161066 matches found
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: atl1c: Workaround for the DMA RX overflow issue. This work is based on the alx driver commit 881d0327db37 “net: alx: Workaround for the DMA RX overflow issue”. The alx and atl1c drivers both had RX overflow errors; therefore, ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables – A memory leak was fixed in nftablesupdchain. If nftnetdevregisterhooks fails, the memory associated with nftstats is not freed, resulting in a memory leak. This patch addresses this issue by moving...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/filemap: Make MAXPAGECACHEORDER acceptable to xarray. Patch series “mm/filemap: Limit page cache size to that supported by xarray”, version 2. Currently, xarray cannot support arbitrary page cache sizes. More details can be...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: igbvf: fixed a double-free in igbvfprobe. In igbvfprobe, if registernetdev fails, the program will proceed to label errhwinit, and then to label errioremap. In freenetdev, which occurs just below label errioremap, there are...
Astra Linux – Vulnerability in WebKit2GTK
The issue was addressed through improved checks. This issue is fixed in Safari 18.2, iOS 18.2, iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, and watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memorysection-usage The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that ZONENORMAL ZONEDEVICE ZONENORMAL...
Astra Linux – Vulnerability in Ruby-Rack
Rack provides an interface for developing web applications in Ruby. Before versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static could serve files under the specified root: even if urls: was provided. This might lead to unexpected access to other files under the same root: directory. The vulnerabilit...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/9p: A potential socket leak has been fixed in p9socketopen. Both p9fdcreatetcp and p9fdcreateunix will call p9socketopen. If the creation of p9transfd fails, both p9fdcreatetcp and p9fdcreateunix will return an error directly...
Astra Linux – Vulnerability in Twisted
Twisted is an event-based framework for internet applications, compatible with Python 3.6+. Before version 22.2.0, Twisted’s SSH client and server implementations allowed accepting an infinite amount of data for the peer’s SSH version identifier. This resulted in a buffer that consumed all...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: clk: mmp: pxa1908-apbcp: Fixed the issue where NULL was compared with ISERR. The devmkzalloc function does not return error pointers; it returns NULL in case of an error. Update the check to match this behavior...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftlimit: avoided a possible division error in nftlimitinit divu64 divides an u64 value by an u32 value. nftlimitinit attempts to divide an u64 value by another u64 value; the appropriate math function div64u64 shou...
Astra Linux – Vulnerability in Tiff
A vulnerability has been discovered in LibTIFF. It has been classified as critical. This vulnerability affects the TIFFReadRGBATileExt function in the file libtiff/tifgetimage.c. Manipulation of this function can lead to integer overflow. The attack can be initiated remotely. The exploit has been...
Astra Linux – Vulnerability in GhostScript
A vulnerability was discovered in Artifex GhostPDL, specifically at the address 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. This vulnerability has been classified as problematic. It affects the pdfferror function in the devices/vector/gdevpdf.c file, within the component named “New Output File Open...
Astra Linux – Vulnerability in Axis
UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it might not have been obvious that using “ServiceFactory.getService” could lead to potentially dangerous operations, such as LDAP queries. Passing untrusted input to this API method could expose the application to DoS,...
Astra Linux – Vulnerability in node-browserify-sign
“browserify-sign” is a package that duplicates the functionality of Node’s crypto public key functions. Much of this functionality is based on Fedor Indutny’s work on “indutny/tls.js”. There is a issue with upper-bound checking in the “dsaVerify” function, which allows an attacker to create...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: devlink: fixed the netns refcount leak in devlinknlcmdreload. While preparing my patch series that includes netns refcount tracking, I discovered bugs in devlinknlcmdreload. Some error paths failed to release the refcount...
Astra Linux – Vulnerability in Linux 5.10
A vulnerability has been discovered in the Linux kernel. It has been rated as problematic. The affected component is the sessfreebuffer function in the fs/cifs/sess.c file of the CIFS Handler module. This vulnerability can lead to double-free operations. It is recommended that patches be applied ...
Astra Linux – Vulnerability in Vim
A vulnerability was discovered in Vim and is classified as problematic. The issue affects the qfupdatebuffer function in the quickfix.c file of the autocmd Handler component. This manipulation leads to memory corruption after the function is called. The attack can be launched remotely. Upgrading ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improved patch ioctl data validation. In the loaddata function, the validation of the main information block is performed, while in loadguspatch, it skips certain checks. In loadguspatch, additional checks are added t...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: fpga: bridge: Added a module owner field and used its pointer to count the reference count of the module. The current implementation of the fpgabridge assumes that the low-level module registers a driver for the parent device...