Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fixed a NULL pointer dereference in pnfsmarkmatchinglsegsreturn. The commit de144ff4234f fixes the issue by changing pnfsreturnlayout to call pnfsmarkmatchinglsegsreturn, with NULL passed as the structpnfslayoutrange...

Astra Linux - уязвимость в linux, linux-5.10

A flaw involving a null pointer dereference was discovered in the Linux kernel’s UDF file system functionality. This flaw allows a malicious UDF image to trigger the udffilewriteiter function. A local user could exploit this flaw to crash the system. The flaw is present in the Linux kernel versio...

Astra Linux - уязвимость в vim

Use of out-of-range pointer offset in the GitHub repository vim/vim before version 8.2...

Astra Linux - уязвимость в vim

Use of out-of-range pointer offset in the GitHub repository vim/vim before version 8.2.4440...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Fixed the error handling code for allocrange. A few users have reported display corruption when booting the machine into KDE Plasma or playing games. We identified a problem where, whenever allocrange failed to find th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fixed the TLBI RANGE operand KVM/arm64 relies on the TLBI RANGE feature to flush TLBs when the dirty pages are collected by the VMM and the page table entries become write-protected during live migration. Unfortunatel...

Astra Linux - уязвимость в ruby-rack

A denial-of-service vulnerability exists in the Range header parsing component of Rack, version 1.5.0 and later. A carefully crafted input can cause the Range header parsing component in Rack to take an unexpectedly long time, potentially leading to a denial-of-service attack. Any applications th...

Astra Linux - уязвимость в imagemagick

In the IntensityCompare function within /MagickCore/quantize.c, a double value was being converted to an int and then returned. In some cases, this resulted in a value that was outside the range of the type int. This flaw could be triggered by a malicious input file under certain conditions when...

Astra Linux - уязвимость в mutt

Null pointer dereferencing when composing from a specially crafted draft message in Mutt 1.5.2 2.2.12...

Astra Linux - уязвимость в ruby-rack

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fixed the issue where memory is disabled if the DVSEC CXL range does not match a CFMWS window. The Linux CXL subsystem is based on the assumption that HPA == SPA. That is, the host physical address HPA of HDM decoder...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: rustbinder: fixed oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted into the tree. As a result, the new request wasn’t taken into account in the spam calculation...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: arm64: Fixed a no-op check in setaccessflags, which could lead to errors when detecting SMMU/ATS faults. The function contpteptepsetaccessflags compared the gathered value from ptepget with the requested state to detect no-ops...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbedit: fix divide-by-zero in tcfskbedithash Commit 38a6f0865796 “net: sched: support hash selecting tx queue” added support for SKBEDITFTXQSKBHASH. The inclusive range size is computed as follows: mappingmod =...

Astra Linux - уязвимость в u-boot

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy to overwrite a very large amount of data including the entire stack, while reading a crafted ext4 filesystem...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtlwifi: 8192cu: fixed a situation where TID was out of range in rtl92cu TxFillDesc. The TID obtained from ieee80211gettid might be out of range of the array size of staEntry-tids, so check that TID is less than...

Astra Linux - уязвимость в subversion

Subversion’s moddavsvn is vulnerable to memory corruption. When checking path-based authorization rules, moddavsvn servers may attempt to use memory that has already been freed. Affected Subversion moddavsvn servers include versions 1.10.0 through 1.14.1 including those versions. Servers that do...

Astra Linux - уязвимость в tomcat9

In some unusual configurations of multipart uploads, an Integer Overflow vulnerability in Apache Tomcat can lead to a Denial-of-Service attack by bypassing size limits. This issue affects Apache Tomcat versions as follows: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, and from...

Astra Linux – Vulnerability in golang-golang-x-text

In Go 1.15.4, a "index out of range" panic occurs in the language.ParseAcceptLanguage function during the parsing of the -u- extension. The language.ParseAcceptLanguage function is supposed to be able to parse an HTTP Accept-Language header...

Astra Linux - уязвимость в vim

Use of out-of-range pointer offset in the GitHub repository vim/vim before version 9.0.1499...