Astra Linux - уязвимость в glibc

nscd: Stack-based buffer overflow in netgroup cache If the fixed-size cache of the Name Service Cache Daemon nscd is exhausted due to client requests, then a subsequent client request for netgroup data may lead to a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cach...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fixed cache corruption in regcachemaple Drop. When retaining the upper bound of a cache block entry, the entry array must be indexed by the offset from the base register of the block, i.e., max - mas.index. The...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: A missing check was fixed to avoid NULL dereferencing. cacheent could potentially be set to NULL inside virtiogpucmdgetcapset, which would lead to a NULL dereferencing due to its recent use i.e., ptr =...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: removed BUGON functions in addnewfreespace In addnewfreespace, there are BUGON functions that are used to handle any failures in adding free space to the in-memory free space cache. Such failures are mostly due to ENOME...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: arm64: Errata: Add a workaround for speculative unprivileged loads on Cortex-A520. Implement the workaround according to erratum 2966298 for ARM Cortex-A520. On an affected Cortex-A520 core, a speculative unprivileged load may le...

Astra Linux - уязвимость в bind9

Every named instance configured to run as a recursive resolver maintains a cache database that holds the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; i...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not drop the extentmap for the inode of free space during a write error. While running the CI for an unrelated change, I encountered the following panic: with generic/648 on btrfsholesspacecache. The assertion failed:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: In the net, neigh module, do not trigger immediate probes on NUDFAILED from neighmanagedwork. The syzkaller was able to trigger a deadlock for NTFMANAGED entries: - kworker/0:16/14617 is trying to acquire a lock: -...

Astra Linux - уязвимость в chromium

The incorrect security UI in BFCache in Google Chrome prior to version 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в sssd

A flaw was discovered in SSSD, where the sssctl command was vulnerable to shell command injection through the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into executing a specially crafted sssctl command, such as using sudo, in order to gain root...

Astra Linux - уязвимость в chromium

A heap buffer overflow in BFCache in Google Chrome prior to version 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm, swap: Fixed a potential UAF issue related to VMA readahead. Since commit 78524b05f1a3 “mm, swap: avoiding redundant swap device pinning”, the common helper function for allocating and preparing a swap entry in the swap cache...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix for out-of-bounds punch offset Punching a hole with a start offset that exceeds maxend is not allowed. This will result in a negative length in the truncateinodepartialfolio function when truncating the page cache,...

Astra Linux - уязвимость в mbedtls

Before version 2.16.5 of Arm Mbed TLS, attackers could obtain sensitive information an RSA private key by monitoring cache usage during an import process...

Astra Linux - уязвимость в qemu

A flaw was discovered in the memory management API of QEMU during the initialization of a memory region cache. This issue could lead to an out-of-bounds write access to the MSI-X table while performing MMIO operations. A malicious user could exploit this flaw to crash the QEMU process on the host...

Astra Linux - уязвимость в linux, linux-5.15

A flaw was discovered in cifs-utils. When attempting to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may result in the disclosure of sensitive data from the host’s Kerberos...

Astra Linux - уязвимость в linux, linux-5.10

A vulnerability has been discovered in the Linux kernel and is classified as critical. The affected part of the code is the function areacacheget in the file drivers/net/ethernet/netronome/nfp/nfpcore/nfpcppcore.c, belonging to the IPsec component. This vulnerability occurs due to improper memory...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Split the initial and dynamic conditions for extentcache. Let’s allocate the extentcache tree without dynamic conditions to avoid a panic caused by a missing condition, as shown below. Create a file with a compressed fla...

Astra Linux - уязвимость в squid

Squid is a caching proxy for the Web. Due to a bug related to expired pointer references, Squid versions prior to 6.6 were vulnerable to a Denial of Service attack targeting error responses from the Cache Manager. This vulnerability allowed a trusted client to cause a Denial of Service attack by...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed issues with space cache corruption and potential double allocations. When testing spacecache v2 on a large set of machines, we encountered several issues: 1. Errors of the type “unable to add free space :-17”...