20 matches found
Unity Linux 20.1060e / 20.1070e Security Update: zstd (UTSA-2026-017635)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017635 advisory. Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permission...
EUVD-2021-10952
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-24032
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default...
SUSE CVE-2021-24032
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to...
Ubuntu 16.04 ESM : Zstandard vulnerabilities (USN-5720-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5720-1 advisory. It was discovered that Zstandard was not properly managing file permissions when generating output files. A local attacker could possibly use this issue ...
Mageia: Security Advisory (MGASA-2021-0322)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : zstd (EulerOS-SA-2021-2490)
According to the versions of the zstd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions matching the...
EulerOS Virtualization 2.9.1 : zstd (EulerOS-SA-2021-2177)
According to the versions of the zstd package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created...
Huawei EulerOS: Security Advisory for zstd (EulerOS-SA-2021-2177)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for zstd (EulerOS-SA-2021-2201)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated zstd packages fix a security vulnerability
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions matching the input would only be set at completion time. Output files could therefore be readable or writable to unintended parties CVE-2021-24031...
Updated zstd packages fix a security vulnerability
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to...
SUSE: Security Advisory (SUSE-SU-2021:0948-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for zstd (openSUSE-SU-2021:0481-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : zstd (openSUSE-2021-481)
This update for zstd fixes the following issues : - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed bsc1183371. - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file bsc1183370. This update wa...
OPENSUSE-SU-2021:0481-1 Security update for zstd
This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed bsc1183371. - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file bsc1183370. This update was...
SUSE SLED15 / SLES15 Security Update : zstd (SUSE-SU-2021:0948-1)
This update for zstd fixes the following issues : CVE-2021-24031: Added read permissions to files while being compressed or uncompressed bsc1183371. CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file bsc1183370. Note that Tenable...
Design/Logic Flaw
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to...
CVE-2021-24031
CVE-2021-24031 is discussed in the connected IBM security bulletin as part of a broader set of vulnerabilities. The Zstandard command-line utility prior to v1.4.1 creates output files with default permissions and only sets the correct permissions at completion time, potentially making outputs rea...
Debian: Security Advisory (DLA-2573-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...