RHCOS 4 / 9 : OpenShift Container Platform 4.16.33 (RHSA-2025:0830)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:0830 advisory. - podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: binfmtflat: Corruption occurred when data start offsets were not applied. The commit 04d82a6d0881 “binfmtflat: Allow not offsetting data start” introduced a RISC-V-specific variant of the FLAT format. This variant does not alloca...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Tracing: Verify event formats that use "%p.." syntax. The trace event verifier checks the formats of trace events to ensure that they do not reference memory that is not part of the event itself, or data that will never be freed...

Astra Linux – Vulnerability in qtimageformats-opensource-src

A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial of service DoS attack through a specially crafted MNG file...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: media: staging/intel-ipu3: Fixed error handling for setfmt. If an error occurs during the setfmt operation, do not overwrite the previous sizes with the invalid configuration. Without this patch, v4l2-compliance ends up...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: ti-vpe: cal: Fixed a NULL pointer dereference in calctxv4l2initformats. In calctxv4l2initformats, devmkzalloc is assigned to ctx-activefmt. There follows a dereference of ctx-activefmt, which could lead to a NULL pointer...

Astra Linux – Vulnerability in libgd2

In the gdgd2.c file of the GD Graphics Library also known as LibGD, the function gdImageGd2Ptr has a double-free issue starting from version 2.3. NOTE: The vendor’s stance is that the GD2 image format is a proprietary image format of LibGD. It should be considered obsolete and should only be used...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoided format-overflow warnings With GCC and the W=1 option, there is a warning like this: fs/f2fs/compress.c: In the function ‘f2fsinitpagearraycache’: fs/f2fs/compress.c:1984:47: Error: The ‘%u’ directive is writing 1 to...

Astra Linux – Vulnerability in pillow

A issue was discovered in Pillow before version 8.2.0. For BLP data, BlpImagePlugin did not properly check the returned data after jumping to file offsets. This could lead to a denial-of-service attack, where the decoder could be executed multiple times with empty data...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: udf: Do not update the file length for failed writes to inline files When writing to an inline file fails or only partially succeeds, we still update the length of the inline data as if the entire write operation was successful...

Astra Linux – Vulnerability in binutils

The bfdgenericreadminisymbols function in syms.c within the Binary File Descriptor BFD library also known as libbfd, as part of GNU Binutils 2.31, contains a memory leak that can occur due to an improperly crafted ELF file. This leads to a denial of service condition due to excessive memory...

Astra Linux – Vulnerability in hdf5

A violation of bounds was detected in H5Ofillnewdecode and H5Ofillolddecode within H5Ofill.c in the HDF HDF5 1.10.2 library. This could allow a remote denial of service or information disclosure attack...

Astra Linux – Vulnerability in libstb

It was discovered that Nothings stb 2.28 contains a Null Pointer Dereference issue through the stbiconvertformat function. This vulnerability allows attackers to cause a Denial of Service DoS attack using a specially crafted PIC file...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Added a length check to avoid buffer overflow. A buffer overflow occurs due to the use of snprintf to write data into the buffer “buf” in the targetlugpmembersshow function located in...

Astra Linux – Vulnerability in hdf5

HDF5 versions 1.14.3 and earlier contain a buffer overflow vulnerability in H5Olinfodecode, which leads to corruption of the instruction pointer and causes denial of service or potential code execution...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: advansys: Fixed kernel pointer leaks Pointers should be printed using %p or %px, rather than being cast to unsigned long and then printed using %lx. Change %lx to %p when printing hashed pointers...

Astra Linux – Vulnerability in hdf5

There is an out-of-bounds read vulnerability in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux – Vulnerability in GhostScript

A issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow occurs when parsing the filename format string for the output filename, resulting in path truncation, as well as possible path traversal and code execution...

Astra Linux – Vulnerability in hdf5

A issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5Fgetnrefs located in H5Fquery.c. This allows an attacker to cause a Denial of Service attack...

Astra Linux – Vulnerability in hdf5

The HDF5 library from version 1.14.3 has a segmentation fault in the H5VM.c function H5VMmemcpyvv...