PT-2026-36908

Name of the Vulnerable Software and Affected Versions Postfix versions prior to 3.8.16 Postfix versions 3.9 prior to 3.9.10 Postfix versions 3.10 prior to 3.10.9 Description A buffer over-read can occur, potentially leading to a process crash, when an enhanced status code is used that lacks text...

Astra Linux – Vulnerability in Qemu

QEMU 4.2.0 has a use-after-free issue in hw/net/e1000ecore.c, as a user of the guest OS can trigger an e1000e packet with the data’s address set to the e1000e’s MMIO address...

Astra Linux – Vulnerability in advancecomp

It was discovered that Advancecomp v2.3 contains a heap buffer overflow vulnerability...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a malicious RDP server could trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input AUDIN format lists. The audinprocessformats function reuses the callback-formatscount...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu: Fixed the SDMA v4 SW fini error. Fixed the SDMA v4 SW fini error for SDMA 4.2.2 to resolve the following general protection fault. +0.108196 General protection fault; likely due to a non-canonical address...

Astra Linux – Vulnerability in Qemu

A reachable assertion issue was detected in the USB EHCI emulation code of QEMU. This issue can occur during the processing of USB requests due to a faulty handling of the DMA memory map. A malicious privileged user within the guest environment may exploit this flaw to send invalid USB requests,...

Astra Linux – Vulnerability in Linux-Firmware

Improper access control in some IntelR PROSet/Wireless WiFi and KillerTM WiFi software may allow a privileged user to potentially enable the escalation of privileges through local access...

Astra Linux - уязвимость в intel-microcode

Incorrect calculations in the microcode keying mechanism of certain IntelR XeonR D processors with IntelR SGX may allow a privileged user to potentially enable information disclosure through local access...

Astra Linux – Vulnerability in net-snmp

The handleipv6IpForwarding function in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP version 5.4.3 to 5.9.3 has a NULL Pointer Exception bug. This bug can be exploited by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in a Denial of Service attack...

Astra Linux – Vulnerability in Apache2

Splitting HTTP responses across multiple modules in the Apache HTTP Server allows an attacker who can inject malicious response headers into backend applications to carry out an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Fixed a deadlock in the SGX NUMA node search process. When the current node does not have an EPC section configured by the firmware, and all other EPC sections are used up, the CPU can get stuck inside the while loop tha...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: fixed the null pointer issue when the SMU is disabled. It is necessary to check whether the ppfuncs is initialized before releasing the context; otherwise, a null pointer panic will occur when the software SMU is n...

Astra Linux – Vulnerability in exempi

The XMP Toolkit SDK versions 2020.1 and earlier are affected by a use-after-free vulnerability that could lead to arbitrary code execution in the context of the current user. Exploiting this issue requires user interaction—that is, the victim must open a malicious file...

Astra Linux – Vulnerability in Intel Microcode

An improperly implemented security check for standard in the DDRIO configuration for some IntelR XeonR 6 processors, when using IntelR SGX or IntelR TDX, may allow a privileged user to potentially enable privilege escalation through local access...

Astra Linux – Vulnerability in tar

In GNU tar before version 1.35, mishandling of extension attributes in a PAX archive can cause the application to crash in xheader.c...

Astra Linux – Vulnerability in WebKit2GTK

A “use-after-free” issue has been addressed through improved memory management. This issue is fixed in Safari 18.4, iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, and watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari cras...

Astra Linux - уязвимость в intel-microcode

Protection mechanism failure in some 3rd and 4th Generation IntelR XeonR Processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15, and Linux 6.1

A heap-out-of-bounds write vulnerability in the Linux kernel’s Performance Events system component can be exploited to achieve local privilege escalation. The readsize of a perfevent can overflow, resulting in an out-of-bounds increment or write operation in perfreadgroup. We recommend upgrading ...

Astra Linux – Vulnerability in c-ares

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service attacks. When a target resolver sends a query, the attacker creates a malformed UDP packet with a length of 0 and sends it back to the target resolver. The target resolver misinterprets this 0-length field as an...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is processed with debounce, and this results in debouncing in software, and the line is subsequently reconfigured to enable edge detection, then the allocation of the kfifo to...