Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: skb: Fixed the cross-cache free of KFENCE-alocated skb heads. The value of SKBSMALLHEADCACHESIZE is intentionally set to a non-power-of-2 value e.g., 704 on x8664 to avoid collisions with generic kmalloc bucket sizes. This...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fixed invalid dereferencing of indirect CCW data pointers. The issue involved fixing invalid dereferencing of indirect CCW data pointers in the dasdeckddumpsense function. This caused kernel panic in certain error case...

Astra Linux - уязвимость в chromium

The use of BFCache in Google Chrome before version 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в thunderbird

The encrypted subject of an email message may be incorrectly and permanently assigned to another arbitrary email message in Thunderbird’s local cache. As a result, when replying to the contaminated email message, the user may accidentally expose the confidential subject to a third party. While th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: calling btrfsremovefreespacecachelocked on cache load failure Now that lockdep is kept enabled throughout our CI processes, I noticed the following stack trace in generic/475: ------------ Cut here --- WARNING: CPU: 1 PID:...

Astra Linux - уязвимость в guava-libraries

There is a vulnerability related to the creation of temporary directories in all versions of Guava. An attacker with access to the system can potentially access data stored in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir. By default, on Unix-like systems...

Astra Linux – Vulnerability in Flask

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client’s session...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: dm cache: Fixed UAF in destroy Dmcache also has the same UAF issue when dmresume and dmdestroy are executed concurrently. Therefore, the timer is cancelled again in destroy...

Astra Linux - уязвимость в gnupg1

Libgcrypt before version 1.7.8 is vulnerable to a cache-side-channel attack that can lead to a complete failure of the RSA-1024 algorithm. This attack occurs when the left-to-right method is used for computing the sliding-window expansion. It is believed that the same attack also works on the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/shmem: Disabling the PMD-sized page cache if needed For shmem files, it’s possible that the PMD-sized page cache cannot be supported by xarray. For example, a 512MB page cache on ARM64 when the base page size is 64KB cannot...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscryptencryptpagecacheblocks error The function movedirtyfolioinpagearray was created by the commit ce80b76dd327 "ceph: introduce cephprocessfoliobatch method". The code for this function was moved from...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: In the net:sock section, there is a fix for a panic that occurs during the sockrecverrqueue function when the hardenedusercopy feature is enabled. The skbufffclonecache structure was created without defining a usercopy region...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed the reference leak in nfsd4addrdaccesstowrdeleg. The nfsd4addrdaccesstowrdeleg function overwrites fp-fifdsORDONLY unconditionally with a newly acquired nfsdfile. However, if the client already has a SHAREACCESSREA...

Astra Linux - уязвимость в unbound

NLnet Labs Unbound, including version 1.16.1, is vulnerable to a new type of “ghost domain name” attack. The vulnerability operates by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain,...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fixed a race condition when skipping swapcache When skipping swapcache for SWPSYNCHRONOUSIO, if two or more threads swap the same entry at the same time, they may obtain different pages A, B. Before one thread T0 finishe...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Cache streams targeting the link when performing LT automation. REASON The last LT automation update could cause a crash by referencing currentstate and calling dcupdateplanesandstream, which might corrupt...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: move the initialization of the reply cache cache counters back into nfsdinitnet The commit f5f9d4a314da “nfsd: move the reply cache initialization into nfsd startup” moved the initialization of the reply cache into nfsd...

Astra Linux - уязвимость в python-django, python2.7

Packages containing “python/cpython” from versions 0 and earlier, including 3.6.13, 3.7.0 and earlier than 3.7.10, 3.8.0 and earlier than 3.8.8, 3.9.0 and earlier than 3.9.2, are vulnerable to Web Cache Poisoning via “urllib.parse.parseqsl” and “urllib.parse.parseqs”. This vulnerability occurs du...

Astra Linux - уязвимость в linux, linux-5.10

Certain Arm Cortex and Neoverse processors, as of 2022-03-08, do not properly prevent cache speculation, also known as Spectre-BHB. Attackers can exploit the shared branch history in the Branch History Buffer BHB to influence mispredicted branches. As a result, cache allocation may allow attacker...

Astra Linux - уязвимость в bind9

BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND supports the following preview editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26-S1 Versions of BIND 9 that are earlier than those shown—going back to 9.1.0, including the supported preview editions—are also believed to be affected, b...