ALT-BU-2025-9485-1
Branch sisyphus_loongarch64 update bulletin.
Package kubernetes1.32 updated to version 1.32.6-alt2 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-06-23
CVE-2025-4563
A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation.
Package sssd updated to version 2.9.7-alt3 for branch sisyphus_loongarch64.
Closed bugs
sssd: Unable to find backend for '/var/lib/sss/db/config.ldb'
Package apache-ignite updated to version 3.0.0-alt3 for branch sisyphus_loongarch64.
Closed bugs
пользователь ignite не существует - используется root
ERROR: JAVA_HOME is not set при запуске ignite3db.service (java не устанавливается по зависимостям)
Package kubernetes1.33 updated to version 1.33.2-alt2 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-06-23
CVE-2025-4563
A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation.