Astra Linux - уязвимость в libssh

A flaw was discovered in the libssh API function sshscpnew, in versions prior to 0.9.3 and prior to 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a path provided by the user, is executed on the server side. If the library is used in a way that allows user...

Astra Linux - уязвимость в emacs

A command injection flaw was discovered in the text editor Emacs. This flaw could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirec...

Astra Linux - уязвимость в qemu

A flaw was discovered in the QEMU implementation of VMWare’s paravirtual RDMA device. The issue arises when handling the “PVRDMACMDCREATEMR” command due to improper memory remapping mremap. This flaw allows a malicious guest to crash the QEMU process on the host. The greatest threat posed by this...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/xe: Added a bounds check on patindex to prevent out-of-bounds kernel reads in madvise. When the user provides a bogus patindex value through the madvise IOCTL, the xepatindexgetcohmode function performs an array access...

Astra Linux - уязвимость в imagemagick

ImageMagick versions before 6.9.11-40 and 7.x before 7.0.10-40 mishandle the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized, allowing additional shell commands to be injected through...

Astra Linux - уязвимость в python3.11, python3.7

The poplib module, when a user-controlled command is passed to it, can have additional commands injected using newlines. Mitigation rejects commands that contain control characters...

Astra Linux - уязвимость в imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a potential security issue involving infinite recursion in the MSL Magick Scripting Language command when writing to MSL format. Version 7.1.2-13 addresses this issue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix device management cmd timeout flow In the UFS error handling flow, the host will send a device management command NOP OUT to the device to recover the link. If this command times out and clearing the device...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed use-after-free issue Fixed a potential use-after-free in l2caplecommandrej...

Astra Linux – Vulnerability in snmptt

Before version 1.4.2 of SNMPTT, attackers could execute shell code through EXEC, PREXEC, or unknowntrapexec...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: hinic: fixed the issue of CMDQ memory leaks. When hinicsetcmdqdepth fails in hinicinitcmdqs, the CMDQ memory is not released correctly. This issue has been fixed...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fixed a flow memory leak in ovsflowcmdnew Syzkaller reported a memory leak in ovsflowcmdnew, as the memory allocated for the flow command does not get freed when an allocation fails. Bug: Memory leak. Unreferenc...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fixed a possible NULL pointer dereference in ufshcdaddcommandTrace. The kernel log indicates a crash in ufshcdaddcommandTrace due to a NULL pointer dereference when accessing hwq-id. This can occur if...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw exists in the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue arises from the lack of proper locking when performing operations on an object. An attacker can...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: removing redundant scheduler job cleanup when CS aborts Once the command submission fails due to an invalid userptr in amdgpucssubmit, legacy code will perform cleanup of scheduler jobs. However, this is completely...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: ucsiacpi: The command completion timeout has been increased. The commit 130a96d698d7 “usb: typec: ucsi: acpi: Increase command completion timeout value” increased the timeout from 5 seconds to 60 seconds due to issues relate...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device; this value can be any number between 0 and 255. To prevent out-of-bounds access, a...

Astra Linux - уязвимость в librabbitmq

A vulnerability was discovered in the C AMQP client library also known as rabbitmq-c for RabbitMQ in versions up to 0.13.0. credentials can only be entered via the command line e.g., for amqp-publish or amqp-consume, and therefore they are visible to local attackers who can list processes along...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmc: Fixed a memory leak in amdpmcstbdebugfsopenv2. The function amdpmcstbdebugfsopenv2 may be called when the STB debug mechanism is enabled. When amdpmcsendcmd fails, the ‘buf’ variable needs to be released...

Astra Linux - уязвимость в wheel

A vulnerability was discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier. This vulnerability allows remote attackers to cause a denial of service by using attacker-controlled input to the wheel cli...