PT-2024-14691

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises when an inode is compressed but not encrypted, and the system fails to call f2fs wait on block writeback to wait for GCed page writeback in the IPU write path. This can...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

RHEL 6 : elfutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - elfutils: eu-size cannot handle recursive ar files CVE-2018-18520 - elfutils: heap-based buffer over-read...

OESA-2024-1543 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small...

OESA-2024-1529 ignition security update

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

OESA-2024-1530 ignition security update

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

python-jwcrypto security update

0.8-5 - Address potential DoS with high compression ratio Resolves: RHEL-28698...

[SECURITY] Fedora 39 Update: gdcm-3.0.23-5.fc39

Grassroots DiCoM GDCM is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 huffman compression is not supported, RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM files. It...

SUSE CVE-2024-27034

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover normal cluster write with cprwsem When we overwrite compressed cluster w/ normal cluster, we should not unlock cprwsem during f2fswriterawpages, otherwise data will be corrupted if partial blocks were...

SUSE CVE-2024-27035

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to guarantee persisting compressed blocks by CP If data block in compressed cluster is not persisted with metadata during checkpoint, after SPOR, the data may be corrupted, let's guarantee to write compressed...

CVE-2024-27035

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to guarantee persisting compressed blocks by CP If data block in compressed cluster is not persisted with metadata during checkpoint, after SPOR, the data may be corrupted, let's guarantee to write compressed...

CVE-2024-27034

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover normal cluster write with cprwsem When we overwrite compressed cluster w/ normal cluster, we should not unlock cprwsem during f2fswriterawpages, otherwise data will be corrupted if partial blocks were...

DEBIAN-CVE-2024-27034

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover normal cluster write with cprwsem When we overwrite compressed cluster w/ normal cluster, we should not unlock cprwsem during f2fswriterawpages, otherwise data will be corrupted if partial blocks were...

UBUNTU-CVE-2024-27035

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to guarantee persisting compressed blocks by CP If data block in compressed cluster is not persisted with metadata during checkpoint, after SPOR, the data may be corrupted, let's guarantee to write compressed...

UBUNTU-CVE-2024-27034

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover normal cluster write with cprwsem When we overwrite compressed cluster w/ normal cluster, we should not unlock cprwsem during f2fswriterawpages, otherwise data will be corrupted if partial blocks were...

CVE-2024-27035 f2fs: compress: fix to guarantee persisting compressed blocks by CP

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to guarantee persisting compressed blocks by CP If data block in compressed cluster is not persisted with metadata during checkpoint, after SPOR, the data may be corrupted, let's guarantee to write compressed...

CVE-2024-27035 f2fs: compress: fix to guarantee persisting compressed blocks by CP

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to guarantee persisting compressed blocks by CP If data block in compressed cluster is not persisted with metadata during checkpoint, after SPOR, the data may be corrupted, let's guarantee to write compressed...

python-jwcrypto: malicious JWE token can cause denial of service

An uncontrolled resource consumption vulnerability was found in python-jwcrypto. If a malicious JWE token with a high compression ratio is passed to the server, the server will consume a lot of memory and processing time, leading to a denial of service...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2024-605)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-605 advisory. An issue was found in the CPython zipfile module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to quoted-overlap zip-bombs which exploit the...

SUSE CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...