Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/client: Fixed a memory leak in drmclientmodesetprobe. When a new mode is set to modeset-mode, the previous mode should be freed. This fixes the following kmemleak reports: drmmodeduplicate+0x45/0x220 drm...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed a race condition that occurred due to concurrent opens during the rename2 operation. In addition to sending the rename request to the server, the rename process also involves closing any deferred closes, waitin...

Astra Linux - Vulnerability in Golang-1.19

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With this fix, the HTTP/1 client will now refuse to send requests that contain an invalid Request.Host or Request.URL.Host value...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK products of Oracle Java SE component: Networking. The supported versions affected by this vulnerability are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3....

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbuscore Fixed NULL pointer dereferencing. The i2cclient function is now used in pmbusisenabled, thereby removing the assumption that a regulator device is passed as an argument. This fixes the issue of NULL pointer...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/client: fixed the null pointer dereference in drcmclientmodesetprobe. In drcmclientmodesetprobe, the return value of drcmmodeduplicate is assigned to modeset-mode, which may lead to a NULL pointer dereference if...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: Added a NULL check in automountfullpath. The page is checked for being null in buildpathfromdentryoptionalprefix when tcon-originfullpath is not set. However, this check is omitted when it is set. A check was added t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Only send -ENOTCONN status if the client driver is available. For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if the client driver is available. Otherwise, it will result in a null...

Astra Linux – Vulnerability in gnutls28

A timing side-channel vulnerability in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be used to recover the key encrypted in the RSA ciphertext across a network, in a Bleichenbacher-style attack. To successfully decrypt the data, the attacker would...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42completecopies On the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server. Accidentally, the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: Client: Fixed issue where reference counting of @ses was missed. Use the new cifssmbsesincrefcount helper function to obtain an active reference to @ses and @ses-dfsrootses if set. This will prevent @ses-dfsrootses from...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/client: Do not destroy NULL modes. The modes in drcmclientmodesetprobe may fail to be allocated using kcalloc. If this occurs, we jump to out, and modesDestroy is called on it. This action will dereference modes. This could...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: w1: fixed NULL pointer dereferencing in the probe. The w1uartprobe function calls w1uartserdevopen which includes devmserdevdeviceopen before setting the client ops via serdevdevicesetclientops. This order can lead to a NULL...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a malicious RDP server could trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input AUDIN format lists. The audinprocessformats function reuses the callback-formatscount...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed an oops due to uninitialized variables in smb2unlink. If SMB2openinit or SMB2closeinit fails e.g., due to reconnection, the iovs structure @rqst may remain uninitialized. As a result, calling SMB2openfree,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fixed an out-of-bounds read in cifssanitizeprepath. When cifssanitizeprepath is called with an empty string or a string containing only delimiters e.g., /, the current logic attempts to check cursor2 - 1 before...

Astra Linux – Vulnerability in isc-dhcp

In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 Other branches of ISC DHCP e.g., releases in the 4.0.x series or earlier, and releases in the 4.3.x series are beyond their End-of-Life period and are no longer supported by ISC. It is clear that this defect is also present in releases...

Astra Linux – Vulnerability in PostgresSQL 11

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries during the initial establishment of a connection, despite the use of SSL certificate verification and encryption...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the URBDRC client used server-supplied interface numbers as array indices without bounds checks, resulting in a out-of-bounds read in libusbudevselectinterface. This vulnerability has been fixed in version...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb: Client: Fixed a potential Use-after-Free UAF in smb2isnetworknamedeleted. Skipped sessions that are being terminated status == SESEXITING to avoid UAF...