3661 matches found
SUSE CVE-2025-22127
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix potential deadloop in preparecompressoverwrite Jan Prusakowski reported a kernel hang issue as below: When running xfstests on linux-next kernel 6.14.0-rc3, 6.12 I encountered a problem in generic/475 test where fsstres...
[SECURITY] Fedora 42 Update: rust-zip-2.6.1-1.fc42
Library to support the reading and writing of zip files...
DEBIAN-CVE-2022-47112
7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected...
DEBIAN-CVE-2025-22127
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix potential deadloop in preparecompressoverwrite Jan Prusakowski reported a kernel hang issue as below: When running xfstests on linux-next kernel 6.14.0-rc3, 6.12 I encountered a problem in generic/475 test where fsstres...
CVE-2025-22127
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix potential deadloop in preparecompressoverwrite Jan Prusakowski reported a kernel hang issue as below: When running xfstests on linux-next kernel 6.14.0-rc3, 6.12 I encountered a problem in generic/475 test where fsstres...
CVE-2025-22127 f2fs: fix potential deadloop in prepare_compress_overwrite()
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix potential deadloop in preparecompressoverwrite Jan Prusakowski reported a kernel hang issue as below: When running xfstests on linux-next kernel 6.14.0-rc3, 6.12 I encountered a problem in generic/475 test where fsstres...
CVE-2025-22127
CVE-2025-22127 affects the Linux kernel F2FS. The issue could cause a kernel hang when a compressed file system operation triggers IO errors during load of the error table to a dm device, while f2fs_write_data_pages holds the writepages lock. Root cause described: IO error looping in f2fs_prepare...
[SECURITY] Fedora 42 Update: openvpn-2.6.14-1.fc42
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
[SECURITY] Fedora 42 Update: upx-5.0.0-1.fc42
UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...
[SECURITY] Fedora 40 Update: openvpn-2.6.14-1.fc40
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
delve and golang security update
delve 1.24.1-2.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.24.1-2 - Fix 3 test failures - Resolves: RHEL-83939 - Resolves: RHEL-83958 - Resolves: RHEL-7373 1.24.1-1 - Rebase to Delve 1.24.1 - Resolves: RHEL-64445 golang 1.23.6-2 - Fix runtime usleep issue on s390x...
The vulnerability of the command-line tool of the Zstandard data compression library, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the command-line tool of the Zstandard data compression library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
K000150761: gRPC vulnerabilities CVE-2023-32732 and CVE-2023-33953
Security Advisory Description CVE-2023-32732 gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed ...
[SECURITY] Fedora 41 Update: openvpn-2.6.14-1.fc41
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
[SECURITY] Fedora 41 Update: upx-5.0.0-1.fc41
UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...
[SECURITY] Fedora 40 Update: upx-5.0.0-1.fc40
UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...
XZ Utils: Use after free
Background XZ Utils is free general-purpose data compression software with a high compression ratio. Description A use-after-free has been discovered in XZ utils. Please review the CVE identifier referenced below for details. Impact The multithreaded .xz decoder in liblzma has a bug where invalid...
CVE-2025-31115
XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...
CVE-2025-31115 XZ has a heap-use-after-free bug in threaded .xz decoder
XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...
OESA-2025-1358 ghostscript security update
Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of...