[SECURITY] [DLA 2085-1] zlib security update

Package : zlib Version : 1:1.2.8.dfsg-2+deb8u1 CVE ID : CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Several issues have been found in zlib, a compression library. They are basically about improper big-endian CRC calculation, improper left shift of negative integers and improper pointe...

UBUNTU-CVE-2019-17543

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."...

WDExtract - Extract Windows Defender Database From Vdm Files And Unpack It

ExtractWindows Defender database from vdm files and unpack it This program distributed as-is, without any warranty; No official support, if you like this tool, feel free to contribute. Features Unpack VDM containers of Windows Defender/Microsoft Security Essentials; Decrypt VDM container embedded...

Debian: Security Advisory (DLA-1600-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2018-14340

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuffzlib.c by rejecting negative lengths to avoid a buffer over-read...

Security Bulletin: IBM Tivoli Monitoring Agent Framework component. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9843)

Summary IBM Tivoli Monitoring uses zlib compression library in both the General services library and the File Transfer component. This bulletin address several reported vulnerabilities in the zlib compression library. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a...

Bitvise SSH Server < 7.41 Security Bypass Vulnerability

Bitvise SSH Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:bitvise:winsshd";...

Fedora 26 : openvpn (2017-700915e34f)

Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated key-method 1 configuration option CVE-2017-12166. From this update of, OpenVPN will use the lz4 compression library from Fedora instead of the upstream bundled...

ZZIPlib '__zzip_get32' Heap Buffer Overflow Vulnerability

ZZIPlib is a lightweight used to extract files from the ZIP file to read the C language package , but also can be used to compress multiple files into zip format , using the zlib library development . ZZIPlib 'zzipget32' has a heap buffer overflow vulnerability. An attacker can exploit this...

UBUNTU-CVE-2016-6581

A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...

Open-source compression library Libarchive exposed high-risk vulnerabilities, affect the Debian Linux, FreeBSD, etc. a large number of products-vulnerability warning-the black bar safety net

! The recent Libarchive has been exposed security vulnerabilities--Libarchive is an open source compression Library, for a variety of different file archive formats. Libarchive application range is very wide, therefore, so a large number of natural also will be affected, such as Debian Linux,...

JVN#78689801: BGA32.DLL and QBga32.DLL contain multiple vulnerabilities

BGA32.DLL is a compression/decompression library for gza and bza-format files. BGA32.DLL contains multiple vulnerabilities including a buffer overflow because it utilizes vulnerable zlib and bzip2 libraries. QBga32.DLL, which is a wrapper of BGA32.DLL, is also affected. Impact Decompressing a...

USN-2300-1 lzo2 vulnerability

Don A. Bailey discovered that LZO incorrectly handled certain input data. An attacker could use this issue to cause LZO to crash, resulting in a denial of service, or possibly execute arbitrary code...

Zlib 1.1.4 Compression Library gzprintf() Buffer Overrun Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/6913/info A buffer-overrun vulnerability has been reported in the Zlib compression library. Due to the use of 'vsprintf' by an internal Zlib function, an attacker can cause memory to become corrupted. This buffer overrun...

DEBIAN-CVE-2011-0015

Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor...

[SECURITY] Fedora 10 Update: perl-Compress-Raw-Bzip2-2.020-1.fc10

This module provides a Perl interface to the bzip2 compression library. It is used by IO::Compress::Bzip2...

VulnCheck KEV: CVE-2009-1391

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service hang or crash via a crafted zlib compressed stream that triggers a...

Debian Security Advisory DSA 122-1 (zlib, various)

The remote host is missing an update to zlib, various announced via advisory DSA 122-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

DEBIAN-CVE-2007-2231

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped .gz mailboxes mbox files via a .. dot dot sequence in the mailbox name...

CentOS 4 : zlib (CESA-2005:584)

Updated zlib packages that fix a buffer overflow are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Zlib is a general-purpose lossless data compression library that is used by many different...