ALT-BU-2025-8507-1
Branch sisyphus_loongarch64 update bulletin.
Package kubernetes1.33 updated to version 1.33.2-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-06-23
CVE-2025-4563
A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation.
Package kubernetes1.32 updated to version 1.32.6-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-06-23
CVE-2025-4563
A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation.
Package ocrdesktop updated to version 4.0-alt3 for branch sisyphus_loongarch64.
Closed bugs
ocrdesktop - не запускается на Wayland
Package docs-alt-virtualization-pve updated to version 11.0-alt2 for branch sisyphus_loongarch64.
Closed bugs
Неизвестная опция --iso в pvesm list