ALT Linux Team

Branch sisyphus update on 2025-10-07

2025-10-07

ALT-BU-2025-12721-1

Branch sisyphus update bulletin.

ALT-PU-2025-12050-2

Package openssh updated to version 9.6p1-alt5 for branch sisyphus in task 395563.

Closed vulnerabilities

Published: 2025-04-09

BDU:2025-04768

Уязвимость службы sshd средства криптографической защиты OpenSSH, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

Severity: MEDIUM (4.3) Vector: AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
References:
Published: 2025-04-10
Modified: 2025-05-22

CVE-2025-32728

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

Severity: LOW (3.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
References:

Closed bugs

Bug #55742

ssh не подключается к некоторым серверам

ALT-PU-2025-12675-1

Package firsttime-flatpak-mask-openh264 updated to version 0.2.1-alt1 for branch sisyphus in task 396524.

Closed bugs

Bug #56250

Не выполняется скриптом 90-firsttime.sh

ALT-PU-2025-12679-2

Package prometheus-podman-exporter updated to version 1.19.0-alt1 for branch sisyphus in task 396534.

Closed vulnerabilities

Published: 2025-09-18

BDU:2025-11595

Уязвимость языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю повысить свои привилегии

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
References:
Published: 2025-08-12

BDU:2025-11599

Уязвимость языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
Published: 2025-09-18
Modified: 2025-09-19

CVE-2025-47906

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
References:
Published: 2025-09-22
Modified: 2025-09-24

CVE-2025-47910

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
References:

ALT-PU-2025-12695-1

Package yt-dlp updated to version 2025.09.26-alt1 for branch sisyphus in task 396567.

Closed bugs

Bug #56272

Прошу обновить пакет yt-dlp до версии 2025.09.26

ALT-PU-2025-12709-1

Package kernel-image-6.12 updated to version 6.12.51-alt1 for branch sisyphus in task 396555.

Closed bugs

Bug #54887

Включить CONFIG_HID_UNIVERSAL_PIDFF

ALT-PU-2025-12711-1

Package kernel-image-rt updated to version 6.12.51-alt1 for branch sisyphus in task 396556.

Closed bugs

Bug #54887

Включить CONFIG_HID_UNIVERSAL_PIDFF

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top