529520 matches found
Astra Linux – Vulnerability in libssh
A flaw was discovered in libssh versions built with OpenSSL versions older than 3.0. The issue lies with the sshkdf function, which is responsible for key derivation. Due to inconsistent interpretation of return values, OpenSSL uses 0 to indicate failure, while libssh uses 0 for success. As a...
Astra Linux – Vulnerability in libpng1.6
LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Starting from version 1.6.0 until 1.6.51, there was a heap buffer over-read vulnerability in the libpng’s pngwriteimage8bit function when processing 8-bit images...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: netrom: Fixed a memory leak in nrsendmsg. syzbot reported a memory leak 1. When the function sockallocsendskb returns NULL in nroutput, the original skb is not freed. This skb was allocated in nrsendmsg. This issue was fixed b...
Astra Linux – Vulnerability in p7zip
7-Zip is a file archiver with a high compression ratio. Versions 26.00 and earlier contained a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer GetCuSize shift UB. This vulnerability could allow attackers to execute arbitrary code or cause...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: skbuff: The SKBFLSHAREDFRAG bit was not properly propagated through the frag-transfer helpers. Two frag-transfer helpers pskbcopyfclone and skbshift fail to propagate the SKBFLSHAREDFRAG bit in skbshinfo-flags when moving...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Bonding: Fixed type confusion in bondsetupbyslave Kernel bug at net/core/skbuff.c:2306! Oops: Invalid opcode: 0000 1 SMP KASAN NOPTI RIP: 0010:pskbexpandhead+0xa08/0xfe0, net/core/skbuff.c:2306 RSP: 0018:ffffc90004aff760, EFLAGS:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables – Release flowtable after the rcu grace period with an error. The function synchronizercu is called after unregistering the hooks from the error path. This is because a hook that already references this...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fixed improper handling of the SPDIFI1 index. The SPDIF1 DAIO type is not properly handled in the daiodeviceindex function for hw20k2; this led to the return of -EINVAL, which resulted in an out-of-bounds array acces...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: The issue of double-free of the fcport has been completely fixed. In the function qla24xxelsdcmdiocb, sp-free is set to qla2x00elsdcmdspfree. When an error occurs, this function is called by qla2x00sprelease, where...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: The hardcoded hdr2len parameter was replaced with the offsetof function in smb2calcmaxoutbuflen. After this commit e2b76ab8b5c9 "ksmbd: add support for read compound", the management of response buffers was changed to use ...
Astra Linux – Vulnerability in util-linux
The wall function in util-linux up to version 2.40 is often installed with setgid and tty permissions. This allows escape sequences to be sent to other users’ terminals via argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocke...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: mana: The use-after-free issue in manahwcdestroychannel has been fixed by reordering the teardown process. There is a potential race condition in manahwcdestroychannel. In this situation, hwc-callerctx is freed before the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not redirect packets with invalid pktlen Syzbot identified an issue 1: the fqcodel Drop function attempts to drop a flow without any SKBs, that is, when flow-head is null. The root cause, as described in 2, is that the...
Astra Linux – Vulnerability in Firefox
The developer’s page for about:memory includes a Measure function for exploring which object types the browser has allocated and their sizes. When this function was invoked, we incorrectly called the sizeof function instead of using the API method that checks for invalid pointers. This...
Astra Linux – Vulnerability in Qemu
QEMU 5.0.0 has a heap-based Buffer Overflow in the flatviewreadcontinue function in exec.c, as hw/sd/sdhci.c improperly handles a write operation in the SDHCBLKSIZE case...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: KEYS: Trusted – Do not use WARN when encode fails When asn1encodesequence fails, using WARN is not the correct solution. 1. asn1encodesequence is not an internal function located in lib/asn1encode.c. 2. Its location is known,...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: uprobes: Fixed a kernel information leak via “uprobes” virtual memory. The xoladdvma function maps the uninitialized page allocated by createxolarea into user space. On some architectures x86, this memory is readable even...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/mremap: Fixed the WARN message emitted by uffd when remap events are disabled. Registering userfaultd on a VMA that spans at least one PMD, and then using mremap to remap that VMA, may trigger a WARN message when recovering fr...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid potential deadlocks. The function f2fstrylockop was used in f2fswritecompressedpages to prevent potential deadlocks, just as we did in f2fswritesingledatapage...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: block: RCU protection for disk-convzonesbitmap It is ensured that revalidating a disk by changing the conventional zones bitmap does not cause invalid memory references when using the diskzoneisconv helper function, with RCU...