ALT-BU-2025-13488-1
Branch p11 update bulletin.
Package vokoscreenNG updated to version 4.7.0-alt2 for branch p11 in task 396079.
Closed bugs
Вылет программы после нажатия кнопки "Воспроизвести"
Package postgresql16-repmgr updated to version 5.5.0-alt4 for branch p11 in task 397434.
Closed bugs
Ошибка 'Unit file does not exist' при установке/обновлении пакета
Package postgresql13-repmgr updated to version 5.5.0-alt4 for branch p11 in task 397434.
Closed bugs
Ошибка 'Unit file does not exist' при установке/обновлении пакета
Package postgresql17-repmgr updated to version 5.5.0-alt4 for branch p11 in task 397434.
Closed bugs
Ошибка 'Unit file does not exist' при установке/обновлении пакета
Package postgresql15-repmgr updated to version 5.5.0-alt4 for branch p11 in task 397434.
Closed bugs
Ошибка 'Unit file does not exist' при установке/обновлении пакета
Package postgresql14-repmgr updated to version 5.5.0-alt4 for branch p11 in task 397434.
Closed bugs
Ошибка 'Unit file does not exist' при установке/обновлении пакета
Package ansible-core updated to version 2.19.3-alt1 for branch p11 in task 393412.
Closed bugs
ansible-core: ошибка при вызове модуля package_facts
Closed bugs
interface 'kde_output_device_v2' has no event 27
Package branding-simply-linux updated to version 11.0.900-alt1 for branch p11 in task 397789.
Closed bugs
branding-simply-linux: system-logo.png является симлинком
Closed vulnerabilities
Modified: 2025-11-06
CVE-2025-11411
NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible poisonous effect by injecting NS RRSets (and possibly their respective address records) in a reply. This could be done for example by trying to spoof a packet or fragmentation attacks. Unbound would then proceed to update the NS RRSet data it already has since the new data has enough trust for it, i.e., in-zone data for the delegation point. Unbound 1.24.1 includes a fix that scrubs unsolicited NS RRSets (and their respective address records) from replies mitigating the possible poison effect.