Astra Linux – Vulnerability in OpenLDAP

A flaw was discovered in OpenLDAP before version 2.4.57, which led to an assertion failure in slapd’s saslAuthzTo validation process, resulting in a denial of service...

Astra Linux – Vulnerability in Python 2.7, Pypy

In Lib/tarfile.py in Python 3.8.3, an attacker can create a TAR archive that causes an infinite loop when opened using tarfile.open, due to the lack of header validation in procpax...

Astra Linux – Vulnerability in Chromium

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: State corruption has been prevented in fpurestoresig. The non-compacted slowpath uses copyfromuser to copy the entire user buffer into the kernel buffer, verbatim. This means that the kernel buffer may now contain entire...

Astra Linux – Vulnerability in Intel Microcode

Improper input validation in UEFI firmware for some Intel processors may allow a privileged user to potentially enable information disclosure through local access...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: calipso: Do not call calipso functions for AFINET sockets. syzkaller reported a null-ptr-deref in txoptget. 0 The offset 0x70 refers to struct ipv6txoptions within struct ipv6pinfo; therefore, struct ipv6pinfo was NULL there...

Astra Linux – Vulnerability in exempi

The XMP Toolkit SDK version 2020.1 and earlier is affected by an improper input validation vulnerability, which may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...

Astra Linux – Vulnerability in Tomcat9

There is a vulnerability related to improper input validation in Apache Tomcat. Tomcat did not restrict HTTP/0.9 requests to only the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, users could bypass this constraint on GET requests by...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Ring-Buffer: Fixed the possibility of dereferencing an uninitialized pointer. There is a pointer called headpage in the function rbmetavalidateevents. This pointer is not initialized at the beginning of the function. This pointer...

Astra Linux – Vulnerability in Linux 5.10

A vulnerability was discovered in the net/tipc/crypto.c file within the Linux kernel before version 5.14.16. The Transparent Inter-Process Communication TIPC functionality allows remote attackers to exploit a lack of sufficient validation of the user-supplied sizes for the MSGCRYPTO message type...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/exynos: exynos7drmdecon: added a check for virtual blinking vblank during IRQ handling. If there is support for another console device such as a TTY serial, the kernel occasionally panics during boot. The panic message and a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: SCO: Fixed issue where user input is not validated before calling setockopt. The syzbot reported that scosocksetsockopt copies data without checking the length of the user input. BUG: KASAN: Out-of-bounds access in...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: PowerPC: Fixed virtaddrvalid for 64-bit Book3E & 32-bit systems. MPE: On 64-bit Book3E, the vmalloc space starts at 0x8000000000000000. Due to the way pa works, pa0x8000000000000000 returns 0. Therefore,...

Astra Linux – Vulnerability in libsodium

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data, mishandles checks for whether an elliptic curve point is valid. This occurs because it sometimes allows points that are not part of the main cryptographic group...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validating the command header size against SVGACMDMAXDATASIZE This data originates from user space and is used in buffer offset calculations, which may potentially lead to an out-of-bounds access due to overflow...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211 – Increase scanieslen for S1G. Currently, the S1G capability element is not taken into consideration when calculating scanieslen, which leads to a buffer length validation failure in the ieee80211prephwscan functio...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iio: fixed the potential out-of-bound write issue. The buffer is set to 20 characters. If a caller writes more characters, the count is truncated to the maximum available space in simplewritetobuffer. To prevent access by OoB...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: nullblk: Fixed the validation of the block size. The block size should be between 512 and PAGESIZE, and it should be a power of 2. The current check does not validate this, so the check needs to be updated. Without this patch,...

Astra Linux – Vulnerability in squashfs-tools

In Squashfs-Tools 4.5, the squashfsopendir variable in unsquash-1.c stores the filename within the directory entry. This filename is then used by unsquashfs to create the new file during the unsquash process. The filename is not validated for traversal outside of the destination directory, allowi...

Astra Linux – Vulnerability in Tomcat9

Improper input validation vulnerability. This issue affects Apache Tomcat: versions 11.0.0-M1 through 11.0.14, 10.1.0-M1 through 10.1.49, and 9.0.0-M1 through 9.0.112. The following versions were at the end of their support lifecycles at the time the CVE was created, but are still affected: 8.5.0...