ALT Linux Team

Branch p11 update on 2025-06-25

2025-06-25

ALT-BU-2025-8488-1

Branch p11 update bulletin.

ALT-PU-2025-6930-3

Package alt-gaming updated to version 0.0.8-alt1 for branch p11 in task 384485.

Closed bugs

Bug #53908

alt-gaming-alive-timeout doesn't work

ALT-PU-2025-7807-3

Package curl updated to version 8.14.1-alt1 for branch p11 in task 386330.

Closed vulnerabilities

Published: 2025-06-07
Modified: 2025-07-30

CVE-2025-5399

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS libcurl-using application.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2025-8113-2

Package yelp updated to version 42.3-alt1 for branch p11 in task 387279.

Closed vulnerabilities

Published: 2024-12-25

BDU:2025-03944

Уязвимость справочной системы Yelp, связанная с включением функций из недостоверной контролируемой области при обработке документов с использованием схемы ghelp, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и выполнить произвольный код

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
References:
Published: 2025-04-03
Modified: 2025-08-12

CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

Severity: HIGH (7.4) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
References:

ALT-PU-2025-8115-2

Package yelp-xsl updated to version 42.4-alt1 for branch p11 in task 387279.

Closed vulnerabilities

Published: 2024-12-25

BDU:2025-03944

Уязвимость справочной системы Yelp, связанная с включением функций из недостоверной контролируемой области при обработке документов с использованием схемы ghelp, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и выполнить произвольный код

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
References:
Published: 2025-04-03
Modified: 2025-08-12

CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

Severity: HIGH (7.4) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
References:

ALT-PU-2025-8163-2

Package radare2 updated to version 5.9.8-alt1 for branch p11 in task 387396.

Closed vulnerabilities

Published: 2024-10-30
Modified: 2025-06-13

CVE-2024-48241

An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2025-8167-2

Package cjson updated to version 1.7.18-alt1 for branch p11 in task 387409.

Closed vulnerabilities

Published: 2023-12-04

BDU:2024-01768

Уязвимость функции cJSON_InsertItemInArray библиотеки для обработки JSON файлов на языке С JSON-C, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2023-12-14
Modified: 2025-07-22

CVE-2023-50471

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-12-14
Modified: 2025-07-22

CVE-2023-50472

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2025-05-23
Modified: 2025-06-16

CVE-2023-53154

parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2025-8293-2

Package kernel-image-rt updated to version 6.12.34-alt1 for branch p11 in task 387627.

Closed bugs

Bug #54848

Отсутствует модуль для поддержки mt7925

ALT-PU-2025-8297-2

Package kernel-image-6.12 updated to version 6.12.34-alt1 for branch p11 in task 387626.

Closed bugs

Bug #54848

Отсутствует модуль для поддержки mt7925

ALT-PU-2025-8375-2

Package kde-theme-alt updated to version 0.4.1-alt1 for branch p11 in task 387904.

Closed bugs

Bug #54868

Не видны всплывающие подсказки у инструментов/виджетов в системном лотке KDE

ALT-PU-2025-8381-2

Package kumir2 updated to version 2.1.0-alt12.git330a5532 for branch p11 in task 387910.

Closed bugs

Bug #45176

Ошибка сегментирования при запуске $ kumir2-classic

ALT-PU-2025-8426-2

Package kweather updated to version 25.04.2-alt1 for branch p11 in task 384958.

Closed bugs

Bug #53914

Ошибка при выборе местоположения

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top