Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscryptencryptpagecacheblocks error The function movedirtyfolioinpagearray was created by the commit ce80b76dd327 "ceph: introduce cephprocessfoliobatch method". The code for this function was moved from...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: skb: Fixed the cross-cache free of KFENCE-alocated skb heads. The value of SKBSMALLHEADCACHESIZE is intentionally set to a non-power-of-2 value e.g., 704 on x8664 to avoid collisions with generic kmalloc bucket sizes. This...

Astra Linux - уязвимость в unbound

NLnet Labs Unbound, including version 1.16.1, is vulnerable to a new type of “ghost domain name” attack. The vulnerability operates by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain,...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fixed a race condition when skipping swapcache When skipping swapcache for SWPSYNCHRONOUSIO, if two or more threads swap the same entry at the same time, they may obtain different pages A, B. Before one thread T0 finishe...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fixed the issue of a reference leak during queue teardown in version 2. The user mode queue maintains a pointer to the most recent fence in userq-lastfence. This pointer retains an additional dmafence reference...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mm: Use memallocnofssave in pagecacheraorder See commit f2c817bed58d “mm: Use memallocnofssave in readahead path”. Ensure that pagecacheraorder does not attempt to reclaim file-backed pages too often, as this can lead to a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Fixed the allocation of the cleanest CLOSID on platforms without monitors. Commit: 6eac36bb9eb0 “x86/resctrl: Allocate the cleanest CLOSID by searching for the CLOSID with the fewest dirty cache lines” Added logic th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fixed invalid dereferencing of indirect CCW data pointers. The issue involved fixing invalid dereferencing of indirect CCW data pointers in the dasdeckddumpsense function. This caused kernel panic in certain error case...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: In the net:sock section, there is a fix for a panic that occurs during the sockrecverrqueue function when the hardenedusercopy feature is enabled. The skbufffclonecache structure was created without defining a usercopy region...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: - In the net subsystem, do not delay the execution of dstentriesadd within dstrelease. - dstentriesadd uses data per-core that might be freed during the dismantling of ip6routenetexit, by calling dstentriesdestroy. Before...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: A NULL pointer dereferencing issue was addressed when splitting folio objects. The commit c010d47f107f “mm: thp: splitting huge pages into lower-order pages” introduced a preliminary check on the order of the folio...

Astra Linux - уязвимость в python-django, python2.7

Packages containing “python/cpython” from versions 0 and earlier, including 3.6.13, 3.7.0 and earlier than 3.7.10, 3.8.0 and earlier than 3.8.8, 3.9.0 and earlier than 3.9.2, are vulnerable to Web Cache Poisoning via “urllib.parse.parseqsl” and “urllib.parse.parseqs”. This vulnerability occurs du...

Astra Linux - уязвимость в squid

In versions 4.14 and 5.x through 5.0.5, in some configurations, the Squid vulnerability allows information disclosure due to an out-of-bounds read in the WCCP protocol data. This vulnerability can be exploited as part of a chain for remote code execution, as there is no one to stop such attacks...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfs: Call invalidatecache only if implemented Many filesystems such as NFS and Ceph do not implement the invalidatecache method. On those filesystems, if writing to the cache NETFSWRITETOCACHE fails for some reason, the kernel...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ipv6: fixed a memory leak in fib6rulesuppress The kernel causes a memory leak when a fib rule is present in IPv6 nftables firewall rules, and when a suppressprefix rule is present in the IPv6 routing rules used by certain tools...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm: cachestat: fixed two shmem bugs When cachestat on shmem overlaps with swapping and invalidation, there are two possible bugs: 1 A swapin error may result in a corrupted swap entry in the shmem inode’s xarray. Calling...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: DM integrity: Error in the call to kmemcachedestroy in dmintegrityinit. Otherwise, the journaliocache will be leaked if dmregistertarget fails...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: md/raid5-cache: fixed a deadlock in r5lexitlog. The commit b13015af94cf “md/raid5-cache: Clear conf-log after finishing work” introduced a new problem: // The caller holds reconfigmutex r5lexitlog flushwork&log-disablewritebackwo...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: F2FS: Invalidating the dentry cache when whiteout creation fails F2FS allows for the mounting of file systems with corrupted directory depth values that are clamped to MAXDIRHASHDEPTH at runtime. When RENAMEWHITEOUT operations ar...

Astra Linux - уязвимость в python-bottle

Packages from versions 0 and before 0.12.19 are vulnerable to Web Cache Poisoning, due to a mechanism called “parameter cloaking”. When attackers can separate query parameters using a semicolon ;, they can create a discrepancy in the interpretation of requests between the proxy running with defau...