Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: afs: Fixed the delayed allocation of a cell’s anonymous key. The allocation of a cell’s anonymous key is performed in a background thread, along with other cell-related operations such as making DNS calls. In the reported bug, th...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: configfs: Fixed a possible memory leak in configfscreatedir. kmemleak: Reported memory leaks in configfscreatedir. - Unreferenced object 0xffff888009f6af00 size 192: Command “modprobe”, PID 3777, jiffies 4295537735 time 233.78...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: xen: Speed up grant-table reclaim When a grant entry is still in use by the remote domain, Linux must put it on a deferred list. Normally, this list is very short, because the PV network and block protocols expect the backend to...

Astra Linux - уязвимость в linux-astra-modules-5.4, linux-astra-modules-5.10

The vulnerability of the pdplPut function in the linux-astra-modules kernel module is related to the assignment of a null pointer. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ubi: Fixed a use-after-free issue when volume resizing failed. There is a use-after-free problem reported by KASAN: ========================================= BUG: KASAN: Use-after-free in ubiebacopytable+0x11f/0x1c0 Reading of si...

Astra Linux - уязвимость в linux, linux-5.10

An integer coercion error was detected in the openvswitch kernel module. When there are a sufficient number of actions, while copying and reserving memory for a new action of a new flow, the reservesfasize function does not return -EMSGSIZE as expected. This could potentially lead to an...

Astra Linux - уязвимость в python3.11, python3.7

The email module, specifically the “BytesGenerator” class, did not properly quote newlines for email headers when serializing an email message. This issue occurs only when using “LiteralHeader” to write headers that do not follow email folding rules. The new behavior will reject incorrectly folde...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: igb: Cleanup in all error paths when enabling SR-IOV After commit 50f303496d92 “igb: Enabling SR-IOV after reinit”, removing the igb module could cause a hang or crash depending on the machine when the module was loaded with t...

Astra Linux - уязвимость в containerd

Containerd is a container runtime. A bug was discovered in containerd versions prior to 1.4.8 and 1.5.4, where pulling and extracting a specially crafted container image could result in changes to Unix file permissions for existing files in the host’s filesystem. Changes to file permissions could...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fixed a fout leak in hbm's runbpfprog. Fixed the issue where fout was opened using fopen, but subsequently fclose wasn’t called. In the affected branch, fout otherwise would go out of scope...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: rcu/rcuscale: The kfreescalethread threads is stopped after unloading the rcuscale module. Running the ‘kfreercutest’ test case results in a fatal error. The root cause is that the kfreescalethread threads continues to run after...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/meson: Explicitly remove the aggregate driver at module unload time. Since componentmasterdel was not called when unloading the mesondrm module, the aggregate device would remain in the global aggregatedevices list...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ipmisi: fixed a memory leak in trysmiinit Kmemleak reported the following information regarding the memory leak in trysmiinit: Unreferenced object 0xffff00018ecf9400 size 1024: Command "modprobe", PID 2707763, jiffies 43008514...

Astra Linux - уязвимость в pymongo

A out-of-bounds read in the ‘bson’ module of PyMongo 4.6.2 or earlier allows for deserialization of malformed BSON data provided by the server, which can trigger an exception that may contain arbitrary application memory...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Counter: Interrupt-cnt: Remove the IRQFNOTHREAD flag An IRQ handler can either use IRQFNOTHREAD or acquire spinlockt. As noted by CONFIGPROVERAWLOCKNESTING: ============================= BUG: Invalid wait context 6.18.0-rc1+git...

Astra Linux - уязвимость в pcs

A flaw was discovered in the Pacemaker configuration tool pcs. The pcs daemon allowed expired accounts, as well as accounts with expired passwords, to log in when using PAM authentication. As a result, unprivileged expired accounts that had been denied access could still log in...

Astra Linux - уязвимость в ansible

A flaw in log handling was discovered in Ansible when using the uri module, which exposes sensitive data to content and json output. This flaw allows attackers to access logs or outputs of executed tasks, thereby enabling them to read keys used in playbooks from other users within the uri module...

Astra Linux – Vulnerability in Linux

Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in orde...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ipmi: Fixed UAF when uninstalling the ipmisi and ipmimsghandler modules Hi, During testing the installation and uninstallation of ipmisi.ko and ipmimsghandler.ko, the system crashed. The log message is as follows: 141.087026...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: core – Ensure that the LLD module reference count is set after the SCSI device is released. The SCSI host release is triggered when the SCSI device is freed. We must ensure that the low-level device driver module is not...