Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k: Handle lock during peerid find The ath12kpeerfindbyid function requires that the caller holds the ab-baselock. Currently, the WBM error path does not hold the lock, and calling that function leads to the following...

Astra Linux – Vulnerability in qtbase-opensource-src

A issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read issue due to a crafted reply from a DNS server...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace the fake VLA at the end of vbvamousepointershape with a real VLA. Replace the fake VLA at the end of the vbvamousepointershape structure with a real VLA to fix a “memcpy: detected field-spanning write error...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mptcp: handles DDS corruption consistently. The buggy peer implementation can send corrupted DSS options, consistently causing several warnings in the data path. Use DEBUGNET assertions to avoid errors on some builds and to handl...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fbdev: sh7760fb: A possible memory leak has been fixed in sh7760fballocmem. When information such as info-screenbase is not ready, calling sh7760fbfreemem does not release the memory correctly. Instead, call dmafreecoherent...

Astra Linux – Vulnerability in the 389-DS-base

A flaw has been discovered in 389-ds-base versions 1.4.x.x prior to 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker who can view the screen or record the terminal’s standard error outpu...

Astra Linux – Vulnerability in the 389-DS-base

A flaw was discovered in the ‘deref’ plugin of 389-ds-base, where it could use the ‘search’ permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: hns3: add vlan list lock to protect vlan list When adding port base VLAN, vf VLAN need to remove from HW and modify the vlan state in vf VLAN list as false. If the periodicity task is freeing the same node, it may cause "use...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpbasemss. When reading sysctltcpbasemss, it can be changed concurrently. Therefore, we need to add READONCE to its readers...

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 7.x, 8.x, 9.2.27 and earlier, 9.3.26 and earlier, and 9.4.16 and earlier, the server running on any operating system and Jetty version combination will display a 404 error in the output, indicating that no Context matching the requested path was found. The default server...

Astra Linux – Vulnerability in gst-plugins-base1.0

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the gstopusdecparseheader function within gstopusdec.c. The pos array is a stack-allocated buffer of size 64. If nchannels exceeds 64, the for loop will write beyond the...

Astra Linux – Vulnerability in gst-plugins-base1.0

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parselrc function within gstsubparse.c. The parselrc function calls strchr to find the character ‘’ in the string line. The pointer returned by this call ...

Astra Linux – Vulnerability in gst-plugins-base1.0

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2readsynchuint function, located in id3v2.c. If id3v2readsynchuint is called with a null work-hdr.framedata, the pointer guint8 data is accessed without validatio...

Astra Linux – Vulnerability in slapi-nis

A flaw was discovered in slapi-nis in versions prior to 0.56.7. A NULL pointer dereferencing during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The greatest threat from this vulnerability is to system availability...

Astra Linux – Vulnerability in Node-Elliptic

The Elliptic package 6.5.7 for Node.js, in its ECDSA implementation, does not correctly verify valid signatures when the hash contains at least four leading 0 bytes, and when the order of the elliptic curve’s base point is smaller than the hash, due to an truncateToN anomaly. This results in vali...

Astra Linux – Vulnerability in mbedtls

A vulnerability was discovered in Arm Mbed TLS prior to version 2.24.0. An attacker can obtain a private key for RSA or static Diffie-Hellman through a side-channel attack targeting the generation of base blinding/unblinding values...

Astra Linux – Vulnerability in Firefox and Thunderbird

When injecting an HTML base element, some requests will ignore the CSP’s base-uri settings and instead accept the base-uri setting of the injected element. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

Astra Linux – Vulnerability in Linux

In various methods of kernel-based drivers, there is a possibility of an out-of-bounds write due to a heap buffer overflow. This could lead to a local escalation of privileges, requiring system execution privileges. User interaction is not required for exploitation. Product: Android Versions:...

Astra Linux – Vulnerability in gst-plugins-base1.0

GStreamer PGS File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack...

Astra Linux – Vulnerability in GhostScript

In Artifex Ghostscript version 10.01.0, there is a buffer overflow that may lead to corruption of data within the PostScript interpreter, specifically in the bcp/sbcp.c file. This issue affects functions such as BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled just...