Astra Linux - уязвимость в mariadb-10.3

It has been discovered that MariaDB Server v10.9 and earlier contains a use-after-free issue due to the Binarystring::freebuffer function at the /sql/sqlstring.h component...

Astra Linux - уязвимость в golang-golang-x-net, golang-1.15

In Go, before versions 1.15.12 and 1.16.x, and before version 1.16.4, net/http allowed remote attackers to cause a denial of service panic through a large header sent to ReadRequest or ReadResponse. This issue can affect the Server, Transport, and Client components in certain configurations...

Astra Linux - уязвимость в tar

GNU Tar version 1.34 has a one-byte out-of-bounds read operation, which allows for the use of uninitialized memory during a conditional jump. Exploitation to alter the control flow has not been demonstrated. The issue occurs in the fromheader section of the list.c file, due to a V7 archive where...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdtloader: Ensure that we do not read beyond the ELF header. When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand. However, this is not necessary for other clients. The size of the firmware...

Astra Linux - уязвимость в golang-1.15

In versions of Go prior to 1.15.13 and 1.16.x prior to 1.16.5, a crafted file count present in the archive’s header can lead to a panic in NewReader or OpenReader...

Astra Linux - уязвимость в tomcat9

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26, or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers by setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat would not reject requests containing an invalid Content-Length header. This...

Astra Linux - уязвимость в qtbase-opensource-src

A issue was discovered in Qt before version 5.15.14, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when such connections are explicit...

Astra Linux - уязвимость в python-urllib3

urllib3 is a user-friendly HTTP client library for Python. urllib3 does not treat the Cookie HTTP header specially or provides any helpers for managing cookies over HTTP; that responsibility lies with the user. However, it is possible for a user to specify a Cookie header, and information may be...

Astra Linux - уязвимость в ruby-rack

Rack is a modular Ruby web server interface. Carefully crafted headers may cause header parsing in Rack to take longer than expected, potentially leading to a denial-of-service issue. The Accept and Forwarded headers are affected. Ruby 3.2 includes fixes for this problem, so Rack applications tha...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: added vlangetprotocolanddepth helper. Previously, skbmaypull was used instead of skbheaderpointer in vlangetprotocol and related functions. Few calls relied on skb-head being populated with the MAC header. syzbot detected on...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: Incorrect arithmetic operations when fetching VLAN header bits. If the offset plus the length exceeds the range of the Ethernet + VLAN header, then the length is adjusted to copy the bytes that are within t...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driver for Tegra194, where random system crashes have been observed 0. The problem occurs when the split header...

Astra Linux - уязвимость в jetty9

Jetty is a Java-based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepted the + character that followed the content-length value in an HTTP/1 header field. This was more permissive than what is allowed by the RFC, and other servers routinely...

Astra Linux - уязвимость в thunderbird

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text is never displayed to the user. This is because the text is interpreted as a MIME message, and the first paragraph is always treated as part of an email header section. A digitally signed text...

Astra Linux - уязвимость в libde265

It was discovered that Libde265 v1.0.11 contains a segmentation violation through the function decodercontext::processSliceSegmentHeader in decctx.cc...

Astra Linux - уязвимость в nghttp2

nghttp2 is an implementation of the Hypertext Transfer Protocol Version 2 in C. The nghttp2 library prior to version 1.61.0 continued to read an unlimited number of HTTP/2 CONTINUATION frames even after a stream was reset, in order to keep the HPACK context synchronized. This caused excessive CPU...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Do not use BUGON in hfspluscreateattributesfile. When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplusfillsuper assumes that the attributes file has not yet been...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ipv4, ipv6: Fixed the handling of transhdrlen in ip,6appenddata. Including transhdrlen in the packet length is a problem when the packet is partially filled e.g., a sendMSGMORE operation occurred previously when appending to a...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: bpf, testrun: Fixed a use-after-free issue in ethskbpkttype. KMSAN reported a use-after-free issue in ethskbpkttype1. The cause of the issue was that ethskbpkttype accessed data from skb that did not contain an Ethernet header...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ipv4: Fixed uninit-value access in ipmakeskb KMSAN reported an uninit-value access in ipmakeskb. ipmakeskb tests HDRINCL to determine whether the skb contains icmphdr. However, HDRINCL can cause a race condition. If setsockopt...