Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fixed the fout leak in hbm’s runbpfprog. Fixed the issue where fout was opened using fopen, but fclose wasn’t performed afterward. In the affected branch, fout otherwise would go out of scope...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fixed negative period/buffer sizes The calculation of the period size in the OSS layer may generate a negative value as an error. However, the code there assumes only positive values and handles them using sizet. ...

Astra Linux - уязвимость в pillow

In imagingcms.c within Pillow, before version 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/9p: use a dedicated spinlock for transfd Shamelessly copying the explanation from Tetsuo Handa's suggested patch1 slightly reworded: syzbot is reporting inconsistent lock state in p9reqput2, for p9tagremove from p9reqput from...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix mlx5eprivinit cleanup flow When mlx5eprivinit fails, the cleanup flow calls mlx5eselqcleanup which calls mlx5eselqapply which assures that the priv-statelock is held using lockdepisheld. Acquire the statelock in...

Astra Linux - уязвимость в ruby-rack

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, “Rack::Multipart::Parser” stores non-file form fields fields without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes ...

Astra Linux - уязвимость в ruby-sinatra

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there was a denial-of-service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method was used when constructing the response. Carefully crafted...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix improper sg use with CONFIGVMAPSTACK=y With vmalloc stack addresses enabled CONFIGVMAPSTACK=y DCP trusted keys can crash during en- and decryption of the blob encryption key via the DCP crypto driver. This...

Astra Linux - уязвимость в git

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when...

Astra Linux - уязвимость в mbedtls

Before version 2.16.5 of Arm Mbed TLS, attackers could obtain sensitive information an RSA private key by monitoring cache usage during an import process...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: dev/parport: Fixed the array out-of-bounds issue caused by sprintf. The issue was addressed by replacing sprintf with snprintf, resulting in safer data copying and ensuring that the destination buffer is not overflowed. Below ...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: The severity of the WARN message has been reduced to be sent via devdbg in the callback. The warning is triggered due to a known race condition, which is documented in the code above. This issue is now properly...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix overlapping copy within dmlcoremodeprogramming WHY &modelib-mp.Watermark and &locals-Watermark are the same address. memcpy may lead to unexpected behavior. HOW memmove should be used...

Astra Linux - уязвимость в tiff

A null source pointer passed as an argument to the memcopy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, a fix is available in the commit...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/handshake: Fix handshakereqdestroytest1 Recently, the handshakereqdestroytest1 test started failing: The expected value of handshakereqdestroytest should be req, but the actual value is 0000000000000000. The correct value...

Astra Linux - уязвимость в python3.11, python2.7, python3.7

There is a low-severity vulnerability affecting CPython, specifically the ‘http.cookies’ standard library module. When parsing cookies where quoted characters are represented using backslashes, the parser uses an algorithm with quadratic complexity, resulting in excessive CPU resources being...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: blk-mq: make sure active queue usage is held for biointegrityprep blkintegrityunregister can come if queue usage counter isn't held for one bio with integrity prepared, so this request may be completed with calling...

Astra Linux - уязвимость в netty

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Do not allow eprobes to use $stack, or % for regs While playing with event probes eprobes, I tried to see what would happen if I attempted to retrieve the instruction pointer %rip knowing that event probes do not...

Astra Linux - уязвимость в linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu: fix usage of slab after free +0.000021 BUG: KASAN: slab-use-after-free in drmschedentityflush+0x6cb/0x7a0 gpusched +0.000027 Reading of size 8 at address ffff8881b8605f88 by task amdpciunplug/2147 +0.000023 CPU: 6...