Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mmmremap.c: Avoid unnecessary calls to invalidrangestart/invalidaterangeend when using mremap with oldsize=0. If the mremap system call with oldsize=0 ends up in movepagetables, it will unnecessarily call...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid dividing by 0 in mbupdateavgfragmentsize when the block bitmap is corrupted. The issue arises when the block bitmap is corrupted, and dividing by 0 may occur during this function. To mitigate this risk, it is necessar...

Astra Linux – Vulnerability in DjVuLibre

DjVuLibre 3.5.27 allows attackers to carry out a denial-of-service attack application crashes due to an out-of-bounds read by creating a corrupted JB2 image file. This occurs due to improper handling of the JB2 image file in the JB2Dict::JB2Codec::getdirectcontext function in libdjvu/JB2Image.h,...

Astra Linux – Vulnerability in Thunderbird

matrix-js-sdk is a client-server SDK for the Matrix messaging protocol, designed for JavaScript. In versions prior to 19.4.0, events sent with special strings in key locations could temporarily disrupt or hinder the proper functioning of matrix-js-sdk, potentially affecting the consumer’s ability...

Astra Linux – Vulnerability in Waitress

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before Waitress has had the opportunity to call getpeername, Waitress will not properly clean up the connection. As a result, the main thread attempts to write to a socket that no long...

Astra Linux – Vulnerability in Thunderbird

Ribose RNP before version 0.16.3 may hang when the input is malformed...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick in versions prior to 7.0.11 and prior to 6.9.12. In these versions, a division by zero in the WaveImage function of MagickCore/visual-effects.c could lead to undefined behavior when a malicious image file was submitted to an application that used ImageMagick...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: A fix was made to prevent division by zero in the setupdscconfig function. When sliceheight is 0, the division by sliceheight in the calculation of the number of slices can lead to a division by zero, causing the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: The default value of “denominators” should be set to 1. WHAT & HOW Variables that are used as denominators and may not be assigned to other values should not have a default value of 0. Change their default value ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iocost: Fixed the divide-by-zero issue when calculating donations from cgroups with an active hweight of less than 2. The donation calculation logic assumes that the donor will have a non-zero hweight after the donation. Therefor...

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. In affected versions of Redis, a integer overflow bug in the 32-bit Redis version 4.0 or newer can be exploited to corrupt the heap, potentially leading to remote code execution. Redis 4.0 or newer includes a configurable lim...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick, specifically in the MagickCore/visual-effects.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, including division by zero in mathematics. The greatest threat of this vulnerability is to system...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ntfs: Set a dummy block size to “read bootblock” when mounting. During mounting, sb-sblocksize is used to read the bootblock without being defined or validated. Set a dummy block size before attempting to read the bootblock. The...

Astra Linux – Vulnerability in Tomcat9

When responding to new H2C connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61 may duplicate request headers and a limited amount of request body from one request to another. This means that user A and user B may both see the results of user A’...

Astra Linux – Vulnerability in Tomcat9

The “Allocation of Resources Without Limits or Throttling” vulnerability in Apache Tomcat exists. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, and from 9.0.13 through 9.0.89. The following versions were already reached their...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick’s MagickCore/segment.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, specifically a division by zero in mathematics. This likely results in a disruption to the application’s functionality, but it may al...

Astra Linux – Vulnerability in Wireshark

In Wireshark versions up to 3.2.7, the Facebook Zero Protocol also known as FBZERO dissector could enter an infinite loop. This issue was addressed in the epan/dissectors/packet-fbzero.c file by correcting the implementation of offset advancement...

Astra Linux – Vulnerability in exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was discovered in Exiv2 versions v0.27.4 and earlier. This infinite loop occurs when Exiv2 is used to modify the metadata of a specially crafted image file. ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: The code checks contexts-nr before accessing contextsarr0. Multiple sysfs command paths dereference contextsarr0 without first verifying that kdamond-contexts-nr == 1. A user can set nrcontexts to 0 via sysfs whil...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: scsidebug: Do not call kcalloc if size argument is zero. If the size argument to kcalloc is zero, it returns ZEROSIZEPTR. Therefore, for the subsequent NULL pointer check to work on the returned pointer, kcalloc must not...