Astra Linux - уязвимость в squid

A issue was discovered in Squid before version 4.15 and 5.x before version 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack targeting all clients using the proxy. A client sends an HTTP Range request to trigger this vulnerability...

Astra Linux - уязвимость в djvulibre

A out-of-bounds write vulnerability was discovered in DjVuLibre, specifically in the function DjVU::DjVuTXT::decode in DjVuText.cpp. A crafted DjVU file can trigger this issue, leading to a crash or segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: The BUG function call has been removed after failing to insert a delayed directory index entry. Instead of calling BUG when we fail to insert a delayed directory index entry into the delayed node’s tree, we can simply...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: clk: hisilicon: hi3559a: A mistake in the devmkfree function has been fixed. 'pclk' is an array allocated just before the for loop for all clk elements that need to be registered. This array is incremented at each loop iteration...

Astra Linux - уязвимость в linux-5.10

A flaw was discovered in the pfnswapentrytopage function within the memory management subsystem of the Linux kernel. In this flaw, an attacker with local user privileges may cause a denial-of-service attack due to a BUG statement that references pmdt x...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: lib/fonts: Fixed undefined behavior in bit shifting for getdefaultfont. Shifting a signed 32-bit value by 31 bits is undefined; therefore, the significant bit was changed to unsigned. The UBSAN warning “calltrace” is as follow...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ext4: Add a check for reserved GDT blocks We have identified a NULL pointer issue when resizing a corrupted ext4 image that has recently had the resizeinode feature disabled without running e2fsck. This issue can be reproduced by...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: jfs: fixed an array-index-out-of-bounds issue in dbFindLeaf. Currently, when searching for dmtreet to find sufficient free blocks, there is a situation where an array index goes out of bounds during the retrieval of elements from...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: arm64/mm: fixed an issue where incorrect filemapcount values were stored for non-leaf pmd/puds. The page table check trigger BUGON occurred unexpectedly when collapsing hugepages. ---------- Cut here ------------ Kernel BUG at...

Astra Linux - уязвимость в tiff

A null source pointer passed as an argument to the memcopy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, a fix is available in the commit...

Astra Linux - уязвимость в tiff

LibTIFF 4.4.0 contains an out-of-bounds read vulnerability in tiffcrop, located at line 3592 of tools/tiffcrop.c. This vulnerability allows attackers to cause a denial-of-service attack through a malicious tiff file. For users who compile LibTIFF from source code, the fix is available in the comm...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Split the initial and dynamic conditions for extentcache. Let’s allocate the extentcache tree without dynamic conditions to avoid a panic caused by a missing condition, as shown below. Create a file with a compressed fla...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevented a kernel bug in submitbhwbc A bug has been fixed where nilfsgetblock returns a successful status when searching for and inserting the specified block both times fail inconsistently. If this inconsistent behavior...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: jbd2: Avoid the bugon in jbd2journalgetcreateaccess when the file system is corrupted. The issue occurs when the file system is corrupted: ------------ Cut here --- Kernel BUG at fs/jbd2/transaction.c:1289! Oops: Invalid opcod...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed a race condition in devmap on PREEMPTRT kernels. On PREEMPTRT kernels, the per-CPU xdpdevbulkqueuebq can be accessed concurrently by multiple preemptible tasks on the same CPU. The original code assumes that bqenque...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: zonefs: fixed zonefsiomapbegin for reads. If a readahead operation is issued on a sequential zone file with an offset that exactly equals the current file size, the iomap type is set to IOMAPUNWRITTEN, which will prevent any I/O...

Astra Linux - уязвимость в chromium

Before version 94.0.4606.71, using Safebrowsing in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: Ensure waiting for page writeback in memoryfailure. Our syzkaller triggers "BUGON!listempty&inode-iwblist" in clearinode: - Kernel bug at fs/inode.c:519: Internal error; Oops – Bug: 0 1 SMP. - Modules linked in...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Fixed the BUGON in the probe function. The snddmabuffer.bytes field now contains the aligned size, which this sndBUGON did not account for, resulting in the following issue: 9.625915 ------------ Cut here ----------...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: crypto: afalg – Fixed an issue where initialisation was missing, affecting gcm-aes-s390. Fixed the afalgallocareq function to initialize areq-firstrsgl.sgl.sgt.sgl to point to the scatterlist array in areq-firstrsgl.sgl.sgl...