Astra Linux - уязвимость в pypy

A issue was discovered in Python versions 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module incorrectly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of check on the From/To...

Astra Linux - уязвимость в libsoup2.4

A flaw was discovered in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: geneve: Make sure to pull the inner header in geneverx. syzbot triggered a bug in geneverx 1 The issue is similar to the one I fixed in commit 8d975c15c0cd: "ip6tunnel: Make sure to pull the inner header in ip6tnlrcv" We need ...

Astra Linux - уязвимость в haproxy

HAProxy versions 2.0.32, 2.1.x, and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 send empty Content-Length headers, violating section 8.6 of RFC 9110. In rare cases, an HTTP/1 server behind HAPProxy may interpret...

Astra Linux - уязвимость в apache2

Before Apache HTTP Server 2.4.55, a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers serve any security purposes, they will not be interpreted by the client...

Astra Linux - уязвимость в rabbitmq-server

Pivotal RabbitMQ versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, as well as RabbitMQ for Pivotal Platform versions 1.16.x prior to 1.16.7 and 1.17.x prior to 1.17.4, contain a web management plugin that is vulnerable to a denial-of-service attack. The “X-Reason” HTTP header can be...

Astra Linux - уязвимость в python-tornado

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and earlier use an inefficient algorithm when parsing parameters for HTTP header values, which may lead to Denial-of-Service attacks. The parseparam function in httputil.py is used to parse specific HTTP header...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ARP: Do not assume that devhardheader does not change skb-head. arpcreate is the only function that calls devhardheader, and it makes an assumption that skb-head remains unchanged. A recent commit broke this assumption. Initializ...

Astra Linux - уязвимость в ffmpeg

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2, specifically in the libavcodec/getbits.h file, during the process of writing .mov files. This vulnerability may lead to memory corruption and other potential issues...

Astra Linux - уязвимость в netty

The Netty project is an event-driven, asynchronous network application framework. Starting from version 4.1.83.Final and before 4.1.86.Final, when calling DefaultHttpHeaders.set with an iterator of values, header value validation was not performed. This allowed malicious header values in the...

Astra Linux - уязвимость в golang-1.19

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate significantly more memory than is...

Astra Linux - уязвимость в haproxy

A issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. This issue can lead to a situation where the HTTP Host header is controlled by an attacker, due to a mismatch between the Host field and its corresponding authority value being mishandled...

Astra Linux - уязвимость в jruby

A vulnerability was discovered in Ruby versions 2.5.8, 2.6.x up to 2.6.6, and 2.7.x up to 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, did not rigorously check the transfer-encoding header value. An attacker could potentially exploit this vulnerability to bypass a reverse proxy which...

Astra Linux - уязвимость в libcommons-fileupload-java, tomcat9

The allocation of resources for multipart headers with insufficient limits enabled created a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: versions from 1.0 before 1.6, and from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to version 1...

Astra Linux - уязвимость в apache2

In the Apache HTTP Server with modproxy loaded, SSRF allows an attacker to send outbound proxy requests to a URL controlled by the attacker. This requires a unusual configuration where modheaders is used to modify the Content-Type header of the request or response, with a value provided in the HT...

Astra Linux - уязвимость в golang-1.15

In Go versions before 1.15.13 and 1.16.x, as well as before 1.16.5, certain configurations of ReverseProxy from net/http/httputil lead to a situation where an attacker can drop arbitrary headers...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validating the command header size against SVGACMDMAXDATASIZE This data originates from user space and is used in buffer offset calculations, which may potentially lead to an out-of-bounds access due to overflow...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: usb: qmiwwan: Initialize the MAC header offset in qmimuxrxfixup Raw IP packets do not have a MAC header, resulting in skb-macheader being uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystems...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: Rejected malicious packets in ipv6gsoSegment. syzbot was able to create a packet with very long IPv6 extension headers, leading to an overflow of the skb-transportheader field. This 16-bit field has a limited range. Add...

Astra Linux - уязвимость в exim4

In versions of Exim up to 4.97.1, Misparse processes multi-line RFC 2231 header filenames. As a result, remote attackers can bypass the protection mechanism that blocks $mimefilename extensions, and potentially deliver executable attachments to the mailboxes of end users...