Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module that serves as a dependency without checking whether any other dependent modules are still loaded, leading to a “use-after-free” scenario. This could allow arbitrary code to be...

Astra Linux – Vulnerability in busybox

There is a stack overflow vulnerability in ash.c:6030 in busybox before version 1.35. In the environment of the Internet of Vehicles, this vulnerability can lead to the execution of arbitrary code from commands...

Astra Linux – Vulnerability in libgsf

There is an integer overflow vulnerability in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can lead to an integer overflow when processing the directory from the file, allowing an out-of-bounds ind...

Astra Linux – Vulnerability in WebKit2GTK

A race condition has been addressed through improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in Firefox

Memory safety bugs exist in Firefox 109. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions prior to 110...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, and tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code...

Astra Linux – Vulnerability in GhostScript

A issue was discovered in psi/zfile.c in Artifex Ghostscript prior to version 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution...

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible Engine, in ansible-engine 2.8.x before 2.8.15, and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation, even when the disablegpgcheck parameter is set to False—which is the default...

Astra Linux – Vulnerability in Firefox

Due to unexpected data type conversions, a use-after-free might have occurred when interacting with the font cache. We assume that with sufficient effort, this vulnerability could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions earlier than 88...

Astra Linux – Vulnerability in WebKit2GTK

The issue was addressed through improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2, and iPadOS 17.7.2; iOS 18.1.1 and iPadOS 18.1.1; macOS Sequoia 15.1.1; and visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report...

Astra Linux – Vulnerability in WebKit2GTK

Multiple memory corruption issues have been resolved through improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6, iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, and watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in Firefox

Memory safety bugs exist in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability has be...

Astra Linux – Vulnerability in Firefox and Thunderbird

Memory safety bugs exist in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146, and Thunderbird 146. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability ha...

Astra Linux – Vulnerability in Cpio

In GNU Cpio from version 2.13 onwards, attackers can execute arbitrary code by using a crafted pattern file. This occurs due to a dstring.c dsfgetstr integer overflow, which triggers an out-of-bounds heap write. NOTE: It is unclear whether there are common cases where the pattern file, associated...

Astra Linux – Vulnerability in glibc

The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc from version 2.34 onwards copies the path argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the applicati...

Astra Linux – Vulnerability in pyyaml

A vulnerability was discovered in the PyYAML library in versions prior to 5.4. In these versions, the library is susceptible to arbitrary code execution when it processes untrusted YAML files using the fullload method or the FullLoader loader. Applications that use this library to process untrust...

Astra Linux – Vulnerability in WebKit2GTK

The issue was addressed through improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in Firefox and Thunderbird

Memory safety bugs exist in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143, and Thunderbird 143. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability ha...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may...

Astra Linux – Vulnerability in WebKit2GTK

A memory corruption issue has been resolved through improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15, and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution...