Astra Linux - уязвимость в libvncserver

It was discovered that the websockets.c file in LibVNCServer prior to version 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, resulting in a heap-based buffer overflow...

Astra Linux - уязвимость в linux, linux-5.10

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling ‘file’ pointer...

Astra Linux - уязвимость в edk2

EDK2’s Network Package is vulnerable to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of availability...

Astra Linux - уязвимость в firefox, thunderbird

Cross-compartment wrappers used to wrap a scripted proxy might have caused objects from other compartments to be stored in the main compartment, resulting in a “use-after-free” vulnerability. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...

Astra Linux - уязвимость в firefox, thunderbird

An attacker could have placed a datalist element to obscure the address bar. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linearpitchalignment even for VM Description Assign linearpitchalignment to prevent division by zero errors in VM environments...

Astra Linux - уязвимость в ffmpeg5

When decoding an OpenEXR file that uses DWAA or DWAB compression, there is an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy process will loop at 0 and 1, continuing to write until the next multiple of 8 is...

Astra Linux - уязвимость в ghostscript

A issue was discovered in Artifex Ghostscript prior to version 10.03.1. In the file psi/zmisc1.c, when SAFER mode is used, it allows the use of eexec seeds that deviate from the Type 1 standard...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fixed the warning about out-of-bounds read of mcdata...

Astra Linux - уязвимость в libde265

Libde265 v1.0.4 contains a heap buffer overflow in the putweightedbipred16fallback function, which can be exploited through a specially crafted file...

Astra Linux - уязвимость в firefox, thunderbird

When encoding data from an inputStream in xpcom, the size of the input being encoded was not correctly calculated, potentially leading to an out-of-bounds memory write. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Astra Linux - уязвимость в unbound

Unbound before version 1.9.5 allows for an integer overflow in the regional allocator through regionalalloc. NOTE: The vendor denies that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be exploited remotely or locally...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: fixed division by zero in ad7124setchannelodr In the ad7124writeraw function, the parameter val can potentially be zero. This may lead to a division by zero when DIVROUNDCLOSEST is called within...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed – fixed a double-free issue caused by devm. The clock obtained through devmclkgetenabled is automatically managed by devres. It will be disabled and freed when the driver is detached. Manual calls to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Do not attempt to trigger a full GT reset if there is a VF involved. VFs do not have access to the GDRST0x941c register, which is used by the driver to reset the GT. Attempt to trigger a reset using debugfs: bash $ cat...

Astra Linux - уязвимость в hwloc

A issue was discovered in open-mpi hwloc 2.1.0: attackers can cause a denial of service or other unspecified impacts through glibc-cpuset in topology-linux.c...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: udmabuf: fixed an overflow issue related to the buffer size during the creation of udmabuf. By casting sizelimitmb as a 64-bit value when calculating pglimit...

Astra Linux - уязвимость в xen

Potential speculative code storage bypasses exist in all supported CPU products. Combined with software vulnerabilities related to speculative execution of overwritten instructions, this could lead to incorrect speculation and potentially cause data leakage...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ntfs3: Treating $Extend records as regular files. Since the commit af153bb63a33 "vfs: catching invalid modes in mayopen" requires that any inode be of one of the types SIFDIR/SIFLNK/SIFREG/SIFCHR/SIFBLK/SIFIFO/SIFSOCK, use SIFREG...

Astra Linux - уязвимость в xrdp

XRDPT is an open-source remote desktop protocol RDP server. In affected versions, an integer underflow leading to a heap overflow in the SESMAN server allows any unauthenticated attacker who can access the SESMAN server locally to execute code as root. This vulnerability has been patched in versi...