Branch p11 update bulletin.

Package valgrind updated to version 3.24.0-alt2 for branch p11 in task 377657.

Valgrind incompatibility with binutils-2.42 on x86 with new nop patterns (unhandled instruction bytes: 0x2E 0x8D 0x74 0x26)

Package vtk updated to version 9.4.1-alt3 for branch p11 in task 379430.

проблемы упаковки

Ненужные сборочные зависимости

Package libpeas2 updated to version 2.0.7-alt1.1 for branch p11 in task 380897.

[libpeas2] Включить поддержку Vala

Package chromium updated to version 135.0.7049.114-alt0.p11.1 for branch p11 in task 381796.

Published: 2025-04-01

BDU:2025-03989

Уязвимость компонента Custom Tabs браузера Google Chrome, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2025-3067

Published: 2025-04-01

BDU:2025-04006

Уязвимость браузера Google Chrome, связанная с использованием памяти после освобождения, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность данных

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2025-3066

Published: 2025-04-01

BDU:2025-04007

Уязвимость браузера Google Chrome, связанная с ошибками реализации проверки безопасности для стандартных элементов, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2025-3068

Published: 2025-04-01

BDU:2025-04008

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2025-3069

Published: 2025-04-01

BDU:2025-04661

Уязвимость компонента Downloads браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить подмену пользовательского интерфейса

Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

CVE-2025-3074

Published: 2025-04-01

BDU:2025-04663

Уязвимость реализации функции Autofill браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить подмену пользовательского интерфейса

Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

CVE-2025-3073

Published: 2025-04-01

BDU:2025-04665

Уязвимость компонента Custom Tabs браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить подмену пользовательского интерфейса

Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

CVE-2025-3072

Published: 2025-04-01

BDU:2025-04666

Уязвимость компонента Navigations браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

CVE-2025-3071

Published: 2025-04-01

BDU:2025-04668

Уязвимость компонента Extensions браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References:

CVE-2025-3070

Published: 2025-04-15

BDU:2025-04921

Уязвимость интерфейса для подключения периферийных устройств USB браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2025-3620

Published: 2025-04-02
Modified: 2025-04-08

CVE-2025-3066

Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References:

Published: 2025-04-02
Modified: 2025-04-08

CVE-2025-3067

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)

References:

Published: 2025-04-02
Modified: 2025-04-07

CVE-2025-3068

Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

References:

Published: 2025-04-02
Modified: 2025-04-07

CVE-2025-3069

Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

References:

Published: 2025-04-02
Modified: 2025-04-07

CVE-2025-3070

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

References:

Published: 2025-04-02
Modified: 2025-04-21

CVE-2025-3071

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

References:

Published: 2025-04-02
Modified: 2025-04-21

CVE-2025-3072

Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

References:

Published: 2025-04-02
Modified: 2025-04-21

CVE-2025-3073

Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

References:

Published: 2025-04-02
Modified: 2025-04-21

CVE-2025-3074

Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

References:

Published: 2025-04-17
Modified: 2025-04-23

CVE-2025-3619

Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

References:

Published: 2025-04-17
Modified: 2025-04-23

CVE-2025-3620

Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References:

Package nvidia-cuda-toolkit updated to version 12.8.1-alt1 for branch p11 in task 383220.

Обновить до 12.8 или выше

Version 12.8.1

Package alvr updated to version 20.13.0-alt2 for branch p11 in task 383220.

Критическая ошибка запуска SteamVR через ALVR при подключении VR-шлема (Alt Education)

Package freecad updated to version 1.0.0-alt4 for branch p11 in task 379430.

FreeCAD 1.0.0 не работает с модулями

Ошибка при экспорте в форматы OpenSCAD Format, OpenSCAD CSG Format

Ошибка при выборе верстака OpenSCAD

Version: 2.1.1

ALT-BU-2025-6634-1

Closed bugs

Closed bugs

Closed bugs

Closed vulnerabilities

Closed bugs

Closed bugs

Closed bugs