ALT-BU-2025-16091-1
Branch sisyphus_loongarch64 update bulletin.
Package nextcloud-client updated to version 4.0.4-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-12-09
CVE-2025-66549
Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This vulnerability is fixed in 3.16.5.
Closed bugs
Собрать свежую версию Nextcloud-client и зависимые пакеты для gnome
Package xpdf updated to version 4.06-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2025-11543
Уязвимость компонента DCTStream программного обеспечения для просмотра PDF Xpdf, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-13375
Уязвимость функции PostScript программного обеспечения для просмотра PDF-файлов Xpdf, позволяющая нарушителю выполнить произвольный код
Modified: 2025-01-29
CVE-2024-2971
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.
Modified: 2025-01-29
CVE-2024-3247
In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.
Modified: 2025-01-29
CVE-2024-3248
In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.
Modified: 2025-01-29
CVE-2024-3900
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.
Modified: 2025-01-29
CVE-2024-4141
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.
Modified: 2025-01-29
CVE-2024-4568
In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.
Modified: 2025-01-29
CVE-2024-4976
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.
Modified: 2024-08-20
CVE-2024-7866
In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.
Modified: 2024-08-28
CVE-2024-7867
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.
Modified: 2025-10-06
CVE-2024-7868
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.
Modified: 2025-10-21
CVE-2025-11896
In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow.
Modified: 2025-10-06
CVE-2025-2574
Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code.
Modified: 2025-04-07
CVE-2025-3154
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary.
Package linstor updated to version 1.33.0-alt2 for branch sisyphus_loongarch64.
Closed bugs
Ошибка 'JAVA_HOME is not set' при установке пакета linstor-controller