Astra Linux - уязвимость в python-tornado

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the provided “reason” phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML on the default error page where it could be used for XSS attacks. This...

Astra Linux - уязвимость в ruby-rack

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser could accumulate unbounded data when the header block of a multipart part never ended with the required blank line CRLFCRLF. The parser continuously stored incoming bytes in memory...

Astra Linux - уязвимость в advancecomp

It was discovered that Advancecomp v2.3 contains a heap buffer overflow issue through the leuint32read function in /lib/endianrw.h...

Astra Linux - уязвимость в libpcap

The sf-pcapng.c file in libpcap before version 1.9.1 does not properly validate the PHB header length before allocating memory...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb-transportheader is set in bpfskbcheckmtu. The bpfskbcheckmtu helper needs to use skb-transportheader when the BPFMTUCHKSEGS flag is used: bpfskbcheckmtuskb, ifindex, &mtulen, 0, BPFMTUCHKSEGS. The transportheader i...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939sendone: fixed the issue of missing CAN header initialization. The read access to struct canxlframe::len within a j1939 object revealed that the reserved elements in struct canframe were not properly initialized...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: veth: Ensure that the eth header is in the linear part of the skb structure. After feeding a decapsulated packet to a veth device using actmirred, skbheadlen may be 0. However, vethxmit calls devforwardskb, which expects at...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix incorrect page release Under the following conditions: 1 No skb has been created yet. 2 headersize == 0 no SHAMPO header. 3 headerindex + 1 % MLX5ESHAMPOWQHEADERPERPAGE == 0 this is the last page fragment o...

Astra Linux - уязвимость в firefox

The Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user’s browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability...

Astra Linux - уязвимость в golang-1.15

In versions of Go prior to 1.15.13 and 1.16.x prior to 1.16.5, a crafted file count present in the archive’s header can lead to a panic in NewReader or OpenReader...

Astra Linux - уязвимость в linux

The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP does not require that the A-MSDU flag in the plaintext QoS header field be authenticated. Against devices that support receiving non-SSP A-MSDU frames which is mandatory as part of...

Astra Linux - уязвимость в python2.7, pypy

In Lib/tarfile.py in Python 3.8.3, an attacker can create a TAR archive that causes an infinite loop when opened using tarfile.open, due to the lack of header validation in procpax...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: accel/qaic: Tightened bounds checking in decodemessage. The bounds checking was moved from encodemessage to decodemessage. This patch addresses the following issues: - Ensure that there is enough space for at least one header,...

Astra Linux - уязвимость в tomcat9

Exposure of the HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerabilities in Apache Tomcat. This issue affects Apache Tomcat versions: 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, 9.0.2 through 9.0.117, 8.5.24 through 8.5.100, and 7.0.83 through...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: libceph: Potential out-of-bounds reads in processmessageheader have been prevented. If the message frame is maliciously corrupted in such a way that the length of the control segment becomes shorter than the size of the message...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: libbpf: Fixed an issue of accessing the BTF.ext corerelo header. Updated btfextparseinfo to ensure that the corerelo header is present before reading its fields. This prevents a potential buffer read overflow reported by the OSS...

Astra Linux - уязвимость в thunderbird

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text is never displayed to the user. This is because the text is interpreted as a MIME message, and the first paragraph is always treated as part of an email header section. A digitally signed text...

Astra Linux - уязвимость в nghttp2

nghttp2 is an implementation of the Hypertext Transfer Protocol Version 2 in C. The nghttp2 library prior to version 1.61.0 continued to read an unlimited number of HTTP/2 CONTINUATION frames even after a stream was reset, in order to keep the HPACK context synchronized. This caused excessive CPU...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driver for Tegra194, where random system crashes have been observed 0. The problem occurs when the split header...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: added vlangetprotocolanddepth helper. Previously, skbmaypull was used instead of skbheaderpointer in vlangetprotocol and related functions. Few calls relied on skb-head being populated with the MAC header. syzbot detected on...