Astra Linux - уязвимость в linux-5.10

A flaw was discovered in the IPv6 module of the Linux kernel. The arg.result parameter was not used consistently in fib6rulelookup; sometimes rt6info was used, and other times fib6info. This issue was not accounted for in other parts of the code, where rt6info was expected to be used...

Astra Linux - уязвимость в ansible

A flaw was discovered in the Ansible Engine when using the moduleargs feature. Tasks executed with the --check-mode option do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The greatest threat posed by this vulnerability is...

Astra Linux - уязвимость в ansible

A flaw was discovered in the solariszone module from the Ansible Community modules. When setting the name of a zone on the Solaris host, the zone name is checked by listing the process using the ‘ps’ command on the remote machine. An attacker could exploit this flaw by creating a fake zone name a...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: pcie: fix possible NULL pointer dereference It is possible that iwlpciprobe will fail and free the trans structure. After that, iwlpciRemove will be called, but it will crash when trying to access a trans structure...

Astra Linux - уязвимость в apache2

Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in modproxyajp of the Apache HTTP Server allows an attacker to secretly send requests to the AJP server to which the server forwards requests. This issue affects the Apache HTTP Server version 2.4.53 and...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to prevent race conditions during the fsyncentryslab access by multiple f2fs filesystem instances. As reported by syzbot, there is a use-after-free issue during f2fs recovery: A use-after-free occurs when...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: igb: A potential invalid memory access issue has been fixed in igbinitmodule. The pciregisterdriver function may fail. When this occurs, the dcanotifier needs to be unregistered. Otherwise, the dcanotifier can be called when igb...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: gpio: aggregator: Protect driver attr handlers against module unload Both newdevicestore and deletedevicestore interact with module global resources e.g., gpioaggregatorlock. To prevent race conditions during module unloading,...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The rcubarrier function was called in ksmbdserverexit. The bug is triggered due to racing between closing a connection and the rmmod operation. In ksmbd, rcubarrier is not called at the time of module unloading, so nothing...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: USB: Roles – Fixed NULL pointer issue when referencing the module’s reference. In the current design, the USB role class driver will obtain a reference to the module of the usbroleswitch object after the user selects the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iavf: Fixed error handling in iavfinitmodule. iavfinitmodule no longer destroys the workqueue when pciregisterdriver fails. Call destroyworkqueue when pciregisterdriver fails to prevent resource leaks. This is similar to the...

Astra Linux - уязвимость в linux, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Media: PCI: cx23885: Check the cx23885vdevinit return value. cx23885vdevinit may return a NULL pointer, but that pointer is used in the next line without any checks. Add a check for NULL values, and proceed with error handling if...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Input: i8042 – fixed the issue of platform device leakage during module removal. Avoid resetting the i8042platformdevice pointer across modules in i8042probe or i8042remove, so that the device can be properly destroyed by i8042ex...

Astra Linux - уязвимость в edk2

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privileges, denial of service, and/or information disclosure through physical access...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: powerpc64/ftrace: fixed the issue of module loading without patchable function entries. getstubssize assumes that there must always be at least one patchable function entry, which is not always the case modules that export dat...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerabilities have been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hexadecimal numbers or similar elements. However,...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: fixed a double-free issue during the unloading of the amdgpu module Flexible endpoints use DIGs from available inflexible endpoints; therefore, only the encoders of inflexible links need to be freed. Otherwise...

Astra Linux - уязвимость в python3.11, python2.7, python3.7, pypy

The email module in Python, as of version 3.11.3, incorrectly parses email addresses that contain special characters. The incorrect portion of the RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism by allowing access to...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ftrace: A regression was fixed related to the module command in stacktracefilter. When executing the following command: echo "write:mod:ext3" /sys/kernel/tracing/stacktracefilter The current mod command causes a null pointer...

Astra Linux - уязвимость в dcmtk

In DCMTK, versions prior to 3.6.9 have a segmentation fault due to an invalid DIMSE message...