ALT-BU-2025-8850-1
Branch sisyphus_loongarch64 update bulletin.
Package z3 updated to version 4.15.2-alt2 for branch sisyphus_loongarch64.
Closed bugs
z3.z3types.Z3Exception: libz3.so not found
Package thunderbird updated to version 139.0.2-alt0.port for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-11-03
CVE-2025-5986
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.11.1 and Thunderbird < 139.0.2.
Package kmymoney updated to version 5.2.0-alt1 for branch sisyphus_loongarch64.
Closed bugs
Собрать с KF6
Package xone updated to version 0.3.4-alt1 for branch sisyphus_loongarch64.
Closed bugs
Некорректная работа драйвера донгла microsoft для беспроводных устройств XBox (пакет xone)
DKMS xone для ядра 6.15
Package frr updated to version 10.2.2-alt3 for branch sisyphus_loongarch64.
Closed bugs
frrinit.sh: can't open logfile /var/log/frr/frr.log
Package librum-reader updated to version 0.12.2-alt4 for branch sisyphus_loongarch64.
Closed bugs
После установки из репозитория приложение не запускается
Package amnezia-vpn updated to version 4.8.7.2-alt1 for branch sisyphus_loongarch64.
Closed bugs
Не собирается с Qt 6.9
Package kernel-image-6.12 updated to version 6.12.35-alt1.port.la64 for branch sisyphus_loongarch64.
Closed bugs
Отсутствует модуль для поддержки mt7925
Package re2c updated to version 4.2-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-23901
A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc.
Package sudo updated to version 1.9.16p2-alt3 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-11-03
CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
- https://access.redhat.com/security/cve/cve-2025-32462
- https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462
- https://explore.alas.aws.amazon.com/CVE-2025-32462.html
- https://lists.debian.org/debian-security-announce/2025/msg00118.html
- https://security-tracker.debian.org/tracker/CVE-2025-32462
- https://ubuntu.com/security/notices/USN-7604-1
- https://www.openwall.com/lists/oss-security/2025/06/30/2
- https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/
- https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
- https://www.sudo.ws/releases/changelog/
- https://www.sudo.ws/security/advisories/
- https://www.sudo.ws/security/advisories/host_any/
- https://www.suse.com/security/cve/CVE-2025-32462.html
- https://lists.debian.org/debian-lts-announce/2025/06/msg00033.html
Modified: 2025-11-05
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
- https://access.redhat.com/security/cve/cve-2025-32463
- https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463
- https://explore.alas.aws.amazon.com/CVE-2025-32463.html
- https://security-tracker.debian.org/tracker/CVE-2025-32463
- https://ubuntu.com/security/notices/USN-7604-1
- https://www.openwall.com/lists/oss-security/2025/06/30/3
- https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/
- https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
- https://www.sudo.ws/releases/changelog/
- https://www.sudo.ws/security/advisories/
- https://www.sudo.ws/security/advisories/chroot_bug/
- https://www.suse.com/security/cve/CVE-2025-32463.html
- https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/
- https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability
- https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability
- https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463
Closed bugs
Package quick-usb-formatter updated to version 0.6-alt25 for branch sisyphus_loongarch64.
Closed bugs
Не работает форматирование USB.