ALT-BU-2025-15448-1
Branch sisyphus_riscv64 update bulletin.
Package gnome-software updated to version 49.2-alt1.2 for branch sisyphus_riscv64.
Closed bugs
GNOME Software неправильно помечает основной репозитории как "третьи лица"
Менеджер приложений сообщает While opening repository /home/asa/.local/share/flatpak/repo: opening repo: No system installations found
Package alterator-l10n updated to version 2.9.175-alt1 for branch sisyphus_riscv64.
Closed bugs
В списке часовых поясов присутствуют некорректно переведенные локации и дубликаты
Package alterator-update-kernel updated to version 1.6-alt1 for branch sisyphus_riscv64.
Closed bugs
После обновления VirtualBox Альтератор не обновляет kernel-modules-virtualbox, VM не стартуют
Package byedpi updated to version 0.17.3-alt1 for branch sisyphus_riscv64.
Closed bugs
Обновление byedpi
Package quickshell updated to version 0.2.1-alt2 for branch sisyphus_riscv64.
Closed bugs
Зависимости на qt6-declarative и qt6-wayland
Package apache2 updated to version 2.4.66-alt1 for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2025-12-10
CVE-2025-55753
An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Modified: 2025-12-08
CVE-2025-58098
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Modified: 2025-12-10
CVE-2025-59775
Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Modified: 2025-12-10
CVE-2025-65082
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.
Modified: 2025-12-10
CVE-2025-66200
mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Closed bugs
[FR] Предлагается изменить дефолтное содержимое конфигурационного файла /etc/httpd2/conf/sites-available/default_https.conf