Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: In the bpf function, the task with pid=1 can be skipped in the sendsignalcommon function. The following kernel panic can occur when a task with pid=1 attempts to send a killing signal to itself. For more details, see 1. Kernel...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The issue involves bcm: – a UAF Use-After-Free flaw in bcmprocshow. Bug: KASAN: A slabuse-after-free issue occurs in bcmprocshow+0x969/0xa80. A size 8 byte read was performed at address ffff888155846230 by the task cat/7862. CPU:...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: The issue related to “ALSA: firewire-lib: operate for period elapse event in process context” has been addressed. The commit 7ba5ca32fe6e “ALSA: firewire-lib: operate for period elapse event in process context” removed the proces...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: Fixed the issue of partial SETREGSET for NTARMTAGGEDADDRCTRL. Currently, the taggedaddrctrlset function does not initialize the temporary “ctrl” variable. A SETREGSET call with a length of zero will leave this...

Astra Linux - уязвимость в ntp

In the mstolfp.c file within NTP 4.2.8p15, there is a buffer overflow vulnerability when a \0' character is added. An adversary may be able to attack a client ntpq process, but they cannot attack the ntpd process...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ubifs: A memory leak was fixed in allocwbufs. kmemleak reported a series of memory leaks. The details are as follows: - Unreferenced object 0xffff8881575f8400 size 1024: Command: “mount”, PID: 19625, Jiffies: 4297119604 Age:...

Astra Linux - уязвимость в webkit2gtk

A buffer overflow was addressed through improved bounds checking. This issue has been fixed in Safari 26.1, iOS 18.7.2, and iPadOS 18.7.2; iOS 26.1 and iPadOS 26.1; macOS Tahoe 26.1; tvOS 26.1; visionOS 26.1; and watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected...

Astra Linux - уязвимость в webkit2gtk

A correctness issue was addressed through improved checks. This issue has been fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, and watchOS 26. Processing maliciously crafted web content may result in an unexpected process crash...

Astra Linux - уязвимость в libde265

It was discovered that Libde265 v1.0.11 contains a segmentation violation through the function decodercontext::processSliceSegmentHeader in decctx.cc...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: A deadlock occurs when the svm range restore operation is performed at process exit. The issue arises from the following sequence of operations: kfdprocessnotifierrelease flushes svmrangerestorework, which in turn cal...

Astra Linux - уязвимость в webkit2gtk

This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, and visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: Fixed the issue where hugepmdunshare caused a race condition with GUP-fast. The hugepmdunshare function releases a reference to a page table that might have previously been shared across processes. This could...

Astra Linux - уязвимость в webkit2gtk

A memory corruption issue has been resolved through improved input validation. This issue is fixed in Safari 18.1, iOS 18.1, iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, and watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash...

Astra Linux - уязвимость в chromium

A heap buffer overflow in History in Google Chrome prior to version 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Added a call to putpid. A call to putpid is added corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID, so we need to free it here to avoid leaks. [email protected]: Reworded the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: afs: Fixed the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes. However, a problem arises when someone attempts to create a directory under /proc/net/afs/ with the name of a cell. Thi...

Astra Linux - уязвимость в webkit2gtk

A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, and watchOS 10.6. Processing maliciously crafted web content may lead to an...

Astra Linux - уязвимость в webkit2gtk

A flaw was discovered in WebKitGTK. Processing malicious web content may cause an unexpected process crash due to improper memory handling...

Astra Linux - уязвимость в webkit2gtk

This issue has been resolved through improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2, iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, and watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash...

Astra Linux - уязвимость в webkit2gtk

This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2, and iPadOS 18.7.2; iOS 26.1 and iPadOS 26.1; macOS Tahoe 26.1; tvOS 26.1; visionOS 26.1; and watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...