Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fillframeinfo syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one. Since fillframeinfo is relying on skb-maclen already, extend the check to cover this case...

PT-2025-49094

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's be2net component where the be insert vlan in pkt function is called with a NULL wrb params argument at the be send pkt to bmc call site. This can lead...

AZL-54818 CVE-2024-56648 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fillframeinfo syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one. Since fillframeinfo is relying on skb-maclen already, extend the check to cover this case...

FreeBSD : zeek -- potential DoS vulnerabilities (8eefa87f-31f1-496d-bf8e-2b465b6e4e8a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8eefa87f-31f1-496d-bf8e-2b465b6e4e8a advisory. - Tim Wojtulewicz of Corelight reports: File extraction limits were not correctly enforced for files...

Scientific Linux Security Update : Scientific Linux 6 kernel on SL6.x i386/x86_64

The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. CVE-2011-1020, Moderate -...

Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)

It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities...

USN-1241-1: Linux kernel (i.MX51) vulnerabilities

It was discovered that the Stream Control Transmission Protocol SCTP implementation incorrectly calculated lengths. If the net.sctp.addipenable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. CVE-2011-1573 Ryan Sweat discovered that the kernel...