Malicious code in ts-logger-pack (npm)

ts-logger-pack is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads...

Astra Linux - уязвимость в chromium

A heap buffer overflow in the Mojom IDL of Google Chrome prior to version 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

Astra Linux - уязвимость в wireshark

The GVCP dissector crash in Wireshark versions 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service through packet injection or malicious capture files...

Astra Linux - уязвимость в samba

A vulnerability was discovered in Samba. A delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object’s creation. This issue arises because the administrator...

Astra Linux - уязвимость в linux-5.10, linux

The “Use After Free” vulnerability in the Linux kernel’s traffic control index filter tcindex allows for privilege escalation. The imperfect hash area can be updated while packets are being processed, leading to a use-after-free when the ‘tcfextsexec’ function is called with a corrupted tcfext. A...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A flaw was discovered in the Linux kernel’s Traffic Control TC subsystem. Using a specific networking configuration—redirecting egress packets to ingress using the TC “mirred” action—a local unprivileged user could trigger a CPU soft lockup ABBA deadlock when the transport protocol in use TCP or...

Astra Linux - уязвимость в bind9

The code that processes control channel messages sent to named recursively calls certain functions during packet parsing. The recursion depth is limited only by the maximum acceptable packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A denial-of-service vulnerability due to a deadlock was discovered in sctpautoasconfinit in net/sctp/socket.c within the SCTP subsystem of the Linux kernel. This flaw allows users with local user privileges to trigger a deadlock and potentially cause the system to crash...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: hi846: Fixed a memory leak in hi846initcontrols The hi846initcontrols function does not clean up the allocated ctrlhdlr resources in case of a failure, which leads to a memory leak. Added v4l2ctrlhandlerfree to properly fr...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfs: fixed the acl memory leak in posixaclcreate When reviewing another nfs xfstests report, I found that errors related to acl and defaultACL in nfs3proccreate and nfs3procmknod might be leaked. These issues need to be...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mlxsw: Thermal: Fix for out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: bash cat /sys/class/thermal/thermalzone2/cdev0/type mlxswfan cat...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Fixed the direction of 0-length ioctl control messages The syzbot fuzzer identified a issue with the usbtmc driver: When a user sends an ioctl with a 0-length control transfer, the driver does not check whether the...

Astra Linux - уязвимость в linux-5.10, linux

A flaw in the Linux kernel was discovered in the i740 driver. The userspace program can pass any value to the driver through the ioctl interface. The driver does not check the value of ‘pixclock’, which may lead to a division by zero error...

Astra Linux - уязвимость в libde265

A issue has been found in libde265 v1.0.8 due to incorrect access control. A segmentation fault has occurred as a result of a READ memory access in the deriveboundaryStrength function of deblock.cc. This vulnerability causes a segmentation fault and results in the crash of the application, leadin...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: mm: kmem: fixed a NULL pointer dereference in objstockflushrequired KCSAN identified an issue in objstockFlushRequired: stock-cachedobjcg can be reset between the check and dereference...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: memcontrol: Ensure that the memcg acquired by the id is properly set up. In the eviction recency check, we attempt to retrieve the memcg to which the folio belonged when it was evicted, by using the memcg id stored in the shadow...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: The clearwalkcontrol function sets ctx-walkcontrol to the control structure provided by the caller before checking whether the context is running. If the context is inactive i.e., damonisrunning returns false, the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: usb: cdnsp: Fixed a deadlock issue in cdnspthreadirqhandler. The patch fixes the following critical issue caused by deadlock, which was detected during testing of the NCM class: - smp: csd: A non-responsive CSD lock 1 was...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k – Avoid referencing uninitialized memory in ath9kwmictrlrx. For the same reasons described in commit b383e8abed41 “Wifi: ath9k – Avoid uninitialized memory reading in ath9khtcrxmsg”, ath9khtcrxmsg should validate the...