Branch p11 update bulletin.

Package u-boot-rockchip updated to version 2025.10-alt1 for branch p11 in task 397455.

Поддержка Powkiddy x35s

Package xkeyboard-config updated to version 2.45-alt3 for branch p11 in task 397499.

xkeyboard-config: new version

Ошибки обновлении с версии xkeyboard-config-1:2.42-alt1 до xkeyboard-config-1:2.45-alt2

Package firefox-esr updated to version 140.5.0-alt1 for branch p11 in task 400131.

Published: 2025-11-11
Modified: 2025-11-19

CVE-2025-13012

Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2025-11-11
Modified: 2025-11-19

CVE-2025-13013

Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2025-11-11
Modified: 2025-11-19

CVE-2025-13014

Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2025-11-11
Modified: 2025-11-19

CVE-2025-13015

Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Firefox ESR < 115.30, Thunderbird < 145, and Thunderbird < 140.5.

Severity: LOW (3.4) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

References:

Published: 2025-11-11
Modified: 2025-11-25

CVE-2025-13016

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2025-11-11
Modified: 2025-11-19

CVE-2025-13017

Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Published: 2025-11-11
Modified: 2025-11-19

CVE-2025-13018

Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Published: 2025-11-11
Modified: 2025-11-19

CVE-2025-13019

Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Published: 2025-11-11
Modified: 2025-11-19

CVE-2025-13020

Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Не предоставляет x-www-browser

Package admc updated to version 0.22.3-alt1 for branch p11 in task 394041.

Сбой программы Kleopatra после действия "Заверить"

Нельзя установить значение 0 для атрибута lockoutTime

Кнопка ОК доступна, если в поле "Имя для входа (до Windows 2000)" установлен пробел (окна создания объектов)

Опечатка в вопросе в окне подтверждения сброса учетной записи

Опечатка в окне ошибки при добавлении телефонных номеров

Нельзя изменить параметры на вкладке Безопасность без помощи мыши

Диалоговые окна при старте не являются модальными

В ADMC нет индикации отключенных компьютеров

Package open-vm-tools updated to version 13.0.5-alt1 for branch p11 in task 400436.

Published: 2025-05-19
Modified: 2025-11-26

BDU:2025-05681

Уязвимость набора утилит VMware Tools, связанная с неверным определением ссылки перед доступом к файлу, позволяющая нарушителю повысить свои привилегии

Severity: MEDIUM (6.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Severity: MEDIUM (5.2) Vector: AV:L/AC:L/Au:S/C:P/I:C/A:N

References:

Published: 2025-10-01
Modified: 2025-12-26

BDU:2025-12421

Уязвимость функции Service Discovery Management Pack (SDMP) инструмента мониторинга виртуальной инфраструктуры VMware Aria Operations и набора утилит VMware Tools, позволяющая нарушителю повысить свои привилегии до уровня root

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: MEDIUM (6.8) Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C

References:

Published: 2025-05-12
Modified: 2025-11-18

CVE-2025-22247

VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

References:

Published: 2025-09-29
Modified: 2025-11-06

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Package alt-mirror-switcher updated to version 0.4.4-alt1 for branch p11 in task 400380.

Добавляется не верный репозиторий, если система была обновлена p11 -> Sisyphus

Package gnome-software updated to version 49.1-alt1 for branch p11 in task 400490.

gnome-software: Убрать зависимость на fwupd

Package token-manager updated to version 5.3-alt1 for branch p11 in task 400513.

No data currently available.

Package mongoose updated to version 7.20-alt1 for branch p11 in task 400576.

Published: 2025-09-29
Modified: 2025-10-16

CVE-2025-51495

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package jsoup updated to version 1.14.3-alt1_7jpp11 for branch p11 in task 400629.

Published: 2023-09-08
Modified: 2024-03-21

BDU:2023-05361

Уязвимость Java-библиотеки анализа, извлечения и управления данными в документах HTML jsoup, связанная с недостатками в обработке исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2021-37714

Published: 2021-08-18
Modified: 2024-11-21

CVE-2021-37714

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.2

ALT-BU-2025-14890-1

Closed bugs

Closed bugs

Closed vulnerabilities

Closed bugs

Closed bugs

Closed vulnerabilities

Closed bugs

Closed bugs

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities