Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: igc: Fix the PTM cycle trigger logic Writing to clear the “valid” bit of the PTM status while the PTM cycle is triggered results in unreliable PTM operations. To address this issue, clear the PTM “trigger” and status after each P...

Astra Linux – Vulnerability in connman

A stack-based buffer overflow in dnsproxy in ConnMan prior to version 1.39 could be exploited by network-adjacent attackers to execute malicious code...

Astra Linux – Vulnerability in sane-backends

A heap buffer overflow in SANE backends before version 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, known as GHSL-2020-084...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: 2D. The supported versions affected by this vulnerability are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fixed a deadlock that occurred during netdev reset with active connections. This issue was addressed by preventing the deadlock that occurs when the netdev function is executed during a device reset while RDMA...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfsd: Fixed the reference count leak in nfsdsetfhdentry. nfsd exports a “pseudo root filesystem” which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3 uses th...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: suppress non-changes to the tagging protocol The way dsatreechangetagproto works is as follows: When dsatreenotify fails, it does not know whether the operation failed midway through a multi-switch tree, or it...

Astra Linux – Vulnerability in openjdk-11

A vulnerability exists in the Oracle Java SE and Oracle GraalVM Enterprise Edition products developed by Oracle Java SE component: Hotspot. The versions affected include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. This easily exploitable...

Astra Linux – Vulnerability in cups-filters

“cups-filters” contains backends, filters, and other software required to make the cups printing service work on operating systems other than macOS. If you use the Backend Error Handler beh to create an accessible network printer, this security vulnerability can lead to remote code execution. The...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mac802154: fixed the missing INITLISTHEAD in ieee802154ifadd. The kernel fault injection test reports a NULL pointer dereference as follows: BUG: NULL pointer dereferencing in the kernel; address: 0000000000000008 RIP:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Avoid invalid reads in irdmanetevent. The irdmanetevent function should not dereference anything from “neigh” alias “ptr” until it has checked that the event is of type NETEVENTNEIGHUPDATE. Other events are pointed to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanclassallocatedev – The spin lock in struct mcanclassdev is not being initialized. This causes issues with spinlocks, as seen in complaints from the kernel, such as when trying to send CAN frames using cansend from...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbmod: Skip non-Ethernet packets Currently, tcfskbmodact assumes that packets use Ethernet as their L2 protocol, which is not always the case. For example, for CAN devices: bash $ ip link add dev vcan0 type vcan $ ...

Astra Linux – Vulnerability in Network-Manager

It was found that nmcli, a command-line interface for NetworkManager, does not honor the 802-1x.ca-path and 802-1x.phase2-ca-path settings when creating a new profile. When a user connects to a network using this profile, authentication does not occur, and the connection is made insecurely...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ax25: Fixed the reference count leak issue of netdevice. There is a reference count leak issue with the object “netdevice” in ax25devdevicedown. When the ax25 device is being shut down, ax25devdevicedown reduces the reference cou...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: NFS: Issues with the LTP test failing when timestamps are delegated have been fixed. The utimes01 and utime06 tests fail when delegated timestamps are enabled, especially in subtests that modify the atime and mtime fields using t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: Handling of integer overflows in kmallocreserve The committed change was as follows: c ptr = kmallocsize; if ptr size = ksizeptr; size = kmallocsizeroundupsize; ptr = kmallocsize; This caused various crashes, as reported ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: Use a static NDP16 location within the URB. The original code allowed the start of NDP16 to be anywhere within the URB, based on the wNdpIndex value in NTH16. Only the start position of NDP16 was checked, which ma...

Astra Linux – Vulnerability in sane-backends

A out-of-bounds read in SANE backends before version 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, known as GHSL-2020-082...

Astra Linux – Vulnerability in qtbase-opensource-src

A issue was discovered in Qt before version 5.15.14, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security HSTS header, allowing unencrypted connections to be established, even when such connections are explicit...