Astra Linux – Vulnerability in WebKit2GTK

A out-of-bounds write issue has been addressed through improved input validation. This issue is fixed in iOS 15.6, iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, and Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nvmem: core: Fixed a memory leak in nvmemregister. In nvmemsetname, memory will be allocated for nvmem-dev.kobj.name during nvmemregister. When nvmemvalidatekeepouts fails, nvmem’s memory will be freed, but no one will free the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: simple-card-utils: Fixed the pointer check in graphutilParseLinkDirectionation. Now, it checks whether the passed pointers are valid before writing to them. This also fixes a USBAN warning: UBSAN: Invalid-load in...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: validation of user data in compact ioctl commands. Incorrect user data may cause warnings in i2ctransfer. For example, it may result in no messages being sent at all. Userspace should not be able to trigger such warnings...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Check ownership before using vma. When installing missing pages or zapping them, Rust Binder will look up the vma in the memory management unit by address, and then call vminsertpage or zappagerangesingle. However, if...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed potential OOBs in smb2ParseContexts Validated offsets and lengths before dereferencing to create contexts in smb2ParseContexts. This fix addresses the following OOPs when accessing invalid create contexts fr...

Astra Linux – Vulnerability in exiv2

Exiv2 0.27.2 allows attackers to cause a crash in the Exiv2::getULong function in types.cpp, when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimageint.cpp. This occurs because there is no validation of the relationship between the total size and the offset and size...

Astra Linux – Vulnerability in LibreOffice

LibreOffice supports digital signatures for ODF documents and macros within documents. It provides visual aids to indicate that the document has not been altered since the last signature, and that the signature is valid. A vulnerability in certificate validation in LibreOffice allowed attackers t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Added verification for the maxfrequency value provided by the firmware. If the value of maxspeedhz is 0, it may cause a division by zero error in hisicalceffectivespeed. The value of maxspeedhz is provided by t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: added validation for the VIRTIONETCTRLMQVQPAIRSSET command When the control vq receives a VIRTIONETCTRLMQVQPAIRSSET command request from the driver, there is currently no validation of the number of queue pairs to be...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: It is necessary to check that sock is valid before assigning it to iscsisetparam. The validity of sock should be checked before assigning it to prevent incorrect values. The change introduced in commit 57569c37f0a...

Astra Linux – Vulnerability in python-tornado

In Tornado before version 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments of .RequestHandler.setcookie were not checked for crafted characters...

Astra Linux – Vulnerability in WebKit2GTK

A memory corruption issue has been resolved through improved validation. This issue is fixed in iOS 15.6, iPadOS 15.6, macOS Monterey 12.5, and Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: schcake: A out-of-bounds access issue was fixed during the parsing of TCP options and headers. The TCP option parser in cake qdisc cakegettcpopt and caketcphmaydrop could read one byte out of bounds. When the length of the data...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Buffer validation was corrected by including the size of the null-terminating character in the EA length. The smb2setea function, which handles Extended Attributes EA, conducted buffer validation checks that incorrectly...

Astra Linux – Vulnerability in Heimdal

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial-of-service vulnerability in Heimdal’s PKI certificate validation library. This vulnerability affects the KDC via PKINIT and kinit via PKINIT, as well as any third-party applications...

Astra Linux – Vulnerability in net-snmp

Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could exploit an improper input validation vulnerability when setting malformed OIDs in both the master agent and subagent simultaneously. Version 5.9.2...

Astra Linux – Vulnerability in rabbitMQ-server

Versions of RabbitMQ prior to 3.8.16 are vulnerable to a denial-of-service vulnerability due to improper input validation in the AMQP 1.0 client connection endpoint. A malicious user can exploit this vulnerability by sending malicious AMQP messages to the target RabbitMQ instance where the AMQP 1...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A issue was discovered in the Linux kernel before version 6.3.3. There is an out-of-bounds read in the crc16 function in lib/crc16.c when called from fs/ext4/super.c, because ext4groupdesccsum does not properly check an offset. NOTE: This issue is disputed by third parties, as the kernel is not...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: HID: hid-thrustmaster: fixed OOB read in thrustmasterinterrupts Syzbot reported a slab-out-of-bounds Read in thrustmasterprobe. The root cause is the lack of validation checks for the actual number of endpoints. Code should no...