Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smackfs: Restrict bytes count in smksetcipso Oops, I failed to update the subject line. From: 07571157c91b98ce1a4aa70967531e64b78e8346 Date: Mon, 12 Apr 2021 22:25:06 +0900 Subject: PATCH smackfs: Restrict bytes count in...

Astra Linux - уязвимость в haproxy

A vulnerability related to information leaks was discovered in HAProxy versions 2.1, 2.2 before 2.2.27, 2.3, and 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, and 2.7 before 2.7.1. There are 5 bytes that are not initialized in the connection buffer when encoding the FCGIBEGINREQUEST...

Astra Linux - уязвимость в binutils

A vulnerability, classified as problematic, was discovered in GNU Binutils up to version 2.43. This vulnerability affects the disassemblebytes function in the file binutils/objdump.c. Manipulation of the buf argument leads to a stack-based buffer overflow. The attack can be initiated remotely. Th...

Astra Linux - уязвимость в rustc

In the standard library of Rust before 1.52.0, there was an optimization for joining strings that could cause uninitialized bytes to be exposed or the program to crash if the borrowed string changed after its length was checked...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fixed an issue where PCM OSS buffer allocation might overflow. We have received reports of situations where INTMAX is exceeded during memory allocation using vmalloc. This issue occurs when the sndpcmplugalloc function...

Astra Linux - уязвимость в openssl

Issue Summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes may leave the final partial block unencrypted and unauthenticated. Impact Summary: The last 1–15 bytes of a message may be exposed in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: spi-mem: A fix was added to avoid a division error. For some SPI flash memory operations, dummy bytes are not required. For example, in Winbond SPINAND flash memory devices, the writecache and updatecache operations do not...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: NFS: Do not corrupt the value of pgbyteswritten in nfsdorecoalesce The value of mirror-pgbyteswritten should only be updated after a successful attempt to flush out the requests on the list...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mtreportfixup A malicious HID device can trigger a slab out-of-bounds during mtreportfixup by passing in a report descriptor that is smaller than 607 bytes. mtreportfixup attempts...

Astra Linux - уязвимость в cups-filters

“cups-filters” contains backends, filters, and other software required to make the cups printing service work on operating systems other than macOS. In “cups-filters” before version 1.28.18, an attacker could create a PDF file with a high value for “MediaBox”, causing the “pdftoraster” tool in...

Astra Linux - уязвимость в p7zip

The NtfsHandler.cpp NTFS handler in 7-Zip before version 24.01 for 7zz contains a heap-based buffer overflow vulnerability. This vulnerability allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512i-2, where i ranges from 9, 10, 11, etc...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: usb: aqc111: Fixed error handling of usbnet read calls Syzkaller, with the help of syzbot, identified an error in the aqc111 driver. This error was caused by incomplete sanitization of the results of usbnet read calls. Th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Corrected the allocation size for bytes controls. The size of the data behind scontrol-ipccontroldata for bytes controls is as follows: 1 sizeofstruct sofipc4controldata + // kernel-only struct 2...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa – Mitigation of integer overflows in DIVROUNDUP. Herbert notes that DIVROUNDUP may cause overflows unnecessarily if the -keysize callback of an ecdsa implementation returns an unusually large value. Instead, Herbert...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protection against buffer overflows in struct qibusersdmapkt fields Overflows in addrlimit or bytestogo can allow the user space to trigger a buffer overflow of kernel memory. Check for overflows in all places where...

Astra Linux - уязвимость в python-rsa

In Python-RSA before version 4.1, leading '\0' bytes are ignored during the decryption of ciphertext. This could potentially have security-related implications, such as allowing an attacker to infer that an application uses Python-RSA. Alternatively, the length of the accepted ciphertext may affe...

NLnet Labs Unbound 缓冲区错误漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. In versions 1.6.2 to 1.25.0 of NLnet Labs Unbound, there is a buffer error vulnerability. This vulnerability stems from a potential stack overflow during the DNSCrypt packet reading process. Malicious attackers can...

kernel: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg

In the Linux kernel, the following vulnerability has been resolved: tcpbpf: Fix the skmemuncharge logic in tcpbpfsendmsg The current sk memory accounting logic in SKREDIRECT is pre-uncharging tosend bytes, which is either msg-sg.size or a smaller value applybytes. Potential problems with this...

CLSA-2026-1779125894 php: Fix of 7 CVEs

CVE-2026-7258: fix out-of-bounds read in urldecode via signed-char to ctype.h GHSA-m8rr-4c36-8gq4 - CVE-2026-6722: fix stale SOAPGLOBAL refmap pointer with Apache Map GHSA-85c2-q967-79q5 - CVE-2026-7259: fix null pointer dereference in phpmbcheckencoding via mberegsearchinit GHSA-wm6j-2649-pv75 -...

CLSA-2026-1779123410 jq: Fix of 8 CVEs

CVE-2026-40164: randomize hash seed to mitigate hash collision DoS - CVE-2026-40612: limit containment check depth - CVE-2026-41256: fix NUL truncation in program files loaded with -f - CVE-2026-41257: fix signed-int overflow in stackreallocate - CVE-2026-43894: cap numeric literal length to...