Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nfs/localio: Restore credentials before releasing pageio data. Otherwise, if the nfsd filecache code releases the nfsdfile immediately, it may trigger the BUGON condition cred == current-cred in putcred, when putting...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tomoyo: Fixed the UAF write bug in tomoyowritecontrol. Since tomoyowritecontrol updates head-writebuf when the write function is called for long lines, we need to retrieve head-writebuf after holding head-iosem. Otherwise,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mailbox: th1520: Fixed a NULL vs ISERR bug. The devmioremap function does not return error pointers; instead, it returns NULL. Updated the error checking to match this behavior...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mac8021: fixed possible out-of-bound access in ieee80211getrateduration Fixed possible out-of-bound access in the ieee80211getrateduration routine As reported in the following UBSAN report: UBSAN: Array index out-of-boun...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: The uncached inode fails to enter the group. Syzbot has reported the following BUG: Kernel BUG at fs/ocfs2/uptodate.c:509! … Call Trace: ? diebody+0x5f/0xb0 ? die+0x9e/0xc0 ? dotrap+0x15a/0x3a0 ?...

Astra Linux – Vulnerability in Linux 5.10

The checkaluop function in kernel/bpf/verifier.c in the Linux kernel, as of v5.16-rc5, did not properly update the bounds when handling the mov32 instruction. This issue allows local users to obtain potentially sensitive address information, also known as a “pointer leak.”...

Astra Linux – Vulnerability in python-ldap

Python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the ldap.dn.escapednchars function incorrectly escaped \x00 by emitting a slash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this functi...

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 has an improper restriction on write operations within the bounds of a memory buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: block: Fixed the issue of iterating over an empty bio with bioforeachfolioall. If the bio contains no data, biofirstfolio calls pagefolio using a NULL pointer, resulting in a buffer overflow error. We’ve moved the test that check...

Astra Linux – Vulnerability in NTP

In the mstolfp.c file within NTP 4.2.8p15, there is a buffer overflow vulnerability when adding a decimal point. An adversary may be able to attack a client’s ntpq process, but they cannot attack the ntpd process...

Astra Linux – Vulnerability in libstb

stbimage is a single-file library licensed under MIT that is used for processing images. When stbisetflipverticallyonload is set to TRUE, and reqcomp is set to a value that does not match the actual number of components per pixel, the library attempts to flip the image vertically. A specially...

Astra Linux – Vulnerability in uriparser

A issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed scheduling issues during atomic decompression operations 16.945668 C0 Call trace: 16.945678 C0 dumpbacktrace+0x110/0x204 16.945706 C0 dumpstacklvl+0x84/0xbc 16.945735 C0 schedulebug+0xb8/0x1ac 16.945756 C0...

Astra Linux – Vulnerability in python-ipaddress

The Lib/ipaddress.py module in Python up to version 3.8.3 incorrectly calculates hash values for the IPv4Interface and IPv6Interface classes. This may allow a remote attacker to cause a denial of service if an application relies on the performance of a dictionary containing IPv4Interface or...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.164, using "after free" in WebSerial with Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

RHSA-2026:7634 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

RHSA-2026:7625 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

RHSA-2026:27171 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

RHSA-2026:25143 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

RHSA-2026:25039 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...