34548 matches found
Astra Linux – Vulnerability in Squid
Squid encounters issues with the improper handling of ASN.1 encoding for long SNMP OIDs in version 7.1. This issue occurs in the asnbuildobjid function within lib/snmplib/asn1.c...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mm/slub: Avoid accessing metadata when the pointer is invalid in objecterr. objecterr reports details about an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is invalid, attempti...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fixed a situation where a NULL pointer was dereferenced. The LRU mechanism may look up a resource during the process of removing it from an object. The locking rules for this operation are somewhat unclear, but it...
Astra Linux – Vulnerability in libjettison-java
A stack overflow in Jettison prior to v1.5.2 allowed attackers to cause a Denial of Service DoS attack through crafted JSON data...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cachefiles: corrected the incorrect dentry reference count in cachefilescull. The patch mentioned below changed cachefilesburyobject to expect two references to the ‘rep’ dentry. Three of the caller functions were changed to use...
Astra Linux – Vulnerability in Zabbix
The implementation of atob in "Zabbix JS" allows for creating a string with arbitrary content and using it to access internal properties of objects...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/nouveau: Avoid a use-after-free when BO init fails nouveauboinit is backed by ttmboinit and passes its return value back to the caller. In case of failures, ttmboinit invokes the provided destructor, which should...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: Do not break the lifecycle of vmdev. vmdev has a separate lifecycle because it has a struct device embedded within it. Therefore, having a release callback for it is correct. However, allocating the vmdev structure...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix bootup splat with separategpudrm modparam The drmgemforeachgpuvmbo call from lookupvma accesses drmgemobj.gpuva.list, which is not initialized when the drm driver does not support DRIVERGEMGPUVA feature. Enable it fo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/panthor: Fixed a UAF in the panthorgemcreatewithhandle function’s debugfs code. The object may potentially have already been deleted after the drmgemobjectput call. In general, the object should be fully constructed before...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: MIPS: Do not crash in stacktop for tasks without an ABI or vDSO Not all tasks have an ABI associated with them, or a vDSO mapped to them. For example, kthreads never have such an ABI. If such a task calls stacktop, it will...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: binder: a check for offset alignment was added in bindergetobject. Commit 6d98eb95b450 “binder: avoid potential data leakage when copying txn” introduced changes to the way binder objects are copied. As a result, the offset...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: phonet/pep: refusal to enable an unbound pipe The ioctl function implicitly assumed that the socket was already bound to a valid local socket name, i.e., a Phonet object. If the socket was not bound, two problems would occur: 1 W...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: drm/shmem-helper: The erroneous “put” operation has been removed from the error path. The drmgemshmemmmap function does not have a reference in the error code path, resulting in the dma-buf shmem GEM object being freed...
Astra Linux – Vulnerability in libxstream-java
XStream is a Java library for serializing objects to XML and back again. In XStream before version 1.4.16, there was a vulnerability where the processed stream contained type information at the time of unmarshaling, allowing new instances to be created based on those type information. Attackers...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Fixed a potential data race in nftobjtypeget. The function nftunregisterobj can occur concurrently with nftobjtypeget. There is no protection when iterating over the nftablesobjects list in nftobjtypeget...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: sched/taskstack: fixed the objectisonstack function for KASAN-tagged pointers When CONFIGKASANSWTAGS and CONFIGKASANSTACK are enabled, the objectisonstack function may produce incorrect results due to the presence of tags in the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the mm, slab context, slab-objexts should always be cleaned up after allocation. When memory allocation profiling is disabled at runtime or due to an error, the shutdownmemprofiling function is called. In this case, slab-objex...
Astra Linux – Vulnerability in Thunderbird
If a Thunderbird user quoted an HTML email, for example by replying to that email, and the email contained a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL would be made, regardless of any configuration that blocks remote...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fixed the potential overflow of the shmem scatterlist length When a scatterlists table of a GEM shmem object with a size of 4 GB or more is populated with pages allocated from the folio format, the .length attribute of...