Astra Linux – Vulnerability in Containerd

In containerd a industry-standard container runtime, before versions 1.3.10 and 1.4.4, containers launched through containerd’s CRI implementation via Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image might receive incorrect...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: inet: Sk-skrxdst was converted to RCU rules. The syzbot reported various issues related to early demux processing. One of these issues is included in this changelog 1. Sk-skrxdst uses RCU protection without proper documentatio...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB version 10.5.9 allows a SetVar.cc application to crash due to certain uses of the UPDATE statement in conjunction with a nested subquery...

Astra Linux – Vulnerability in OpenLDAP

In OpenLDAP versions 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function due to a malicious packet. This leads to a denial of service daemon exits caused by a short timestamp. This issue is related to the schemainit.c file and the...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: use of a stale path after allocation in ext4extinsertextent As Ojaswin mentioned in the link, in ext4extinsertextent, if the path is reallocated during ext4extcreatenewleaf, we will use a stale path, leading to a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The sock code: The protection check for psock vs. ULP needs to be reimplemented. Commit 8a59f9d1e3d4 “sock: Introduce sk-skprot-psockupdateskprot” moved the inetcskhasulpsk check from skpsockinit to the new tcpbpfupdateproto...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: eventpoll: Deferring the epfree function in eventpoll.c to an RCU callback during a grace period. In certain situations, epfree in eventpoll.c will free the epi-ep structure while it is still being used by another concurrent...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Do not clone flow post-action attributes a second time. The code already clones post-action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is an error remaining from the original...

Astra Linux – Vulnerability in Firefox

A use-after-free vulnerability was identified during testing, and it was traced to an outdated Cairo library. Updating the library resolved the issue, and it may have also addressed other unknown security vulnerabilities. This vulnerability affects Firefox versions earlier than 90...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Avoid invalid reads in irdmanetevent. The irdmanetevent function should not dereference anything from “neigh” alias “ptr” until it has checked that the event is of type NETEVENTNEIGHUPDATE. Other events are pointed to...

Astra Linux – Vulnerability in WebKit2GTK

A use-after-free vulnerability exists in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before version 2.36.8, allowing attackers to execute code remotely...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Remove ppath from ext4extreplayupdateex to avoid double-free. When calling ext4forcesplitextentat&ppath in ext4extreplayupdateex, ppath is updated, but it is path that is freed. This potentially triggers a double-free in th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fixed the issue with rcudereferenceprotected. When destroying all sets, we are either in the pernetexit phase or executing a “destroy all sets” command from user space. The latter was taken into account in...

Astra Linux – Vulnerability in Firefox and Thunderbird

If a user installed an extension of a particular type, the extension might automatically update itself. During this process, it could bypass the prompt that grants the new version the newly requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ice: Fixed a crash by retaining the old configuration when updating Traffic Classes beyond the allocated queues. There are issues when the number of allocated queues is less than the number of Traffic Classes. The commit...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fixed the WARNON message for the monitor mode on some devices. On devices without WANTMONITORVIF and likely without channel context support, we receive a WARNON message when changing the per-link settings of a...

Astra Linux – Vulnerability in docker.io

Docker CLI is the command-line interface for the Docker container runtime. A bug was discovered in Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json, which lists a credsStore or credhelpers that cannot be...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ublk: Fix for deadlock when reading the partition table When a process such as udev opens the ublk block device e.g., to read the partition table using bdevopen, a deadlock can occur: 1. bdevopen grabs the disk-openmutex. 2. The...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ftrace: The soft lockup issue in ftracemoduleenable has been fixed. A soft lockup was observed when loading the amdgpu module. If a module contains many functions that can be traced, multiple calls to kallsymslookup may take too...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fixed the possibility of accessing a freed kirqfd instance. Nothing prevents simultaneous ioctl calls to privcmdirqfdassign and privcmdirqfddeassign. If this occurs, it is possible that a kirqfd created and added to...