ALT Linux Team

Branch p11 update on 2025-07-05

2025-07-05

ALT-BU-2025-8971-1

Branch p11 update bulletin.

ALT-PU-2025-6547-2

Package far2l updated to version 2.6.5-alt2 for branch p11 in task 383518.

Closed bugs

Bug #54201

Невозможно ввести название папки на русском языке

ALT-PU-2025-8111-2

Package audacity updated to version 3.7.4-alt1 for branch p11 in task 387271.

Closed bugs

Bug #48494

/usr/bin/audacity is huge

ALT-PU-2025-8482-2

Package xca updated to version 2.8.0-alt3 for branch p11 in task 387675.

Closed bugs

Bug #53745

не работает просмотр ГОСТ сертификатов

ALT-PU-2025-8573-3

Package qbittorrent updated to version 5.1.1-alt1 for branch p11 in task 388307.

Closed vulnerabilities

Published: 2024-11-14
Modified: 2025-03-05

BDU:2024-09433

Уязвимость кросс-платформенный BitTorrent клиента qBittorrent, связанная с неправильным подтверждением подлинности сертификата SSL/TLS, позволяющая нарушителю выполнить атаку типа "человек посередине"

Severity: HIGH (8.1) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.6) Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
References:
Published: 2024-11-02
Modified: 2024-11-06

CVE-2024-51774

qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

ALT-PU-2025-8674-2

Package greetd-regreet updated to version 0.2.0-alt4 for branch p11 in task 388420.

Closed bugs

Bug #54975

Неправильная команда запуска Hyprland

Bug #54982

Отсутсвуют необходимые директории или не хватает прав для кэширования и логирования.

ALT-PU-2025-8800-2

Package quick-usb-formatter updated to version 0.6-alt25 for branch p11 in task 388667.

Closed bugs

Bug #54181

Не работает форматирование USB.

ALT-PU-2025-8810-2

Package mongo8.0 updated to version 8.0.11-alt1 for branch p11 in task 388662.

Closed vulnerabilities

Published: 2025-06-30
Modified: 2025-09-30

BDU:2025-07725

Уязвимость реализации протокола аутентификации OIDC сервера системы управления базами данных MongoDB, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2025-06-26
Modified: 2025-09-15

CVE-2025-6706

An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server. The crash is triggered on affected versions by issuing an aggregation framework operation using a specific combination of rarely-used aggregation pipeline expressions. This issue affects MongoDB Server v6.0 version prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and MongoDB Server v8.0 version prior to 8.0.4 when the SBE engine is enabled.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2025-06-26
Modified: 2025-09-26

CVE-2025-6707

Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
References:
Published: 2025-06-26
Modified: 2025-09-15

CVE-2025-6709

The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5. The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2025-06-26
Modified: 2025-09-15

CVE-2025-6710

MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow that causes the server to crash which could occur pre-authorisation. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5. The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:

ALT-PU-2025-8916-2

Package goldendict-ng updated to version 25.07.0-alt1 for branch p11 in task 388821.

Closed bugs

Bug #54942

Не предоставляет stardict >= 2.4.2

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top