Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data in case of failure. Also, wipe sensitive data from the stack if the copytouser function fails...

Astra Linux - уязвимость в u-boot

In Das U-Boot through 2022.07-rc5, an integer signedness error and resulting stack-based buffer overflow occur in the “i2c md” command, which allows for the corruption of the return address pointer of the doi2cmd function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix device management cmd timeout flow In the UFS error handling flow, the host will send a device management command NOP OUT to the device to recover the link. If this command times out and clearing the device...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powercap: armscmi: Recursion during zone parsing was removed. Powercap zones are defined as being arranged in a hierarchical tree structure. When registering a zone using powercapregisterzone, the kernel’s powercap subsystem...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Accounting for the currently allocated stack depth in widenimprecisescalars The usage pattern of widenimprecisescalars is as follows: python prevst = findpreventryenv, ...; queuedst = pushstack...; widenimprecisescalarsenv,...

Astra Linux - уязвимость в golang-1.19

Using Parse with a build tag line like "// +build" and deeply nested expressions can lead to a panic due to stack exhaustion...

Astra Linux - уязвимость в libproxy

In url.cpp within libproxy versions 0.4.x to 0.4.15, it is possible for a remote HTTP server to trigger uncontrolled recursion by sending a response that consists of an infinite stream without a newline character. This leads to a stack exhaustion issue...

Astra Linux - уязвимость в snakeyaml

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user-supplied input, an attacker may provide content that causes the parser to crash due to a stack overflow...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nvmet: The cqe.result field must always be initialized. The specification does not require that the first two double-word fields also known as “results” for a command queue entry need to be set to 0 when they are not used this is...

Astra Linux - уязвимость в libmysofa

The libmysofa before November 24, 2019, does not properly restrict recursive function calls. This issue is evident from reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: A download of version 0.9 after December 6, 2019, shoul...

Astra Linux - уязвимость в editorconfig-core

There is a stack buffer overflow issue in the ecglob function of editorconfig-core-c before version 0.12.6. This vulnerability allows an attacker to write arbitrary data to the stack, potentially leading to remote code execution. Editorconfig-core-c version 0.12.6 has addressed this vulnerability...

Astra Linux - уязвимость в imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a potential security issue involving infinite recursion in the MSL Magick Scripting Language command when writing to MSL format. Version 7.1.2-13 addresses this issue...

Astra Linux - уязвимость в libxml2

A flaw was discovered in the xmlBuildQName function of libxml2. Integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue may result in memory corruption or a denial of service when processing malicious input...

Astra Linux - уязвимость в qemu

A stack overflow vulnerability was discovered in the Intel HD Audio device intel-hda of QEMU. A malicious guest could exploit this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The greatest threat posed by this vulnerability is to system availability. Thi...

Astra Linux - уязвимость в libxstream-java

XStream is a simple library for serializing objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service—only by manipulating the processed input stream when XStream is configured to use th...

Astra Linux - уязвимость в cairo

A flaw was discovered in cairo’s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo’s image-compositor for example, by convincing a user to open a file in an application that uses cairo, or if an application uses cairo on...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: x86/srso: Added SRSO mitigation for Hygon processors. Added mitigation for the speculative return stack overflow vulnerability, which also exists on Hygon processors...

Astra Linux - уязвимость в linux

In the file drivers/pci/hotplug/rpadlpar/sysfs.c within the Linux kernel up to version 5.11.8, the RPA PCI Hotplug driver suffers a user-tolerable buffer overflow when writing a new device name to the driver from user space. This allows user space to write data directly to the kernel stack frame...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ipvlan: added an helper function for ipvlanroutev6outbound Inspired by reports from syzbot, which use multiple ipvlan devices in their stacks. The stack size required in ipvlanprocessv6outbound can be reduced by moving the...

Astra Linux - уязвимость в isc-dhcp

In ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16, ISC DHCP 4.4.0 - 4.4.2 Other branches of ISC DHCP e.g., releases in the 4.0.x series or earlier, and releases in the 4.3.x series are beyond their End-of-Life period and are no longer supported by ISC. It is clear that this defect is also present in releases...