2025-08-07
Modified: 2025-08-08

CVE-2025-8583

Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
Published: 2025-08-13
Modified: 2025-09-26

CVE-2025-8879

Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-08-13
Modified: 2025-08-14

CVE-2025-8880

Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-08-13
Modified: 2025-08-14

CVE-2025-8881

Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References:
Published: 2025-08-13
Modified: 2026-02-26

CVE-2025-8882

Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-08-13
Modified: 2025-09-26

CVE-2025-8901

Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-08-20
Modified: 2025-08-21

CVE-2025-9132

Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:

ALT-PU-2025-11008-2

Package systray-x updated to version 0.9.11-alt5 for branch p11 in task 393410.

Closed bugs

Bug #55745

systray-x несовместимо с thunderbird

VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top