18086 matches found
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: The delay module was unloaded while the fabric scan was in progress. This led to a system crash during the load/unload test. 105954.384919 RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: In raid1reshape, the freezearray function is called before modifying the r1bio memory pool conf-r1biopool and conf-raiddisks. The unfreezearray function is called after the update is completed. However, freezearray only waits unt...
Astra Linux – Vulnerability in Chromium
The use of after-free in Prerender in Google Chrome before version 147.0.7727.101 allowed a remote attacker to execute arbitrary code through a crafted HTML page. Chromium security severity: Critical...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the browser UI of Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: Low...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: IOMMU: Disable SVA when CONFIGX86 is set The patch series “Fix stale IOTLB entries for kernel address space”, version 7, proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing SVA. In an SVA contex...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in WebML in Google Chrome prior to version 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The incorrect security UI in Blink in Google Chrome prior to version 147.0.7727.55 allowed a remote attacker to perform UI spoofing through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: “Revert ‘wireguard: device: enable threaded NAPI’” This resolution involves commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c, which is a commit from upstream. We received three independent reports from production users who were...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in WebML in Google Chrome prior to version 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
Astra Linux – Vulnerability in Firefox and Thunderbird
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in PostgresSQL-15
Integer wraparound in several PostgreSQL libpq client library functions allows an application’s input provider or network peer to cause libpq to undersize allocations and write out-of-bounds data, involving hundreds of megabytes. This leads to a segmentation fault in the application that uses...
Astra Linux – Vulnerability in python-cryptography
Cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.5, the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey, and loadpempublickey functions did not verify...
Astra Linux – Vulnerability in Ruby 3.1
Zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0, and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends bytes provided by the caller before previously produced...
Astra Linux – Vulnerability in Firefox and Thunderbird
JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Chromium
Using “after free” in Codecs in Google Chrome before version 147.0.7727.101 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Firefox and Thunderbird
JIT compilation errors in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Chromium
Integer overflow in WebRTC in Google Chrome prior to version 147.0.7727.55 allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Using “after free” in Codecs in Google Chrome before version 147.0.7727.101 allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted video file. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: crypto: caam – Fixed a memory leak in dpaa2caamprobe. When commit 0e1a4d427f58 “crypto: caam: Unembed netdev structure in dpaa2” converted the embedded netdevice to dynamically allocated pointers, it added cleanup code in...
Astra Linux – Vulnerability in libstb
In Libsixel, prior to and including v1.10.3, a NULL pointer dereferencing in the stbimage.h component of libsixel allows attackers to cause a denial of service DOS through a crafted PICT file...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: xfs: check the return value of xchkscrubcreatesubord. This function should be fixed to return NULL instead of the mangled ENOMEM. Additionally, the calling functions should be corrected to actually check for a null pointer and...
Astra Linux – Vulnerability in Firefox and Thunderbird
Sandbox escape due to a use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability in Ruby-Rack
Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, the path check for Rack::Directory used a string prefix match on the expanded path. A request like /../rootexample/ could escape the configured root if the target path started with the root string, allowing...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon receiving report-present messages. Be sure to release the reference taken when checking for already registered devices...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: xfrm6: fixed an issue where uninitialized saddr values were used in xfrm6getsaddr. The xfrm6getsaddr function does not check the return value of ipv6devgetsaddr. When ipv6devgetsaddr fails to find a suitable source address...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check the return value of indxfind to avoid infinite loops We have identified a bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed dentry in the ntfs3 filesystem can cause the...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: Fix for iiochanspec for sensors without event detection capabilities. The stlsm6dsxaccchannels array within struct iiochanspec contains a eventspec field that is not NULL, indicating that the sensor supports...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed a crash that occurred when using a synthetic stacktrace field. When creating a synthetic event based on an existing synthetic event that had a stacktrace field, the new synthetic event used that field, resulting in...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: power: supply: bq25980: A use-after-free occurred in the powersupplychanged function. By using the devm variant to request the IRQ before using the devm variant to allocate/register the powersupply handle, the powersupply handle...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: drm/atmel-hlcdc: fixed a memory leak caused by the atomicDestroystate callback. After several commits, the amount of slated memory increased. Some drmcrtccommit objects were not freed. The atomicDestroystate callback only free...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: Fixed the connector type for the DataImage SCF0700C48GGU18 panel. The connector type for the DataImage SCF0700C48GGU18 panel is missing, and devmdrmpanelbridgeadd requires the connector type to be set. This...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: wan/fslucchdlc: Fixed the dmafreecoherent function in uhdlcmemclean. The priv-rxbuffer and priv-txbuffer are allocated together as contiguous buffers in uhdlcinit, but they are freed as two separate buffers in uhdlcmemclean...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: sched/rt: The function rtonextcpu should now properly handle situations where only CPU0 is overloaded. In such cases, rtonextcpu should ideally return -1, indicating that no further IPIs are needed. The vulnerability arises when...
Astra Linux – Vulnerability in Firefox
Memory safety bugs exist in Firefox 148 and Thunderbird 148. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability has been fixed in Firefox 149 and Thunderbird...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: gve: Fixed corruption in the stats report when the number of queues changes. The driver and the Network Interface Card NIC share a memory region for stats reporting. The NIC calculates its offset within this region based on the...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: 9p/xen: Protect xen9pfsfrontfree against concurrent calls The xenwatch thread can race with other backend change notifications and call xen9pfsfrontfree twice, causing the observed general protection fault due to a double-free...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: hfsplus: Return error when the node already exists in hfsbnodecreate When hfsbnodecreate detects that a node already exists and has been hashed which should not happen under normal conditions, it currently returns the existing no...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount – increased the connection cleanup limit to 64. After the optimization to perform only one garbage collection per jiffy, a new problem emerged. If more than 8 new connections are tracked per jiffy, the list...
Astra Linux – Vulnerability in Python 3.11
The webbrowser.open API accepts URLs with leading hyphens, which can be treated as command-line options for certain web browsers. However, the new behavior disallows the use of leading hyphens. It is recommended that users sanitize URLs before passing them to webbrowser.open...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: usb: ChipIdea UDC: Fix for DMA and SG cleanup in epnuke The ChipIdea UDC driver may encounter errors where “not-page-aligned sg buffers” occur when a USB device is reconnected after being disconnected during an active transfer...
Astra Linux – Vulnerability in firewalld
A flaw was discovered in firewalld. A local unprivileged user can exploit this vulnerability by improperly authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and setPolicySettings. This improper authorization allows the user to modify the runtime firewall state without proper...
Astra Linux – Vulnerability in qBittTorrent
qBittorrent versions before 5.1.2 do not prevent access to a local file that is referenced in a link URL. This issue affects rsswidget.cpp and searchjobwidget.cpp...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in Skia in Google Chrome prior to version 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory through a crafted HTML page. Chromium security severity: Critical...
Astra Linux – Vulnerability in pyopenssl
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting from version 22.0.0 and before version 26.0.0, if a user provided a callback for setcookiegeneratecallback and the returned cookie value was longer than 256 bytes, pyOpenSSL would cause an overflow of the buffer provided by OpenSS...
Astra Linux – Vulnerability in pyjwt
PyJWT is an implementation of JSON Web Tokens in Python. Before version 2.12.0, PyJWT did not validate the Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a critical array listing extensions that PyJWT does not understand, the library accepts the token instead of...
Astra Linux – Vulnerability in GraphicsMagick
GraphicsMagick before 8e56520 has a heap-based buffer over-read issue in the ReadJXLImage function, located in coders/jxl.c, related to a call to ImportViewPixelArea...