ALT-BU-2025-8539-1
Branch sisyphus update bulletin.
Package traceroute updated to version 2.1.3-alt1 for branch sisyphus in task 383497.
Closed vulnerabilities
BDU:2023-07542
Уязвимость утилиты buc Traceroute, связанная с неправильной обработкой строк кода, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2023-46316
In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.
- http://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html
- https://security-tracker.debian.org/tracker/CVE-2023-46316
- https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/
- http://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html
- https://security-tracker.debian.org/tracker/CVE-2023-46316
- https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/
Closed bugs
devel-файлы в не-devel пакете
Package appstream-data-desktop updated to version 20250624-alt1 for branch sisyphus in task 388128.
Closed bugs
Remmina после установки недееспособна
Package docs-alt-education updated to version 11.0-alt2 for branch sisyphus in task 388189.
Closed bugs
Неверное согласование числа в примечании о гибернации
Несоответствие названий пунктов "Переключить пользователя" и "Смена пользователя"
Неверный апплет звука в списке системного лотка
Пропущена точка с запятой в списке возможностей групповых политик
Лишняя точка в предложении 48.2. Настройка в ЦУС
Closed bugs
curl 8.14.1: не работает параметр --ftp-pasv
Closed vulnerabilities
Modified: 2025-07-23
CVE-2025-47268
ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.
Modified: 2025-08-26
CVE-2025-48964
ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).
- https://bugzilla.suse.com/show_bug.cgi?id=1243772
- https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c
- https://github.com/iputils/iputils/issues
- https://github.com/iputils/iputils/releases/tag/20250602
- https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9