ALT Linux Team

Branch p11 update on 2025-09-20

2025-09-20

ALT-BU-2025-11968-1

Branch p11 update bulletin.

ALT-PU-2025-10977-2

Package openssh updated to version 9.6p1-alt4 for branch p11 in task 393372.

Closed bugs

Bug #55694

Настройка OpenSSH доступа по Рутокен MFA

ALT-PU-2025-11098-2

Package altmediawriter updated to version 1.0.10-alt1 for branch p11 in task 389274.

Closed bugs

Bug #54127

Кнопка назад нажимается только с 3-го раза

ALT-PU-2025-11781-2

Package dcmtk updated to version 3.6.9-alt3 for branch p11 in task 394962.

Closed vulnerabilities

Published: 2025-08-31
Modified: 2025-09-05

CVE-2025-9732

A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue.

Severity: MEDIUM (4.3) Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (4.8) Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References:

ALT-PU-2025-11799-2

Package firebird updated to version 4.0.6-alt1 for branch p11 in task 394986.

Closed vulnerabilities

Published: 2025-08-15

BDU:2025-11068

Уязвимость функции xdr_trrq_message модуля protocol.cpp системы управления базами данных «Ред База Данных», позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2025-08-15
Modified: 2025-08-22

CVE-2025-54989

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

Closed bugs

Bug #55658

Для firebird требуется зависимость libicu

Bug #55673

Некорректная настройка fbintl по умолчанию в firebird

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top