Astra Linux - уязвимость в cups

OpenPrinting CUPS is an open-source printing system. In versions 2.4.2 and earlier, a heap buffer overflow vulnerability existed, which allowed a remote attacker to launch a Denial-of-Service DoS attack. This vulnerability was present in the formatlogline function. Exploitation of this...

Astra Linux - уязвимость в ansible

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, and ansible-engine 2.6.19 were logging at the DEBUG level. This led to the disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: crashdump: Do not log the bytes of the dm-crypt key in readkeyfromuserkeying. When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload, thereby partially exposing the dm-crypt key. Stop loggi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fixed an issue where the peerid of 0 was not found when the connection was disconnected. There is a failure log for this issue, located at ath11kdprxprocessmonstatus. When debugmask is not set to ATH11KDBGDATA, no l...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: jfs: xattr: fixed buffer overflow for invalid xattr values. When the xattr size is not as expected, it is printed out to the kernel log in hexadecimal format as a form of debugging. However, when that xattr size is larger than...

Astra Linux - уязвимость в binutils

Heap buffer overflow vulnerability in binutils’ readelf before version 2.40, caused by the displaydebugsection function in the readelf.c file...

Astra Linux - уязвимость в linux-6.1, linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed a use-after-free bug in cifsdebugdataprocshow Skipped SMB sessions that are being terminated e.g., @ses-sesstatus == SESEXITING in cifsdebugdataProcShow to avoid use-after-free in @ses. This fixes the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Firmware: armscmi: Account for failed debug initialization. When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. This fault condition should be...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: dma-debug: Do not call dmaentryalloccheckleak under freeEntriesLock. dmaEntryallocCheckleak calls into printk, which results in serial console output qcom GenI. It also grabs portLock under freeEntriesLock. This involves a...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: time/debug: A memory leak was fixed by using debugfslookup. When calling debugfslookup, the result must be processed with dput, otherwise a memory leak will occur over time. To simplify things, simply call debugfslookupandremove,...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: dbg-tlv: Ensure NUL termination The iwlfwiunidebuginfotlv is used as a string; therefore, we must ensure that the string is terminated correctly before using it...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Fixed NULL access in the assignchannelcontexthandler function. Currently, when the ath12kmacassignviftovdev function fails, the radio handle is accessed from the link VIF handle arvif for debugging purposes. Thi...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Set the correct AMDGPU sg segment limitation. The driver needs to set the correct maxsegmentsize; otherwise, debugdmamapsg will complain about the over-mapping of the AMDGPU sg length as follows: WARNING: CPU: 6 PID:...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Avoid a system hang caused by debug registers when suspended. Attempting to read /sys/kernel/debug/dri/1/hdmi1 regs when the HDMI connection is disconnected results in a fatal system hang. This issue arises due to...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: – The faulty behavior of the mm:resolvefaultymmapregion function has been fixed. The mmapregion function is quite problematic; its control flow is complex and messy, and there are numerous ways in which issues can arise. This...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: In the bpf code, the spacketpullreason function may trigger a “splat” instruction. This issue occurs frequently in syzkaller builds where CONFIGDEBUGNET=y is enabled. We want to retain this debug check because it might indicate...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fixed a memory leak when CONFIGDEBUGOBJECTS=y is enabled. After a pcidoetask completes, its workstruct needs to be destroyed to avoid a memory leak when CONFIGDEBUGOBJECTS=y is set...

Astra Linux - уязвимость в etcd

An authentication vulnerability has been discovered in Etcd-io v.3.4.10. This vulnerability allows remote attackers to escalate privileges through the debug function...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mptcp: handles DDS corruption consistently. The buggy peer implementation can send corrupted DSS options, consistently causing several warnings in the data path. Use DEBUGNET assertions to avoid errors on some builds and to handl...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixed a deletion race condition A system crash occurred when using the debug kernel due to corruption of the link list. The cause of the link list corruption was that session deletion was allowed to be queued...