Astra Linux – Vulnerability in rabbitMQ-server

Versions of RabbitMQ prior to 3.8.16 are vulnerable to a denial-of-service vulnerability due to improper input validation in the AMQP 1.0 client connection endpoint. A malicious user can exploit this vulnerability by sending malicious AMQP messages to the target RabbitMQ instance where the AMQP 1...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A issue was discovered in the Linux kernel before version 6.3.3. There is an out-of-bounds read in the crc16 function in lib/crc16.c when called from fs/ext4/super.c, because ext4groupdesccsum does not properly check an offset. NOTE: This issue is disputed by third parties, as the kernel is not...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: HID: hid-thrustmaster: fixed OOB read in thrustmasterinterrupts Syzbot reported a slab-out-of-bounds Read in thrustmasterprobe. The root cause is the lack of validation checks for the actual number of endpoints. Code should no...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: RFCOMM: No fix to ensure that user input is validated before setting the setsockopt function. The syzbot reported that the rfcommsocksetsockoptold function copies data without checking the length of the user input...

Astra Linux – Vulnerability in Netty

The Netty project is an event-driven, asynchronous network application framework. Starting from version 4.1.83.Final and before 4.1.86.Final, when calling DefaultHttpHeaders.set with an iterator of values, header value validation was not performed. This allowed malicious header values in the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args. This will assist in validating the userq input arguments and rejecting invalid userq requests during IOCTLs...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: openvswitch: removed the never-working support for setting nsh fields. The validation of the setnsh... action is completely incorrect. It involves the nshkeyputfromnlattr function, which is the same function used to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: wavefront: Fixed integer overflow in sample size validation The wavefrontsendsample function has a problem with integer overflow when validating sample size. The header-size field is of type u32, but it is cast to int for...

Astra Linux – Vulnerability in Pypy

In the http.cookiejar.py module of Python, prior to version 3.7.3, the domain validation mechanism was not properly implemented. This vulnerability could allow existing cookies to be sent to the wrong server. Attackers could exploit this flaw by using a server whose hostname contains another vali...

Astra Linux – Vulnerability in WebKit2GTK

There was an issue with URL handling that caused spoofing. This issue has been addressed through improved input validation. This issue is fixed in iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, and Safari 16.2. Visiting a malicious website may result in address bar spoofing...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate the content of the release report before using it for RTL8922DE. The commit 957eda596c76 "wifi: rtw89: pci: validate the sequence number of the TX release report" performs validation on existing chips...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fixed the incorrect setting of maxcorrreaderrors. There is no input validation when using the echo md/maxreaderrors command, and an overflow might occur. Add validation for the input number...

Astra Linux – Vulnerability in WebKit2GTK

Integer overflow has been addressed through improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, and visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices The getmeterlevelsfromurb function parses the 64-byte meter packets sent by the device and fills the per-channel arrays meterlevel, complevel, and masterlevel in the struct...

Astra Linux – Vulnerability in oddjob

A race condition was identified in the mkhomedir tool included with the oddjob package in versions prior to 0.34.5 and 0.34.6. During the home creation process, mkhomedir copies the /etc/skel directory into the newly created home directory and changes its ownership to the home’s user, without...

Astra Linux – Vulnerability in Python 2.7, Pypy

In Lib/tarfile.py in Python 3.8.3, an attacker can create a TAR archive that causes an infinite loop when opened using tarfile.open, due to the lack of header validation in procpax...

Astra Linux – Vulnerability in Python-Django

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload was never supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However, Django’...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Validates the index root when initializing NTFS security. This improves the sanity check for $SDH and $SII during the initialization of NTFS security, ensuring that these index roots are legitimate. 162.459513 BUG:...

Astra Linux – Vulnerability in Python-Django

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are vulnerable to a ReDoS regular expression denial of service attack due to a very large number of domain name labels for emails and URLs...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: hns3 – added validation of the VLAN ID before using it. Currently, the VLAN ID can be used without validation when receiving a VLAN configuration mailbox from VF. The length of vlansdelfailbmap is BITSTOLONGSVLANNVID. This m...