All errata/sisyphus/ALT-PU-2025-8531-2
ALT-PU-2025-8531-2

Package update iputils in branch sisyphus

Version20250605-alt1
Task#388195
Published2026-02-04
Max severityMEDIUM
Severity:

Closed issues (4)

BDU:2025-11086
MEDIUM6.5

Уязвимость пакета ICMP Echo Reply утилиты ping, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-09-14Modified: 2026-04-20
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CVSS 2.0MEDIUM 6.4
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:P
References
BDU:2026-00319
MEDIUM6.5

Уязвимость функции ping утилиты iputils, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-01-13Modified: 2026-02-17
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CVSS 2.0MEDIUM 6.4
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:P
References
CVE-2025-47268
MEDIUM6.5

ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.

Published: 2025-05-05Modified: 2026-04-06
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
References
CVE-2025-48964
MEDIUM6.5

ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).

Published: 2025-07-22Modified: 2026-04-15
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
References