Astra Linux – Vulnerability in Apache2

In some modssl configurations of the Apache HTTP Server, from versions up to 2.4.63, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session through a TLS upgrade. Only configurations that use “SSLEngine optional” to enable TLS upgrades are affected. Users a...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: Avoid potential underflow in qdiscpktleninit with UFO After committing 7c6d2ecbda83 “net: Be more gentle about silly GSO requests coming from user”, the virtionethdrtoskb function added sanity checks to detect malicious...

Astra Linux – Vulnerability in Chromium

In the incorrect security interface in the navigation section of Google Chrome on Android, prior to version 92.0.4515.131, a remote attacker was able to spoof the contents of the Omnibox URL bar through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page...

Astra Linux – Vulnerability in sudo

The “sudoedit” personality of Sudo before version 1.9.5 might allow a local unprivileged user to perform arbitrary directory existence tests by exploiting a race condition in the “sudoedit.c” code, which allows a user-controlled directory to be replaced with a symlink pointing to an arbitrary pat...

Astra Linux – Vulnerability in Chromium

The use of “after free” in Accessibility in Google Chrome before version 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Firefox and Thunderbird

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking, violating the WebAuthn goals. This vulnerability affect...

Astra Linux – Vulnerability in Linux, BlueZ

In the Bluetooth Core Specification 2.1 through 5.2, Bluetooth LE and BR/EDR secure pairing mechanisms may allow a nearby man-in-the-middle attacker to identify the Passkey used during pairing in the Passkey authentication procedure by reflecting the public key and the authentication evidence of...

Astra Linux – Vulnerability in libgcrypt20

The ElGamal implementation in Libgcrypt before version 1.9.4 allows plaintext recovery. This occurs because, during interaction between two cryptographic libraries, a dangerous combination of elements arises—specifically, the prime number defined by the receiver’s public key, the generator define...

Astra Linux – Vulnerability in Tomcat9

Path Equivalence: The use of ‘file.Name’ an internal dot notation can lead to Remote Code Execution, information disclosure, or the addition of malicious content to uploaded files via the write-enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page...

Astra Linux – Vulnerability in Thunderbird

Thunderbird ignored the configuration that required STARTTLS security for SMTP connections. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...

Astra Linux – Vulnerability in Firefox

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, if the IMA appraisal method is used with the “imaappraiselog” boot parameter, lockdown can be circumvented using kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents the “imaappraiselog” parameter from being set during boot, but this does not cover...

Astra Linux – Vulnerability in mbedtls

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS from 2.19.1 does not reduce the blinded scalar before computing the inverse. This allows a local attacker to recover the private key through side-channel attacks...

Astra Linux – Vulnerability in mbedtls

A vulnerability was discovered in Arm Mbed TLS before versions 2.16.6 and 2.7.x, prior to 2.7.15. An attacker who can obtain precise side-channel measurements can recover the long-term ECDSA private key by 1 reconstructing the projective coordinates of the result of scalar multiplication by...

Astra Linux – Vulnerability in libde265

It was discovered that libde265 v1.0.10 contains a NULL pointer dereferencing in the ffhevcputweightedpredavg8sse function located at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack through a crafted input file...

Astra Linux – Vulnerability in libde265

A buffer overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code through the SAO Sample Adaptive Offset processing of libde265...

Astra Linux – Vulnerability in binutils

There is a flaw in binutils /bfd/pef.c. An attacker who can submit a crafted input file for processing by the objdump program could cause a null pointer dereference. The greatest threat of this flaw is to the availability of the application. This flaw affects binutils versions prior to 2.34...