1301 matches found
PT-2026-42693
Name of the Vulnerable Software and Affected Versions KnpLabs Snappy versions prior to 1.7.1 Description A shell injection issue exists on POSIX systems where the escapeshellarg function returns a string containing single-quote characters. This causes the is executable check to fail, as it search...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: posix-clock: The missing timespec64 check in pcclocksettime has been fixed. As Andrew pointed out, it makes sense that the PTP core checks the tvsec and tvnsec fields of the timespec64 structure before calling ptp-info-settime64...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ptp: A possible memory leak has been fixed in ptpclockregister. I encountered a memory leak during the fault injection test as follows: Unreferenced object: 0xffff88800906c618 size 8 Command: comm "i2c-idt82p33931", PID: 4421,...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: filelock: Removes locks reliably when a race between fcntl/close operations is detected. When the fcntlsetlk operation races with the close operation, the created lock is removed using dolockfilewait. However, LSMs may allow t...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting the ACL. A NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL later. It finds that the ACL is only a default ACL based on the mode bits, and not...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: The process of cleaning up CPU timers before releasing them during execution. The commit 55e8c8eb2c7b “posix-cpu-timers: Store a reference to a pid instead of a task” corrected the behavior where tasks were...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Fixed a race condition between handleposixcputimers and posixcputimerdel. If a non-autoreaping task that exits has already called exitnotify and calls handleposixcputimers from the IRQ, it may be reaped by its...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: posix-timers: A mechanism is added to prevent livelock in the itimerdelete function. The itimerdelete function contains a retry loop when the timer expires simultaneously. On non-RT kernels, this is simply a spin-wait until the...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: corrected the incorrect validation of the numaces field in smbacl. The parsedcal function validates numaces to allocate an array of posixacestatearray. If numaces exceeds ULONGMAX / sizeofstruct smbace++, it results in an...
PAX Header Desynchronization in astral-tokio-tar
Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...
GHSA-2H4P-VJRC-8XPQ Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup
Summary On Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the configured template directory. Details The root cause is a...
Linux Distros Unpatched Vulnerability : CVE-2026-31710
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only...
Important: libcap security update
Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: libcap: libcap: Privilege escalation via TOCTOU race condition in capsetfile CVE-2026-4878 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: A possible reference count leak in smb2open has been fixed. The reference count of ACLs will cause a leak when memory allocation fails. This issue has been addressed by adding the missing posixaclrelease function...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix reference count leak in smbcheckpermdacl The issue happens in a specific path in smbcheckpermdacl. When "id" and "uid" have the same value, the function simply jumps out of the loop without decrementing the reference...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: posix-timers: Plug potential memory leak in dotimercreate When posix timer creation is set to allocate a given timer ID and the access to the user space value faults, the function terminates without freeing the already allocated...
Astra Linux - уязвимость в linux-5.10, linux, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posixtimeradd tries to allocate a posix timer ID by starting from the cached ID which was stored by the last successful allocation. This is done in a loop searching the ID...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: filelock: A potential use-after-free issue was addressed in posixlockinode. Light Hsieh reported a KASAN UAF warning in traceposixlockinode. The request pointer had previously been changed to point to a lock entry that was added ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fs/9p: Fixed the issue of NULL pointer dereferencing when using mkdir. When a 9p tree was mounted with the posixacl option, the parent directory had a default ACL set for its subdirectories. For example: setfacl -m...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: nfs: fixed the acl memory leak in posixaclcreate When reviewing another nfs xfstests report, I found that errors related to acl and defaultACL in nfs3proccreate and nfs3procmknod might be exposed. These issues need to be...