Astra Linux – Vulnerability in imagemagick

A vulnerability was discovered in ImageMagick, causing a value of type ‘unsigned char’ to fall outside the representable value range when crafted or untrusted input is processed in the coders/psd.c file. This results in a negative impact on the availability of the application or other problems...

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range multiple times in a single HTTP request, causing the server to use large amounts of memory. This does not resul...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fixed the issue of out-of-range access to the vnicinfo array. The bnxtqueuestart | stop access to vnicinfo results in excessive allocation of resources, which indicates bp-nrvnics. Therefore, it should not access...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb3: Fixed temporary data corruption during the insert range operation. The insert range does not discard the affected cached data; therefore, there is a risk of temporarily corrupting file data. Some minor optimizations were...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: XArray: Fixed the issue with xascreaterange when a multi-index entry is present. If there is already an entry present that is of order = XACHUNKSHIFT when we call xascreaterange, xascreaterange will misinterpret that entry as a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext2/dax: Fix ext2setsize when len is page aligned PAGEALIGNx macro gives the next highest value which is multiple of pagesize. But if x is already page aligned then it simply returns x. So, if x passed is 0 in daxzerorange...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: The xid leak in cifscopyfilerange has been fixed. If the file is used by swap, before returning -EOPNOTSUPP, the xid should be freed. Otherwise, the xid will be leaked...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed a potential NULL pointer dereference in the atomctrlgetsmcsclkrangetable function. The function atomctrlgetsmcsclkrangetable does not check the return value of smuatomgetdatatable. If smuatomgetdatatable fails t...

Astra Linux – Vulnerability in glibc

Before version 2.32, the GNU C Library also known as glibc or libc6 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contained a non-canonical bit pattern. This issue was observed when passing a value of 0x5d414141414141410000 to the sinl...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Fixed out-of-range access to bc-domains. Out-of-range access to bc-domains in imx8mblkctrlremove has been fixed...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed the qgroup reserve leaks in cowfilerange. In the buffered write path, the dirty page owns the qgroup reserve until it creates an orderedextent. Therefore, any errors that occur before the orderedextent is created...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/amdnb: The function amdgetmmconfigrange uses rdmsrsafe, which should not be used without proper safeguards. Xen does not provide the MSRFAM10HMMIOCONFbase to all guests. This results in the following warning: Unchecked MSR...

Astra Linux – Vulnerability in Squid

A issue was discovered in Squid before version 4.15 and 5.x before version 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack targeting all clients using the proxy through HTTP Range request processing...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: A deadlock occurs when the svm range restore operation is performed at process exit. The code kfdprocessnotifierrelease flushes svmrangerestorework, which in turn calls svmrangelistlockandflushwork to flush...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: zoned: fix extent range end unlock in cowfilerange Running generic/751 on the for-next branch often results in a hang like below. Both issues involve locking an extent, suggesting that someone may have forgotten to unlo...

Astra Linux – Vulnerability in imagemagick

In /MagickCore/statistic.c, there are several places where a sizet cast should have been replaced with an ssizet cast. This causes out-of-range values under certain circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security classified this as Low severity becaus...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick, specifically in the code file coders/bmp.c. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the type unsigned int. This likely leads to a disruption in the...

Astra Linux – Vulnerability in Zabbix

Zabbix Frontend offers a feature that enables administrators to manage the installation and ensure that only certain IP addresses can access it. This way, no user will be able to access the Zabbix Frontend during maintenance, and sensitive data will be protected from being disclosed. An attacker...

Astra Linux - уязвимость в libsoup2.4

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...

Astra Linux - уязвимость в chromium

In WebAudio, operations of reading and writing data outside of the allowed range in Google Chrome before version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...