Astra Linux - уязвимость в webkit2gtk

A memory corruption issue has been resolved through improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4, and iPadOS 16.4, as well as iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report...

Astra Linux - уязвимость в logback

In Logback version 1.2.7 and earlier versions, an attacker with the necessary privileges to edit configuration files could create a malicious configuration that allowed the execution of arbitrary code loaded from LDAP servers...

Astra Linux - уязвимость в qemu

A vulnerability related to out-of-bounds read/write access was discovered in the USB emulator of QEMU in versions prior to 5.2.0. This issue occurs during the processing of USB packets from a guest, when the value of USBDevice’s ‘setuplen’ exceeds the value of ‘databuf4096’ in the dotokenin and...

Astra Linux - уязвимость в firefox

Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 100. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploite...

Astra Linux - уязвимость в firefox

Mozilla developers and community members reported memory safety bugs in Firefox 90. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects versions of...

Astra Linux - уязвимость в webkit2gtk

This issue has been addressed through improved enforcement of iframe sandbox rules. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...

Astra Linux - уязвимость в firefox, thunderbird

Memory safety bugs exist in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143, and Thunderbird 143. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...

Astra Linux - уязвимость в firefox

Due to unexpected data type conversions, a use-after-free might have occurred when interacting with the font cache. We assume that with sufficient effort, this vulnerability could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions earlier than 88...

Astra Linux - уязвимость в firefox, thunderbird

Mozilla developers reported memory safety bugs in Firefox 85 and Firefox ESR 78.7. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox version...

Astra Linux - уязвимость в firefox, thunderbird

Memory safety bugs exist in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141, and Thunderbird 141. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability ha...

Astra Linux - уязвимость в gdk-pixbuf

There is a flaw in gdk-pixbuf, specifically within the gdkpixbufjpegimageloadincrement function io-jpeg.c, and in glib’s gbase64encodestep function glib/gbase64.c. When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing for out-of-bounds...

Astra Linux - уязвимость в firefox

Memory safety bugs exist in Firefox 140 and Thunderbird 140. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability has been fixed in Firefox 141 and Thunderbird...

Astra Linux - уязвимость в thunderbird

Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs in Firefox 94. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these...

Astra Linux - уязвимость в firefox, thunderbird

Memory safety bugs exist in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability...

Astra Linux - уязвимость в firefox, thunderbird

Memory safety bugs exist in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox version...

Astra Linux - уязвимость в pillow

In Pillow’s PIL.ImageMath.eval before version 9.0.0, it was possible to evaluate arbitrary expressions, including those that used the Python exec method. A lambda expression could also be used...

Astra Linux - уязвимость в webkit2gtk

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may...

Astra Linux - уязвимость в gstreamer1.0, gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemuxparsetheoraextension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended...

Astra Linux - уязвимость в webkit2gtk

The issue was addressed through improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2, and iPadOS 17.7.2; iOS 18.1.1 and iPadOS 18.1.1; macOS Sequoia 15.1.1; and visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report...

Astra Linux - уязвимость в firefox

Memory safety bugs exist in Firefox 135 and Thunderbird 135. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability has been fixed in Firefox 136 and Thunderbird...