5549 matches found
Astra Linux – Vulnerability in syslog-ng
syslog-ng is an enhanced logging daemon. Prior to version 4.8.2, the tlswildcardmatch function matched against certificates like foo..bar, although this is not allowed. It is also possible to pass partial wildcards, such as foo.ac.bar, which glib logs match, but this should be avoided/disabled...
Astra Linux - уязвимость в curl
When performing TLS-related transfers using reused easy or multi-handles, and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl may accidentally reuse a CA store cached in memory, where the partial chain option is reversed. This goes against the user’s wishes and expectations. As a result,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Regulator: da9063 – A better fix for null dereferencing with partial DT. Two versions of the original patch were sent, but Version 1 was merged instead of Version 2 due to a mistake. Therefore, update to Version 2. The advantage ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/gt: Handling cleanup of partially initialized engines If we abort the driver initialization during the process of engine discovery, some engines will be fully initialized while others will not. Those incompletely...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: A leak was fixed in mapuserpages. If getuserpagesfast allocates some pages, but not as many as we wanted, then the current code causes those pages to be leaked. Call putpage on the pages before returning...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK products of Oracle Java SE component: Utility. The supported versions affected by this vulnerability are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nfsd: Do not replace a page in the rqpages array if it is a continuation of the last page. The splice function calls nfsdspliceactor to place the pages containing file data into the svcrqst-rqpages array. However, it is possible...
Astra Linux – Vulnerability in Apache2
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some uses of the legacy content-type-based configuration of handlers. Configurations like “AddType” and similar ones, under certain circumstances where files are requested indirectly, can lead to exposure of local...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mm: Avoid leaving partial pfn mappings in error cases. As Jann points out, PFN mappings are special. Unlike normal memory mappings, there is no lifetime information associated with the mapping—it’s just a raw mapping of PFNs,...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: dax: fix an issue where overflowing extents beyond the inode size occurs during partial writing. The daxiomaprw function does two things in each iteration: it maps the written blocks and copies user data to those blocks. If...
Astra Linux – Vulnerability in Tomcat9
Path Equivalence: The use of ‘file.Name’ an internal dot notation can lead to Remote Code Execution, information disclosure, or the addition of malicious content to uploaded files via the write-enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. The supported versions affected by this vulnerability are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, and 22.0.0.2. This...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: 9p: Fixed the fid refcount leak in v9fsvfsatomicopendotl. We need to release the directory fid if we fail at any point during the open operation. This fix addresses the issue of fid leaking during xfstests with the generic test 5...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fixed handling of partial GPU mapping of BOs. This commit fixes the bug in handling partial mapping of buffer objects to the GPU, which caused kernel warnings. Panthor did not handle correctly the case where the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Tunnels: Fixed an out-of-bounds access issue when building IPv6 PMTU errors. If the ICMPv6 error is generated using a non-linear skb, the following issues occur: BUG: KASAN: Out-of-bounds access in docsum+0x220/0x240 Reading o...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed unsafe code that drained send or recv work queues before they were actually created. If the createqp function does not succeed completely, it is possible for the qp cleanup code to attempt to drain the send or rec...
Astra Linux – Vulnerability in openjdk-11
A vulnerability exists in the Oracle Java SE and Oracle GraalVM Enterprise Edition products from Oracle Java SE component: Lightweight HTTP Server. The versions affected include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3, and...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: - net: tls: Fixed a use-after-free issue related to partial reads and async decryption. tlsdecryptsg does not take a reference to the pages from clearskb. Therefore, the putpage function in tlsdecryptdone releases these pages,...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. The supported versions affected include Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4, and 22.3.0. This easily exploitable vulnerability...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Tracing: The WARNON message in tracingbuffersmmapclose has been fixed for split VMA cases. When a VMA is split e.g., through partial munmap or MAPFIXED, the kernel calls vmops-close on each portion of the VMA. For trace buffer...