Astra Linux - уязвимость в qt4-x11, qtbase-opensource-src

A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. When an SVG file containing an image is rendered, a QTextLayout buffer overflow can occur...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: fpga: fixed a potential null pointer dereferencing in fpgamgrtestimgloadsgt The fpgamgrtestimgloadsgt function allocates memory for sgt using kunitkzalloc. However, it does not check whether the allocation fails. It then passe...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: For the clk subsystem, in the qcom module, there is a issue where gcc-sm6350 uses parentmap for two clocks that actually doesn’t exist. If a clkrcg2 has a parent, it should also have the parentmap property defined. Otherwise, a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: igc: Do not fail igcprobe on LED setup errors When igcledsetup fails, igcprobe also fails, leading to a kernel panic in freenetdev. This occurs because unregisternetdev is not called. This behavior can be tested using the...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered The powersupply framework is not actually designed to have long references to powersupply devices in the kernel. Specifically, unregistering a powersuppl...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double-free caused by devm The clock obtained through devmclkgetenabled is automatically managed by devres. It will be disabled and freed when the driver is detached. Manual calls to clkdisableunprepare in th...

Astra Linux - уязвимость в ffmpeg

FFmpeg n7.0 is affected by a double-free issue through the rkmppretrieveframe function in libavcodec/rkmppdec.c...

Astra Linux - уязвимость в python-tornado

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the provided “reason” phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML on the default error page where it could be used for XSS attacks. This...

Astra Linux - уязвимость в python-tornado

In Tornado before version 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments of .RequestHandler.setcookie were not checked for crafted characters...

Astra Linux - уязвимость в qt4-x11, qtbase-opensource-src

A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.10, and in versions 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion...

Astra Linux - уязвимость в qt4-x11, qtbase-opensource-src

In Qt versions prior to 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there may be an application crash in QXmlStreamReader due to a crafted XML string, causing a situation where a prefix is greater than a certain length...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: pxa25xudc: Fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must be processed by calling dput; otherwise, a memory leak will occur over time. To simplify things, simp...

Astra Linux - уязвимость в ffmpeg

Buffer overflow vulnerability in FFmpeg 4.2, located in the convolutiony10bit section of libavfilter/vfvmafmotion.c, which could allow a remote malicious user to cause a Denial of Service attack...

Astra Linux - уязвимость в linux-5.10, linux

A vulnerability has been identified in the Linux kernel. It has been declared as problematic. The function “followpagepte” in the file “mm/gup.c” of the component BPF is affected by this vulnerability. This manipulation leads to a race condition. The attack can be launched remotely. It is...

Astra Linux - уязвимость в twisted

Twisted is an event-based framework for internet applications, compatible with Python 3.6+. Before version 22.2.0, Twisted’s SSH client and server implementations allowed accepting an infinite amount of data for the peer’s SSH version identifier. This resulted in a buffer that consumed all...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ipq8074: dont disable gccsleepclksrc Once the USB sleep clocks are disabled, the clock framework attempts to disable the sleep clock source as well. However, it seems that this attempt fails, resulting in the following...

Astra Linux - уязвимость в qtbase-opensource-src

In Qt 5.9.x through 5.15.x before 5.15.9, and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when it was not found in the PATH...

Astra Linux - уязвимость в ffmpeg

There is a heap-based Buffer Overflow vulnerability in FFmpeg 4.2, located in the file libavfilter/vffloodfill.c. This vulnerability may lead to memory corruption and other potential issues...

Astra Linux - уязвимость в libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker with sufficient rights to execute commands on the host by manipulating the input stream being processed. No users are affected as long as they follow...

Astra Linux - уязвимость в ffmpeg

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2, specifically in the libavcodec/getbits.h file, during the process of writing .mov files. This vulnerability may lead to memory corruption and other potential issues...