github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

Vulnerabilities found in Microsoft Windows

Microsoft has published measures to address a vulnerability in Windows operating systems that could allow malicious individuals to access data encrypted via BitLocker. The vulnerability involves bypassing a security feature in Windows, known as “YellowKey”. A proof of concept is available that...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: Improved error handling for ext4dirhash The ext4dirhash function almost never fails, especially since the “hash tree” feature was first introduced. However, with the addition of support for encrypted, case-folded file names...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ubifs: Memory freed for the tmpfile name When opening a ubifs tmpfile in an encrypted directory, the function fscryptsetupfilename allocates memory for the name that will be stored in the directory entry. However, after the name ...

Astra Linux - уязвимость в linux-5.10

A flaw was discovered in the Linux kernel. The existing KVM SEV API contains a vulnerability that allows a non-root host user-level application to crash the host kernel by creating a confidential guest VM instance in an AMD CPU that supports Secure Encrypted Virtualization SEV...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Mapping EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. To prevent this memory from being reused by the kernel after ExitBootServices, efimemreserve is...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ubifs: A memory leak was fixed in the dorename function. When renaming a file in an encrypted directory, the function fscryptsetupfilename allocates memory for the file name. This name is never actually used, and before returning...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2, where its configuration file, known as grub.cfg, is created with the wrong permission set, allowing non-privileged users to read its contents. This represents a minor confidentiality issue, as those users could potentially access any encrypted passwords contained i...

Astra Linux - уязвимость в docker.io

Moby is an open-source container framework developed by Docker Inc. It is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component, known as “dockerd”, is commonly referred to as Docker. Swarm Mode is a built-in container...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Rejects attempts to synchronize VMSA of a vCPU that has already been launched/encrypted. Synchronize the vCPU state with its associated VMSA if the vCPU has already been launched, that is, if the VMSA has already been...

Astra Linux - уязвимость в docker.io

Moby is an open-source container framework developed by Docker Inc. It is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component, “dockerd”, which was developed as “moby/moby”, is commonly referred to as Docker. Swarm Mode, whi...

Astra Linux - уязвимость в thunderbird

If a MIME-encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only certain parts of the message are protected. This vulnerability affects Thunderbird versions earlier than 78.10.2...

Astra Linux - уязвимость в edk2

The example of an encrypted private key in EDK2, present in the IpSecDxe.efi, may pose potential security risks...

Astra Linux - уязвимость в firefox, thunderbird

An attacker was able to cause memory corruption in the GMP process, which handles encrypted media. This process is also highly sandboxed, but it operates with slightly different privileges compared to the content process. This vulnerability has been fixed in Firefox 142, Firefox ESR 115.27, Firef...

Astra Linux - уязвимость в qtbase-opensource-src

A issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code that makes security-related decisions regarding established connections may execute prematurely, because the encrypted signal has not yet been...

Astra Linux - уязвимость в docker.io

Moby is an open-source container framework developed by Docker Inc. It is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component, dockerd, which is developed as moby/moby, is commonly referred to as Docker. Swarm Mode, which is...

Astra Linux - уязвимость в thunderbird

The encrypted subject of an email message may be incorrectly and permanently assigned to another arbitrary email message in Thunderbird’s local cache. As a result, when replying to the contaminated email message, the user may accidentally expose the confidential subject to a third party. While th...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle protected guests properly in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g., SEV-ES and SEV-SN...

Astra Linux - уязвимость в linux

A vulnerability was discovered in the Linux kernel before version 5.9. Arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service soft lockup by triggering the destruction of a large SEV VM, which requires unregistering many encrypted regions. This vulnerability is also known as...