9198 matches found
Astra Linux – Vulnerability in rabbitMQ-server
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI through the rabbitmqfederationmanagement plugin, its consumer tag was rendered without proper tag sanitization. This potentially allows for...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: A crash occurred during the disabling of turbo mode. When the system is booted with the kernel command line arguments “nosmt” or “maxcpus” to limit the number of CPUs, disabling turbo mode by executing: echo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a deadlock in l2capconndel. The l2capconndel function calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the functions l2capinfotimeout and...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: clocksource: Use migratedisable to avoid calling getrandomu32 in an atomic context. The following bug report occurred with the PREEMPTRT kernel: - Bug: A sleeping function was called from an invalid context at...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. Upon startup, Redis begins listening on Unix sockets before adjusting its permissions according to the user-provided configuration. If a permissive umask value is used, this can create a race condition that allows another process to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: - ice: xsk: disabling TXQ interrupts before flushing hardware settings. - iceqpdis attempts to stop a given queue pair that is a target of xsk pool attach/detach. One of the steps involved disabling interrupts on these queues...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: scsi: smartpqi: Fix for disablemanagedinterrupts The issue with the registration of blk-mq using the module parameter “disablemanagedinterrupts” was corrected. When we disable the default PCIIRQAFFINITY flag, the driver needs ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: clk: Get runtime PM before walking the tree during disableunused. Doug reported 1 the following hung task: INFO: task swapper/0:1 was blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40eb8 1 “echo 0...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Networks: DSA: QCA8K: resetting the CPU port when the MTU changes. It was discovered that the documentation lacks a fundamental detail regarding how to correctly change the MAXFRAMESIZE of the switch. In fact, if the MAXFRAMESIZE...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/lima: Fix for shared interrupt handling during driver removal. lima uses a shared interrupt; therefore, the interrupt handlers must be prepared to be called at any time. During driver removal, the clocks are disabled early, a...
Astra Linux – Vulnerability in Squid
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials during error handling allowed information disclosure. This vulnerability allowed scripts to bypass browser security protections and obtain the credentials used by trusted...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: pinctrl: equilibrium: fixed the warning trace on load The callback functions ‘eqbrirqmask’ and ‘eqbrirqack’ are also called in the callback function ‘eqbrirqmaskack’. This is done to avoid source code duplication. The problem ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: block: Disable the elevator delgendisk. The elevator is only used for file system operations, which are halted during delgendisk. Disabling the elevator and freeing the scheduler tags should be moved to the end of delgendisk,...
Astra Linux – Vulnerability in Composer
Composer is a dependency manager for PHP. Users who publish a composer.phar file to a publicly accessible web server where the file can be executed as a PHP file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22, an...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disabling trampoline for kernel module function tracing The current implementation of BPF trampoline in LoongArch is incompatible with tracing functions in kernel modules. This causes several serious and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fixed the NULL crash caused by the shrinker function when cgroupdisable=memory is set. Christian reported a NULL dereference in zswap; he was able to trace the issue back to the zswap shrinker function. This issue also...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: - spi: rockchip: Fixed improper handling of runtime PM/system PM operations. The commit e882575efc77 “spi: rockchip: Suspend and resume the bus during NOIRQSYSTEMSLEEPPM ops” no longer respects the runtime PM status and simply...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Thermal: Intel: HFI – Added syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the hardware, which uses it to update the HFI table. This allocation occurs during boot and remain...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the f2fsbugon when uninstalling the filesystem, specifically the call to f2fsevict inode. Creating large files during the checkpoint disabling period results in insufficient free segments. When writing back the root...
Astra Linux – Vulnerability in rabbitMQ-server
RabbitMQ is a multi-protocol messaging broker. In rabbitMQ-server prior to version 3.8.17, adding a new user through the management UI could result in the user’s banner being displayed in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution...