ALT-BU-2025-11811-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2025-03638
Уязвимость языка программирования Go, связанная с неправильной проверкой синтаксической корректности ввода, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-05-01
CVE-2025-22868
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
Closed bugs
Нужна зависимость на libayatana-appindicator3-1
Closed vulnerabilities
Modified: 2025-09-05
CVE-2025-9732
A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue.
Package prometheus-podman-exporter updated to version 1.18.1-alt1.1 for branch sisyphus in task 394956.
Closed vulnerabilities
Modified: 2025-08-29
CVE-2025-58058
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn't include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.
Closed vulnerabilities
BDU:2025-11068
Уязвимость функции xdr_trrq_message модуля protocol.cpp системы управления базами данных «Ред База Данных», позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-08-22
CVE-2025-54989
Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.
Closed bugs
Для firebird требуется зависимость libicu
Некорректная настройка fbintl по умолчанию в firebird
Package make-initrd updated to version 2.55.1-alt2 for branch sisyphus in task 394981.
Closed bugs
make-initrd: при загрузке сообщение о невозможности редиректа в /dev/null
Package cpufreq-simple updated to version 1.0.0-alt1 for branch sisyphus in task 394987.
Closed bugs
не стартует управление частотой ЦП при загрузке simply и ws p11