Astra Linux - уязвимость в bind9

In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of the BIND Supported Preview Edition, as well as release version 9.17.0 - 9.17.18 of the BIND 9.17 development branch, exploiting broken authoritative servers using a flaw in response...

Astra Linux - уязвимость в blender

An integer overflow in the processing of loaded 2D images leads to a “write-what-where” vulnerability and an “out-of-bounds read” vulnerability. This allows attackers to leak sensitive information or execute code within the Blender process when a specially crafted image file is loaded. This flaw...

Astra Linux - уязвимость в webkit2gtk

The issue was addressed through improved checks. This issue has been fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Media: MediTech: vcodec – Added a lock to protect the decoder context list. Added a lock for the ctxlist to prevent accessing a NULL pointer within the ‘vpudecipihandler’ function when the ctxlist is deleted due to an unexpect...

Astra Linux - уязвимость в imagemagick

In MIFF image processing using ImageMagick, before version 7.1.1-44, the image depth is improperly handled after the SetQuantumFormat function is used...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fixed a potential division-by-zero error in emcomputecosts. When the device is of a non-CPU type, tablei.performance will not be initialized in the previous eminitperformance. This results in a division by zero when...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fixed handling of connection failures In cases where immediate MPA Memory-Purposed Allocation request processing fails, the newly created endpoint unlinks from the listening endpoint and becomes ready to be dropped. Thi...

Astra Linux - уязвимость в qemu

An integer underflow issue was discovered in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could exploit this flaw to render QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...

Astra Linux - уязвимость в libtasn1-6

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even cause the system to crash. This flaw allows an attacker to send a specially crafted...

Astra Linux - уязвимость в webkit2gtk

This issue has been resolved through improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5, iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, and watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mwifiex: Fixed out-of-bounds access to the skb-data buffer during OOB operations and integer underflow when processing RX packets. Ensure that functions such as mwifiexprocessmgmtpacket, mwifiexprocessstarxpacket,...

Astra Linux - уязвимость в gnutls28

A flaw was discovered in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a speciall...

Astra Linux - уязвимость в sox

A vulnerability was discovered in SoX, where a heap buffer overflow occurs in the startread function in the hcom.c file. This vulnerability can be exploited by using a specially crafted hcomn file, which may cause the application to crash...

Astra Linux - уязвимость в php7.3

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21, and 7.4.x below 7.4.9, when processing PHAR files using the phar extension, pharparsezipfile might be tricked into accessing freed memory, which could lead to a crash or information disclosure...

Astra Linux - уязвимость в ffmpeg

There is a heap-based Buffer Overflow vulnerability in gaussianblur at libavfilter/vfedgedetect.c, which may lead to memory corruption and other potential issues...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Networks: Ethernet; mtkethsoc: fixed the issue of PPE hanging. A patch to resolve this issue was found in MediaTek’s GPL-licensed SDK. In the mtkppestop function, the PPE scan mode is not disabled before disabling the PPE. This...

Astra Linux - уязвимость в qpdf

QPDF versions 9.x through 9.1.1, and 10.x through 10.0.4 have a heap-based buffer overflow in the PlASCII85Decoder::write function invoked from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write operation fails...

Astra Linux - уязвимость в webkit2gtk

The issue was resolved through improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2, iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3, and iPadOS 16.7.3. Processing an image may lead to a denial-of-service...

Astra Linux - уязвимость в webkit2gtk

A logic issue has been resolved through improved restrictions. This issue is fixed in iOS 16.6, iPadOS 16.6, watchOS 9.6, tvOS 16.6, and macOS Ventura 13.5. Processing web content may lead to arbitrary code execution...

Astra Linux - уязвимость в webkit2gtk

The issue was resolved through improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, and watchOS 10.5. Processing web content may lead to arbitrary code execution...