ALT-BU-2025-15422-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2025-12-02
BDU:2025-13926
Уязвимость обработчика HTTP2 сервера приложений Apache Tomcat, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-11-14
CVE-2025-61795
Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.
Closed vulnerabilities
Modified: 2025-12-04
CVE-2025-13630
Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2025-12-04
CVE-2025-13631
Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High)
Modified: 2025-12-04
CVE-2025-13632
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: High)
Modified: 2025-12-04
CVE-2025-13633
Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2025-12-04
CVE-2025-13634
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2025-12-04
CVE-2025-13635
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Modified: 2025-12-04
CVE-2025-13636
Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)
Modified: 2025-12-04
CVE-2025-13637
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low)
Modified: 2025-12-04
CVE-2025-13638
Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Modified: 2025-12-08
CVE-2025-13639
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)
Modified: 2025-12-04
CVE-2025-13640
Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low)
Modified: 2025-12-04
CVE-2025-13720
Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2025-12-04
CVE-2025-13721
Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Package wine-cpcsp_proxy updated to version 0.7.7-alt1 for branch sisyphus in task 401893.
Closed bugs
wine-cpcsp_proxy: поддержка wow64
Package gnome-software updated to version 49.2-alt1.1 for branch sisyphus in task 401902.
Closed bugs
Менеджер приложений сообщает While opening repository /home/asa/.local/share/flatpak/repo: opening repo: No system installations found
Package alterator-l10n updated to version 2.9.175-alt1 for branch sisyphus in task 401905.
Closed bugs
В списке часовых поясов присутствуют некорректно переведенные локации и дубликаты
Package alterator-update-kernel updated to version 1.6-alt1 for branch sisyphus in task 401906.
Closed bugs
После обновления VirtualBox Альтератор не обновляет kernel-modules-virtualbox, VM не стартуют
Package gnome-software updated to version 49.2-alt1.2 for branch sisyphus in task 401925.
Closed bugs
GNOME Software неправильно помечает основной репозитории как "третьи лица"