ALT-BU-2025-4724-1
Branch sisyphus_loongarch64 update bulletin.
Package lynx updated to version 2.9.2-alt2.rel.0 for branch sisyphus_loongarch64.
Closed bugs
lynx некорректно отображает надписи на русском на экране настроек
Package lightdm-kde-greeter updated to version 6.0.2-alt5 for branch sisyphus_loongarch64.
Closed bugs
Не загружается на ARM64
Не виден вводимый логин и пароль на экране входа
Package chromium updated to version 134.0.6998.165-alt0.port for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-04-01
CVE-2025-2476
Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Package istioctl updated to version 1.25.0-alt2 for branch sisyphus_loongarch64.
Closed bugs
Команда 'istioctl version' показывает некорректную версию
Package jetty updated to version 9.4.57-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2024-10117
Уязвимость класса HttpURI контейнера сервлетов Eclipse Jetty, позволяющая нарушителю осуществить SSRF-атаку
Modified: 2025-03-07
CVE-2024-6763
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.