RLSA-2025:3367 Important: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: net:...

CVE-2026-40975

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

CLSA-2025-1751297888 Update of shim-signed

Make this package installable on a system having an either Cloudlinux or RHEL7 signed kernel - SBAT variables are used now...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358 – ensure that CBR is set correctly. It was discovered that some devices have the CBR address set to 0, causing kernel panic when archsyncdmaforcpuall is called. This issue occurs when the system is booted fro...

Astra Linux - уязвимость в u-boot

A issue was discovered in Das U-Boot during the period from 2019.07. There is an unbounded memcpy operation when parsing a UDP packet, due to an underflow of the netprocessreceivedpacket integer value during the ncinputpacket call...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: “Reapply ‘drm/qxl: simplify qxlfencewait’” This change reverts to the commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reported: “I tried running my tests on my virtual machines, but the tests failed upon boot-up...

Astra Linux - уязвимость в grub2

The GRUB2’s shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules being loaded in GRUB2, thereby breaking the secure boot trust-chain...

Astra Linux - уязвимость в u-boot

A issue was discovered in Das U-Boot during the period from 2019.07. There is an unbounded memcpy operation with a failed length check at nfsreadreply, when calling storeblock in the NFSv2 case...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Fixed the handling of the RTAS MSRHV for the Cell architecture. The recent changes in MSR handling when entering RTAS firmware caused crashes on IBM Cell machines. An example trace is as follows: The kernel attempte...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Ensure that the IPI buffer fits within the L2TCM. The location of the IPI buffer is determined from the firmware that we load into the System Companion Processor. It is not guaranteed that both the SRAM size...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate BOOT recordsize When the NTFS BOOT recordsize field is less than 0, it represents a shift value. However, there is no sanity check on the shift result, and the sbi-recordbits calculation using blksizebits assum...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2 in versions prior to 2.06, where it incorrectly enabled the use of the ACPI command when Secure Boot was enabled. This flaw allows an attacker with privileged access to create a Secondary System Description Table SSDT containing code that can overwrite the Linux...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007loadencoder In go7007loadencoder, the variable bounce i.e., go-bootfw is allocated without subsequent deallocation. After the following call chain: saa7134go7007init | | - go7007bootencoder |...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fixed error handling for num-channels/ees When there is no clock specified in the device tree, there is no way to ensure that the BAM is enabled. This often occurs for remotely controlled or remotely...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mm: Move page table sync declarations to linux/pgtable.h During our internal testing, we began observing intermittent boot failures when the machine uses 4-level paging and has a large amount of persistent memory: BUG: Unable to...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module that serves as a dependency without checking whether any other dependent modules are still loaded, leading to a “use-after-free” scenario. This could allow arbitrary code to be...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Viawdt: fixed a critical boot hang caused by unnamed resource allocation. The VIA watchdog driver uses allocateresource to reserve a MMIO region for the watchdog control register. However, the allocated resource was not given a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Remove the “MHI autoqueue” feature for IPCR DL channels. The MHI stack provides the “autoqueue” feature, which allows the MHI stack to automatically queue buffers for the RX path DL channels. Although this feature...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Block devices with logical block size page size will be rejected when THP is disabled. If THP is disabled and there are block devices with logical block size page size, the following nullptrderef panic occurs during boot: 13.2 mK...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: x86/i8259: Legacy PIC interrupts are marked with IRQLEVEL. Baoquan reported that after triggering a crash, the subsequent crash-kernel fails to boot about half of the time. This occurs due to a NULL pointer dereference in the...