Astra Linux – Vulnerability in binutils

The readelf.c file in GNU Binutils 2.32 contains an integer overflow vulnerability that allows attackers to trigger a write access violation in the byteputlittleendian function in elfcomm.c through an ELF file, as demonstrated by readelf...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB Server versions prior to 10.3.34 through 10.9.3 are vulnerable to Denial of Service attacks. It is possible for the function spiderdbmbase::printwarnings to dereference a null pointer...

Astra Linux – Vulnerability in binutils

The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc calls with an integer overflow result or potentially have unspecified other impacts through a crafted string, as demonstrated by c++filt...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys – fix a sleep while atomic with PREEMPTRT. When PREEMPTRT is enabled, the gpiokeysirqtimer callback runs in the hardirq context. However, the inputevent function takes a spinlock, which is not allowed in that...

Astra Linux – Vulnerability in sysstat

In sysstat version 12.2.0, there is a double-free in the checkfileactlst function within sacommon.c...

Astra Linux – Vulnerability in net-snmp

The handleipv6IpForwarding function in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP version 5.4.3 to 5.9.3 has a NULL Pointer Exception bug. This bug can be exploited by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in a Denial of Service attack...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible for this issue to occur when the mass storage function tries to queue requests from the main thread. However, other threads may already disable the endpoint when the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: qat – resolves a race condition during AER recovery During the error recovery process of the PCI AER system, the kernel driver may encounter a race condition related to the freeing of the resetdata structure’s memory. If...

Astra Linux – Vulnerability in Node.js

A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability arises from the fact that the fetch function in Node.js always decodes Brotli, making ...

Astra Linux – Vulnerability in etcd

An authentication vulnerability has been discovered in Etcd-io v.3.4.10. This vulnerability allows remote attackers to escalate privileges through the debug function...

Astra Linux - Vulnerability in Golang-1.19

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate significantly more memory than is...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fixed the null check for powersupplygetbyname. In the cpcapusbdetect function, the powersupplygetbyname function may return NULL instead of an error pointer. To prevent potential null pointer...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: core: Do not bypass hidhwrawrequest The hidhwrawrequest function is actually useful for ensuring that the provided buffer and length are valid. Directly calling this function in the low-level transport driver bypassed those...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nfsd: The issue in nfsd4setclientidconfirm where the function does not check the return value from getclientlocked was addressed. In this case, a SETCLIENTIDCONFIRM operation might race with a confirmed client’s expiration, causi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint – Fix for handling the configfs group list head The use of listdel on the epfgroup field of struct pciepfdriver in pciepfremovecfs is incorrect. This field is a list head, not a list entry. This listdel call trigger...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: perf: Fixed the issue with sample generation versus doexit. Baisheng Gao reported a crash in ARM64 mode. Mark interpreted this as a synchronous external abort—most likely due to attempting to access MMIO in a faulty way. The...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ACPICA: fixed the ACPI operand cache leak in dswstate.c ACPICA commit: 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I discovered a ACPI cache leak in cases where ACPI early termination occurs and the boot process continues. When earl...

Astra Linux – Vulnerability in NTP

The praecisparse function in ntpd/refclockpalisade.c, within NTP 4.2.8p15, contains an out-of-bounds write vulnerability. Any attack method would be complex, for example, using a manipulated GPS receiver...

Astra Linux – Vulnerability in libtar

The thread function does not free the variable t-thbuf.gnulonglink after allocating memory, which may lead to a memory leak...

Astra Linux – Vulnerability in python-webob

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user will be redirected to using Python’s urlparse function, and joining that parsed URL to the base URL. However, the...