Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Reverted the behavior where “Info: mapping multiple BARs. Your kernel is fine.” was avoided. Undo the modifications made in commit d410ee5109a1 “ACPICA: avoid “Info: mapping multiple BARs. Your kernel is fine.””. The...

Astra Linux – Vulnerability in gst-plugins-base1.0

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2readsynchuint function, located in id3v2.c. If id3v2readsynchuint is called with a null work-hdr.framedata, the pointer guint8 data is accessed without validatio...

Astra Linux – Vulnerability in gst-plugins-base1.0

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parselrc function within gstsubparse.c. The parselrc function calls strchr to find the character ‘’ in the string line. The pointer returned by this call ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace the fake VLA at the end of vbvamousepointershape with a real VLA. Replace the fake VLA at the end of the vbvamousepointershape structure with a real VLA to fix a “memcpy: detected field-spanning write error...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mptcp: handles DDS corruption consistently. The buggy peer implementation can send corrupted DSS options, consistently causing several warnings in the data path. Use DEBUGNET assertions to avoid errors on some builds and to handl...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fbdev: sh7760fb: A possible memory leak has been fixed in sh7760fballocmem. When information such as info-screenbase is not ready, calling sh7760fbfreemem does not release the memory correctly. Instead, call dmafreecoherent...

Astra Linux – Vulnerability in the 389-DS-base

A flaw has been discovered in 389-ds-base versions 1.4.x.x prior to 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker who can view the screen or record the terminal’s standard error outpu...

Astra Linux – Vulnerability in the 389-DS-base

A flaw was discovered in the ‘deref’ plugin of 389-ds-base, where it could use the ‘search’ permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...

Astra Linux – Vulnerability in mbedtls

A vulnerability was discovered in Arm Mbed TLS prior to version 2.24.0. An attacker can obtain a private key for RSA or static Diffie-Hellman through a side-channel attack targeting the generation of base blinding/unblinding values...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fixed an issue where the nftcountersenabled counter might underflow during the nftablesaddchain function. The syzbot reports that the nftcountersenabled counter might underflow at nftablesaddchain1. This issu...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: hns3: add vlan list lock to protect vlan list When adding port base VLAN, vf VLAN need to remove from HW and modify the vlan state in vf VLAN list as false. If the periodicity task is freeing the same node, it may cause "use...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpbasemss. When reading sysctltcpbasemss, it can be changed concurrently. Therefore, we need to add READONCE to its readers...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: serial: core: check uartclk for zero to avoid divide by zero Calling ioctl TIOCSSERIAL with an invalid baudbase can result in uartclk being zero, which will cause a divide by zero error in uartgetdivisor. The check for uartclk...

Astra Linux – Vulnerability in gst-plugins-base1.0

GStreamer PGS File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack...

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 7.x, 8.x, 9.2.27 and earlier, 9.3.26 and earlier, and 9.4.16 and earlier, the server running on any operating system and Jetty version combination will display a 404 error in the output, indicating that no Context matching the requested path was found. The default server...

Astra Linux – Vulnerability in Firefox and Thunderbird

When injecting an HTML base element, some requests will ignore the CSP’s base-uri settings and instead accept the base-uri setting of the injected element. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

Astra Linux – Vulnerability in Linux

In various methods of kernel-based drivers, there is a possibility of an out-of-bounds write due to a heap buffer overflow. This could lead to a local escalation of privileges, requiring system execution privileges. User interaction is not required for exploitation. Product: Android Versions:...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ptpqoriq: fixed a memory leak in probe Smatch reports the following issue: drivers/ptp/ptpqoriq.c, ptpqoriqprobe: warning that the ‘base’ from ioremap was not released. This issue can be fixed by revising the parameter from...

Astra Linux – Vulnerability in Firefox

Service workers may reveal the script-based base URL due to dynamic import. This vulnerability affects Firefox versions earlier than 113...

Astra Linux – Vulnerability in qtbase-opensource-src

A issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read issue due to a crafted reply from a DNS server...