Apache HTTP Server 代码问题漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.66 and earlier have code vulnerabilities related to null...

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.66 and earlier have code vulnerabilities due to a null point...

CentOS 9 : krb5-1.21.1-10.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the krb5-1.21.1-10.el9 build changelog. - In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix for the condition effect bit clearing issue As reported by MPDarkGuy on Discord, NULL pointer dereferences occurred because not all conditional effect bits were cleared. Properly clear all conditional effect bits...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: dlink: handle copythresh allocation failure The driver did not handle the failure of netdevallocskbip-align. If the allocation fails, dereferencing skb-protocol could lead to a NULL pointer dereference. This patch attempts t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Signal: Allocate SSVE storage when restoring ZA The code used to restore a ZA context does not attempt to allocate the task’s svestate before setting TIFSME. As a result, restoring a ZA context may place the task in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: In libceph, the error from monhandleauthdone should be returned. Currently, any error from cephauthhandlereplydone is propagated via finishauth, but it is not returned from monhandleauthdone. This results in higher layers...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Platform/x86: hp-bioscfg: Fixed kernel panic in the GETINSTANCEID macro. The GETINSTANCEID macro caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: The loop condition used name without checking whether...

Astra Linux – Vulnerability in Linux

A NULL pointer dereference flaw was discovered in the Linux kernel’s GPU Nouveau driver functionality in versions prior to 5.12-rc1. This flaw allows a local user to crash the system. The flaw occurs when the user calls ioctl DRMIOCTLNOUVEAUCHANNELALLOC...

Astra Linux – Vulnerability in Harfbuzz

HarfBuzz is a text shaping engine. Prior to version 12.3.0, there was a null pointer dereference vulnerability in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check whether hbmalloc returns NULL before using placement new to construct an...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: phy: Fix for accessing an empty array when the phygetinternaldelay function is called, provided that the driver calls phygetinternaldelay without defining delayvalues, and rx-internal-delay-ps or tx-internal-delay-ps is...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fixed the potential null pointer dereferencing issue. It is possible that the topology parsing function audioreachwidgetloadmodulecommon might return NULL or an error pointer. A NULL check should be added ...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed a race condition between quota rescan and disabling quotas, which could lead to a NULL pointer derefrence. If one task attempts to start the quota rescan worker while another task attempts to disable quotas, we can e...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-card: Added a NULL check in imxcardprobe The devmkasprintf function returns NULL when memory allocation fails. Currently, imxcardprobe does not check for this case, which results in a NULL pointer being dereferenced. A...

Astra Linux – Vulnerability in binutils

A issue was discovered in elflinkinputbfd within elflink.c, part of the Binary File Descriptor BFD library also known as libbfd, as included in GNU Binutils 2.31. There is a NULL pointer dereferencing issue in elflinkinputbfd when it is used to find STTTLS symbols without a TLS section present. A...

Astra Linux – Vulnerability in sane-backends

A NULL pointer dereferencing in the saneiepsonnetread function in SANE backends before version 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, known as GHSL-2020-075...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Net: Do not write to msggetinq in the callee. A fix for NULL pointer dereferencing issues. msggetinq is an input field from the caller to the callee. Do not set it in the callee, as the caller may not clear it during struct reuse...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: kprobe: Fixed a potential nullptrdereference issue in traceeventfile in kprobeeventgentestexit. When tracegeteventfile fails, genkretprobetest will be assigned as the error code. If the kprobeeventgentest module is remov...

Astra Linux – Vulnerability in binutils

A NULL pointer dereference also known as SEGV at an unknown address 0x000000000000 was discovered in the workstuffcopytofrom function in cplus-dem.c within GNU libiberty, as part of the GNU Binutils 2.30 distribution. This issue can occur during the execution of objdump...

Astra Linux – Vulnerability in libjpeg-turbo

A crafted input file could cause a null pointer dereference in jcopysamplerows when processed by libjpeg-turbo...