ALT-BU-2025-16243-1
Branch sisyphus_loongarch64 update bulletin.
Package cherrytree updated to version 1.6.2-alt1 for branch sisyphus_loongarch64.
Closed bugs
Некорректный флаг России в меню выбора языка приложения
Package ca-certificates-digital.gov.ru updated to version 1.3-alt1 for branch sisyphus_loongarch64.
Closed bugs
Минцифры обновила сертификаты в ноябре 2025 г
Package rsync updated to version 3.2.7-alt4 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2025-14729
Уязвимость функции f_name() утилиты для передачи и синхронизации файлов Rsync, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-11-19
CVE-2025-10158
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.
Closed bugs
Собран без поддержки IPv6
Собрать с поддержкой SIMD-roll
Package php8.1 updated to version 8.1.34-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-12-29
CVE-2025-14177
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
Modified: 2025-12-29
CVE-2025-14178
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.
Modified: 2025-12-29
CVE-2025-14180
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.