40554 matches found
Astra Linux - уязвимость в apache2
In some modssl configurations on the Apache HTTP Server 2.4.35 through 2.4.63, it is possible for trusted clients to bypass access controls using TLS 1.3 session resumption. These configurations are affected when modssl is configured for multiple virtual hosts, with each virtual host being...
Astra Linux - уязвимость в containerd-app
Containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation, where a user may exhaust memory on the host due to goroutine leaks. This issue has...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fixed double-free on error For example, if the ataportalloc call in atahostalloc fails, we will jump to the errout label, which will call devresreleasegroup. devresreleasegroup will trigger a call to...
Astra Linux - уязвимость в qemu
A use-after-free flaw was discovered in the MegaRAID emulator of QEMU. This issue occurs during the processing of SCSI I/O requests when the mptsasfreerequest function fails to dequeue the request object ‘req’ from the pending requests queue. This flaw allows a privileged guest user to crash the...
Astra Linux - уязвимость в linux
A flaw was discovered in the KVM’s AMD code, responsible for supporting SVM nested virtualization. The flaw occurs during the processing of the VMCB virtual machine control block provided by the L1 guest, which is used to spawn or handle a nested guest L2. Due to improper validation of the “intct...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fixed a race condition in the DMA ring dequeue process The HCI DMA dequeue path hcidmadequeuexfer may be invoked for multiple transfers that time out at approximately the same time. However, this function is no...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: PCI: Fixed a reference leak in pciregisterhostbridge. If deviceregister fails, call putdevice to release the reference, thereby avoiding a memory leak, as indicated in the comment near deviceregister. Identified during code revie...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver data before invoking mipidsihostregister The call to mipidsihostregister triggers a callback to mtkdsibind, which uses devgetdrvdata to retrieve the mtkdsi structure. Therefore, this structure must...
Astra Linux - уязвимость в qemu
A NULL pointer dereference flaw was discovered in the floppy disk emulator of QEMU. This issue occurs when processing read/write ioport commands, especially if the selected floppy drive is not initialized using a block device. This flaw allows a privileged guest user to crash the QEMU process on...
Astra Linux - уязвимость в linux, linux-5.15
A flaw was discovered in cifs-utils. When attempting to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may result in the disclosure of sensitive data from the host’s Kerberos...
Astra Linux - уязвимость в pypy
Python versions 2.7.x through 2.7.16, and 3.x through 3.7.2 are affected by improper handling of Unicode encoding with an incorrect netloc during NFKC normalization. The impact is information disclosure—credentials, cookies, etc., that are cached against a given hostname. The affected components...
Astra Linux - уязвимость в qemu
A heap buffer overflow was discovered in the floppy disk emulator of QEMU up to version 6.0.0 inclusive. This issue could occur in the fdctrltransferhandler function in the hw/block/fdc.c file, during the processing of DMA read data transfers from the floppy drive to the guest system. A privilege...
Astra Linux - уязвимость в qemu
In QEMU 5.0.0, the hw/usb/hcd-ohci.c file contains an infinite loop when a TD list has a loop...
Astra Linux - уязвимость в samba
Samba does not validate the Validated-DNS-Host-Name property for the dNSHostName attribute, which may allow unprivileged users to modify it...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fmidi: fix MIDI Streaming descriptor lengths While the MIDI jacks are correctly configured, and the MIDIStreaming endpoint descriptors contain the correct information, the values of bNumEmbMIDIJack and bLength are se...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: octeonep: Fixed the issue where the host would hang during device reboot. When the host loses heartbeat messages from the device, the driver calls the device-specific ndostop function, which frees the resources. If the driver is...
Astra Linux - уязвимость в linux
The file arch/powerpc/kvm/book3srtas.c in the Linux kernel, as of version 5.13.5 on the PowerPC platform, allows KVM guest OS users to cause memory corruption in the host OS through rtasargs.nargs, also known as CID-f62f3c20647e...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: s390/dcssblk: fixed the kernel crash caused by corruption in listadd. The commit fb08a1908cb1 “dax: simplified the daxdevice gendisk association” introduced new logic for gendisk association, requiring drivers to explicitly ca...
Astra Linux - уязвимость в wget
In GNU Wget version 1.24.5, url.c handles semicolons in the userinfo subcomponent of a URI incorrectly. As a result, there may be insecure behaviors where data that should be within the userinfo subcomponent is misinterpreted as being part of the host subcomponent...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix error handling of scsihostalloc After a device is initialized using deviceinitialize, or its name is set using devsetname, the device must be freed using putdevice. Otherwise, the device name will be leaked becaus...