ALT-BU-2025-6636-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2025-04-17
CVE-2025-2291
Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password
Package alterator-wizardface updated to version 2.3-alt2 for branch sisyphus in task 383489.
Closed bugs
Удалить подпакет alterator-wizardface-usermode
Package python3-module-imageio updated to version 2.37.0-alt2 for branch sisyphus in task 383649.
Closed bugs
подозрительные зависимости
Closed vulnerabilities
Modified: 2025-05-27
CVE-2025-46802
For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.
Modified: 2025-05-27
CVE-2025-46804
A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0.
CVE-2025-46805
Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.
Package open-vm-tools updated to version 12.5.2-alt1 for branch sisyphus in task 384012.
Closed vulnerabilities
Modified: 2025-05-14
CVE-2025-22247
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.
Package libgweather4.0 updated to version 4.4.4-alt2 for branch sisyphus in task 384014.
Closed bugs
Обновление локаций Российской Федерации