ALT Linux Team

Branch sisyphus_loongarch64 update on 2025-10-06

2025-10-06

ALT-BU-2025-12748-1

Branch sisyphus_loongarch64 update bulletin.

ALT-PU-2025-12744-1

Package firsttime-flatpak-mask-openh264 updated to version 0.2.1-alt1 for branch sisyphus_loongarch64.

Closed bugs

Bug #56250

Не выполняется скриптом 90-firsttime.sh

ALT-PU-2025-12746-1

Package openssh updated to version 9.6p1-alt5 for branch sisyphus_loongarch64.

Closed vulnerabilities

Published: 2025-04-09

BDU:2025-04768

Уязвимость службы sshd средства криптографической защиты OpenSSH, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

Severity: MEDIUM (4.3) Vector: AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
References:
Published: 2025-04-10
Modified: 2025-05-22

CVE-2025-32728

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

Severity: LOW (3.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
References:

Closed bugs

Bug #55742

ssh не подключается к некоторым серверам

ALT-PU-2025-12747-1

Package prometheus-podman-exporter updated to version 1.19.0-alt1 for branch sisyphus_loongarch64.

Closed vulnerabilities

Published: 2025-09-18

BDU:2025-11595

Уязвимость языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю повысить свои привилегии

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Severity: MEDIUM (6.4) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
References:
Published: 2025-08-12

BDU:2025-11599

Уязвимость языка программирования Go, связанная с неправильной проверкой входных данных, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
Published: 2025-09-18
Modified: 2025-09-19

CVE-2025-47906

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
References:
Published: 2025-09-22
Modified: 2025-09-24

CVE-2025-47910

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top