Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double-free caused by devm The clock obtained through devmclkgetenabled is automatically managed by devres. It will be disabled and freed when the driver is detached. Manual calls to clkdisableunprepare in th...

Astra Linux - уязвимость в python-tornado

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the provided “reason” phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML on the default error page where it could be used for XSS attacks. This...

Astra Linux - уязвимость в qt4-x11, qtbase-opensource-src

A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. When an SVG file containing an image is rendered, a QTextLayout buffer overflow can occur...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: fpga: fixed a potential null pointer dereferencing in fpgamgrtestimgloadsgt The fpgamgrtestimgloadsgt function allocates memory for sgt using kunitkzalloc. However, it does not check whether the allocation fails. It then passe...

Astra Linux - уязвимость в python-tornado

In Tornado before version 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments of .RequestHandler.setcookie were not checked for crafted characters...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: igc: Do not fail igcprobe on LED setup errors When igcledsetup fails, igcprobe also fails, leading to a kernel panic in freenetdev. This occurs because unregisternetdev is not called. This behavior can be tested using the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: For the clk subsystem, in the qcom module, there is a issue where gcc-sm6350 uses parentmap for two clocks that actually doesn’t exist. If a clkrcg2 has a parent, it should also have the parentmap property defined. Otherwise, a...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered The powersupply framework is not actually designed to have long references to powersupply devices in the kernel. Specifically, unregistering a powersuppl...

Astra Linux - уязвимость в ffmpeg

FFmpeg n7.0 is affected by a double-free issue through the rkmppretrieveframe function in libavcodec/rkmppdec.c...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: pxa25xudc: Fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must be processed by calling dput; otherwise, a memory leak will occur over time. To simplify things, simp...

Astra Linux - уязвимость в ffmpeg

Buffer overflow vulnerability in FFmpeg 4.2, located in the convolutiony10bit section of libavfilter/vfvmafmotion.c, which could allow a remote malicious user to cause a Denial of Service attack...

Astra Linux - уязвимость в twisted

Twisted is an event-based framework for internet applications, compatible with Python 3.6+. Before version 22.2.0, Twisted’s SSH client and server implementations allowed accepting an infinite amount of data for the peer’s SSH version identifier. This resulted in a buffer that consumed all...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ipq8074: dont disable gccsleepclksrc Once the USB sleep clocks are disabled, the clock framework attempts to disable the sleep clock source as well. However, it seems that this attempt fails, resulting in the following...

Astra Linux - уязвимость в qt4-x11

A issue was discovered in Qt between versions 5.12.9, 5.13.x, and 5.15.x up to 5.15.1. The readxbmbody function in gui/image/qxbmhandler.cpp has a buffer over-read issue...

Astra Linux - уязвимость в exim4

Before version 4.97.1, Exim allowed SMTP smuggling in certain pipeline/chunking configurations. Remote attackers could use a known exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, thereby bypassing an SPF protection mechanism. This issue arises because Exim...

Astra Linux - уязвимость в python-tornado

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and earlier use an inefficient algorithm when parsing parameters for HTTP header values, which may lead to Denial-of-Service attacks. The parseparam function in httputil.py is used to parse specific HTTP header...

Astra Linux - уязвимость в ffmpeg

There is a heap-based Buffer Overflow vulnerability in FFmpeg 4.2, located in the file libavfilter/vfvmafmotion.c, within the convolutiony8bit module. This vulnerability could allow a remote malicious user to cause a Denial of Service attack...

Astra Linux - уязвимость в ffmpeg

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2, specifically in the libavcodec/getbits.h file, during the process of writing .mov files. This vulnerability may lead to memory corruption and other potential issues...

Astra Linux - уязвимость в libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker with sufficient rights to execute commands on the host by manipulating the input stream being processed. No users are affected as long as they follow...

Astra Linux - уязвимость в ffmpeg

There is a heap-based Buffer Overflow vulnerability in FFmpeg 4.2, located in the file libavfilter/vffloodfill.c. This vulnerability may lead to memory corruption and other potential issues...