ALT-BU-2025-7604-1
Branch sisyphus update bulletin.
Package LibreOffice updated to version 25.2.3.2-alt1 for branch sisyphus in task 385136.
Closed vulnerabilities
BDU:2025-05910
Уязвимость пакета офисных программ LibreOffice, связанная с некорректной проверкой криптографической подписи, позволяющая нарушителю подделывать цифровые подписи
Modified: 2025-07-03
CVE-2025-2866
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid This issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before < 25.2.2.
Closed bugs
Скрыть значок запуска
Package python3-module-setuptools_rust updated to version 1.11.1-alt2 for branch sisyphus in task 385716.
Closed bugs
missing dependency on rust toolchain
Closed vulnerabilities
BDU:2024-07431
Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с вставкой конфиденциальной информации в файл журнала, позволяющая нарушителю получить доступ к конфиденциальной информации
Modified: 2024-09-04
CVE-2024-8365
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.
Closed vulnerabilities
Modified: 2025-04-01
CVE-2025-2588
A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Package gst-plugins-base1.0 updated to version 1.26.2-alt1 for branch sisyphus in task 385715.
Closed vulnerabilities
Modified: 2025-08-12
CVE-2025-47806
In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.
Modified: 2025-08-12
CVE-2025-47807
In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
Package gst-plugins-good1.0 updated to version 1.26.2-alt1 for branch sisyphus in task 385715.
Closed vulnerabilities
Modified: 2025-08-12
CVE-2025-47183
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.
Modified: 2025-08-12
CVE-2025-47219
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
Closed bugs
Дополнительно необходимая утилита opj_decompress называется opj2_decompress в репозитории