Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Only send -ENOTCONN status if the client driver is available. For the STOP and RESET commands, only send the channel disconnect status -ENOTCONN if the client driver is available. Otherwise, it will result in a null...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fixed the field masks for the GENERICCMD register for IPA v5.0+. The field masks have been adjusted to match the hardware layout documented in downstream GSI GSIV30EEnGSIEEGENERICCMD. Notably, this fixes a warning that ...

Astra Linux - уязвимость в exuberant-ctags

A flaw was discovered in Exuberant Ctags regarding its handling of the "-o" option. This option specifies the tag filename. A specially crafted tag filename, specified either in the command line or in the configuration file, can lead to arbitrary command execution. This occurs because the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: fixed leaks when hcicmdsyncqueueonce fails When hcicmdsyncqueueonce returns an error, the destroy callback will not be called. Fixed the issue of leaking references/memory in cases where this error occurs...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 has an improper neutralization of line delimiters, which is relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can cause a new line to be inserted into a spool header file, thereby indirectly allowing unauthenticated...

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerabilities have been resolved: asixmdioread: Fix for uninit-value in asixmdioread. asixreadcmd may read less than sizeofsmsr bytes, and in this case, smsr will be uninitialized. Failure logs: BUG: KMSAN: uninit-value in asixcheckhostenable...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: Fixed a race condition in hcicmdsyncclear. There is a potential race condition in hcicmdsyncwork and hcicmdsyncclear, which could lead to use-after-free issues. For example, hcicmdsyncwork is added to the...

Astra Linux - уязвимость в openssh

In SSH in OpenSSH before version 9.6, OS command injection could occur if a user name or host name contained shell metacharacters, and this name was referenced by an expansion token in certain situations. For example, a untrusted Git repository might contain a submodule with shell metacharacters ...

Astra Linux - уязвимость в ansible

A flaw was discovered in Ansible 2.7.16 and earlier versions, as well as 2.8.8 and earlier versions, and 2.9.5 and earlier versions. When a password is set using the “password” argument of the svn module, it is used in the svn command line, thereby exposing it to other users within the same node...

Astra Linux - уязвимость в vim

This issue was used after the “free” keyword in the appendcommand function in the GitHub repository’s Vim/Vim version prior to 8.2.4895. This vulnerability can cause software to crash, as it involves bypassing the protection mechanism, modifying memory, and potentially enabling remote execution...

Astra Linux - уязвимость в qemu

A out-of-bounds write vulnerability was discovered in the virtio vhost-user GPU device vhost-user-gpu of QEMU in versions up to and including 6.0. This flaw occurs during the processing of the ‘VIRTIOGPUCMDGETCAPSET’ command from the guest. It could allow a privileged guest user to crash the QEMU...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed a possible use-after-free in the async command interface The mlx5cmdcleanupasyncctx function should only return after all its callback handlers are completed. Before this patch, there was a race between...

Astra Linux - уязвимость в openssl

The crehash script does not properly sanitize shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner that it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Input: iforce – wakes up after clearing the IFORCEXMITRUNNING flag. The syzbot reports a hung task at inputunregisterdevice, where iforceclose waits in waiteventinterruptible, with dev-mutex held, blocking inputdisconnectdevice...

Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. Versions 8.2.1 and earlier allow an authenticated user to use a specially crafted Lua script to read out-of-bounds data or cause the server to crash, resulting in a denial of service attack. This vulnerability exists in all...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Serialize sequence allocation under concurrent TLB invalidations With concurrent TLB invalidations, the completion wait timeouts occur randomly because the cmdsemval field was incremented outside of the IOMMU spinlock...

Astra Linux - уязвимость в ansible

A vulnerability was discovered in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, and 2.7.x before 2.7.16 and earlier. In these versions, the nxosfilecopy module of Ansible can be used to copy files to the flash or bootflash on NXOS devices. Malicious code could manipulate the...

Astra Linux - уязвимость в emacs

A vulnerability was discovered in GNU Emacs through version 28.2. The htmlfontify.el script has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir parameters come from external inputs, and these parameters are not escaped properly. If a...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate command request size In commit 2b9b8f3b68ed “ksmbd: validate command payload size”, except for the SMB2OPLOCKBREAKHE command, the request size of other commands is not checked—this is not expected. This issue was...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ublk: Fixed a race condition between iouringcmdcompleteintask and ublkCancelCmd. The ublkCancelCmd function calls iouringcmdDone to complete the uring command. However, we might have scheduled task operations via...