Branch p11 update bulletin.

Package openfortivpn updated to version 1.22.1-alt1 for branch p11 in task 368541.

shell error on ip show route

Package parole updated to version 4.18.2-alt1 for branch p11 in task 368590.

Не работает функция "Сохранить список воспроизведения" в parole.

Не работает ползунок громкости

Не применяются настройки в Parole

Package firefox-esr updated to version 128.6.0-alt1 for branch p11 in task 369303.

Published: 2025-01-07

BDU:2025-00154

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с использованием памяти после ее освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2025-01-07

BDU:2025-00156

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References:

Published: 2025-01-07
Modified: 2025-04-03

CVE-2025-0237

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

References:

Published: 2025-01-07
Modified: 2025-04-03

CVE-2025-0238

Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.

References:

Published: 2025-01-07
Modified: 2025-04-03

CVE-2025-0239

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

References:

Published: 2025-01-07
Modified: 2025-04-03

CVE-2025-0240

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

References:

Published: 2025-01-07
Modified: 2025-04-03

CVE-2025-0241

When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

References:

Published: 2025-01-07
Modified: 2025-04-03

CVE-2025-0242

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.

References:

Published: 2025-01-07
Modified: 2025-04-03

CVE-2025-0243

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

References:

Package dnsmasq updated to version 2.90-alt3 for branch p11 in task 369414.

Необходимо собрать с dbus для работы SDN выдачи ip адресов для контейнеров и виртуальных машин

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla

Version: 2.1.0