59480 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: ipv4: Fixed an alignment fault in the multipath hash seed for ARM64 architectures. The struct sysctlfibmultipathhashseed contains two u32 fields userseed and mpseed, making it an 8-byte structure with a 4-byte alignment...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: 9p/transfd: Always use ONONBLOCK for read/write operations. The syzbot report indicates that tasks become hung at p9fdclose, due to p9muxpollstop. This occurs because p9connDestroy fails to interrupt kernelread/kernelwrite that...
Astra Linux - уязвимость в exiv2
Exiv2 is a C++ library and command-line utility for reading, writing, deleting, and modifying image metadata in formats such as Exif, IPTC, XMP, and ICC. A buffer overflow vulnerability has been discovered in Exiv2 versions v0.27.3 and earlier. This vulnerability occurs when Exiv2 is used to writ...
Astra Linux - уязвимость в squashfs-tools
The squashfsopendir function in unsquash-2.c within Squashfs-Tools 4.5 enables Directory Traversal, another vulnerability distinct from CVE-2021-40153. A squashfs filesystem that includes a symbolic link, along with files under the same filename, can cause unsquashfs to first create the symbolic...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisock: Prevent race conditions in socket write iteration and sockbind. There is a potential race condition between sockBind and socketwriteiter. bind may free the same memory location through mgmtPending before th...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: In tomoyowritecontrol, do not emit a warning. syzbot reports a “too-large allocation” warning in tomoyowritecontrol. It’s possible to write a very long line without a newline character. To fix this warning, I use GFPNOWARN instea...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mtdchar: Fixed integer overflow in read/write ioctls. The req.start and req.len variables are u64 values that originate from the user at the beginning of the function. We mask the high 32 bits of req.len, ensuring that its value ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: Fixed a null pointer panic in the tracepoint of replaceatomicwriteblock. A kernel panic occurs when oldaddr is NULL. https://bugzilla.kernel.org/showbug.cgi?id=217266 BUG: Null pointer dereferencing in the kernel; address:...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300 – ensure that the data length is within the supported range. A explicit check for the transfer length should be added to ‘rtl9300i2cconfigxfer’ to ensure that the data length is not within the supported range. In...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: Tracing: A silence warning is issued when chunk allocation fails in tracepidwrite. Syzkaller triggers a fault injection warning: WARNING: CPU: 1 PID: 12326 at tracepointaddfunc+0xbfc/0xeb0 Modules linked in: CPU: 1 UID: 0 PID:...
Astra Linux - уязвимость в chromium
Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: virtiopmem: Added the missing REQOPWRITE for flushing bio. When performing mkfs.xfs on a pmem device, the following warning was encountered: ------------ Cut here ------------ Warning: CPU: 2, PID: 384; at block/blk-core.c:751:...
Astra Linux - уязвимость в git-lfs
Git LFS is an extension to Git for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository’s working tree with the contents of Git LFS objects, certain Git LFS commands might write to files that are visible outside the current Git working tree, if symboli...
Astra Linux - уязвимость в imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a potential security issue involving infinite recursion in the MSL Magick Scripting Language command when writing to MSL format. Version 7.1.2-13 addresses this issue...
Astra Linux - уязвимость в chromium
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restricted kiocbsetcancelfn to I/O submitted via libaio. If kiocbsetcancelfn is called for I/O submitted via iouring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocbsetcancelfn+0x9c/0x...
Astra Linux - уязвимость в firefox, thunderbird
Methods AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding, and AppendEncodedCharacters may experience integer overflows, resulting in underallocation of an output buffer and thus causing out-of-bounds write attacks. This vulnerability affects Firefox 124, Firefox ESR 115.9, and...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fixed a potential bug in endbufferasyncwrite According to a syzbot report, endbufferasyncwrite, which handles the completion of block device writes, may detect abnormal conditions of the asyncwrite flag and cause a BUGON...
Astra Linux - уязвимость в chromium
Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в musl
Musl libc versions 0.9.13 through 1.2.5 before 1.2.6 have a out-of-bounds write vulnerability, which means that an attacker can trigger the iconv conversion of untrusted EUC-KR text to UTF-8...