Astra Linux – Vulnerability in Linux 5.15

A issue was discovered in the Linux kernel before version 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, resulting in an out-of-bounds read in the ntfssetea function in fs/ntfs3/xattr.c...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick, specifically in the MagickCore/visual-effects.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, including division by zero in mathematics. The greatest threat of this vulnerability is to system...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional checks have been added in niclear. The addition of a check for NTFSFLAGSLOGREPLAYING prevents access to the uninitialized bitmap during the replay process...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel 6.0.8, there is a use-after-free in the rununpack function in fs/ntfs3/run.c, which is related to a difference between the NTFS sector size and the media sector size...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: NFS: Fixed an error in nfsdautomount When mounting from an NFSv4 reference, path-dentry may end up being a negative dentry. Therefore, the struct nfsserver structure is derived from the dentry itself instead...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:1965:6 The index -84 is out of range for the type ‘s8341’. CPU: 1 PID:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm: revert "mm: shmem: fix data-race in shmemgetattr". The change reverts to the state before the modification made by d949d1d14fa2 “mm: shmem: fix data-race in shmemgetattr“”, as suggested by Chuck 1. This issue caused deadlocks...

Astra Linux – Vulnerability in cups

OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connected to cupsd but sent very slow messages—for example, only one byte per second—could delay cupsd as a whole, rendering it unusable for other clients...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: Fixed a regression issue related to the removal of the procfs host directory The commit fc663711b944 “scsi: core: Removed the /proc/scsi/$procname directory earlier” fixed a bug related to module loading/unloading...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Avoid deadlock in hibernatecompressorparamset syzbot reported a deadlock in locksystemsleep see below. The write operation to "/sys/module/hibernate/parameters/compressor" conflicts with the registration of ieee802...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick’s coders, specifically in the webp.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, including division by zero in mathematics. The most significant threat of this vulnerability is the impact on system...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: fixed a slab-out-of-bounds read in eaget During the “sizecheck” step in eaget, the code checks whether the extended attribute list xattr size matches easize. If not, it logs “eaget: invalid extended attribute” and calls...

Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved through improved bounds checks. This issue has been fixed in tvOS 15.6, watchOS 8.7, iOS 15.6, and iPadOS 15.6, macOS Monterey 12.5, and Safari 15.6. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Allow ext4getgroupinfo to fail. Previously, ext4getgroupinfo would treat an invalid group number as a BUG, since this should theoretically never happen. However, if a malicious attacker modifies the superblock via the block...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: jfs: Check whether leafidx is greater than the number of leaves per dmap tree. syzbot reported an out-of-bounds error in dbSplit. This occurs when dmtleafidx is greater than the number of leaves per dmap tree. A check for...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: NFSv4: Fixed an error in pnfsmarkrequestcommit, when performing ODIRECT operations. Fixed an error-prone condition in pnfsmarkrequestcommit, when adding a set of write operations to the commit list in order to reschedule them...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm, thp: Bail out early for writeback pages in collapsefile Currently, collapsefile does not explicitly check PGwriteback. Instead, pagehasprivate and trytoreleasepage are used to filter writeback pages. This approach does not wo...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a system hang that occurred during resume with a Thunderbolt monitor. Why This issue arises when using a Thunderbolt monitor and performing suspend operations; the system may hang during resume. During the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fixed a crash in nfsd4readrelease. When tracing is enabled, the tracenfsdreaddone trace point crashes during the pynfs read.testNoFh test...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skips inactive planes within ModeSupportAndSystemConfiguration. Why Coverity reports a Memory - illegal access issue. How Skips inactive planes...