Important: mingw-zlib security update

The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fixes: zlib: A flaw found in zlib when compressing not decompressing certain inputs CVE-2018-25032 For more details about the security issues, including the impact, a CV...

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-206)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-206 advisory. A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This fl...

Moderate: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

PT-2022-6955 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the classic access control list ACL compression feature could allow an unauthenticated, remote attacker to bypass the protection offered by a configured ACL...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

zlib security update

An update is available for zlib. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The zlib packages provide a general-purpose lossless data compression library th...

PT-2022-26615 · Apple · Macos Monterey +3

Name of the Vulnerable Software and Affected Versions: macOS Monterey versions prior to 12.6.3 macOS Big Sur versions prior to 11.7.3 macOS Ventura version 13 is not affected as it already includes the fix, but versions prior to 13 are affected. However, since the exact affected range for Ventura...

[SECURITY] Fedora 35 Update: wavpack-5.5.0-2.fc35

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

Multiple vulnerabilities in nadesiko3

Overview Nadesiko3 provided by kujirahand contains multiple vulnerabilities listed below. OS command injection vulnerability in processing compression and decompression CWE-78 - CVE-2022-41642 Improper check or handling of exceptional conditions in nako3edit CWE-703 - CVE-2022-41777 OS command...

USN-5570-2: zlib vulnerability

USN-5570-1 fixed a vulnerability in zlib. This update provides the corresponding update for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Evgeny Legerov discovered that zlib incorrectly handled memory when performing certain inflate operations. An attacker could use this issue...

Security Bulletin: Multiple vulnerabilities in Apache Ant affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Apache Ant used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2021-36373 DESCRIPTION: Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By...

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-145)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-145 advisory. A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This fl...

Fedora: Security Advisory for wavpack (FEDORA-2022-ca2f721916)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: wavpack-5.5.0-2.fc36

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

Huawei EulerOS: Security Advisory for zlib (EulerOS-SA-2022-2598)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

gnutls and nettle security, bug fix, and enhancement update

gnutls 3.7.6-12 - fips: mark PBKDF2 with short key and output sizes non-approved - fips: only mark HMAC as approved in PBKDF2 - fips: mark gnutlskeygenerate with short key sizes non-approved - fips: fix checking on hash algorithm used in ECDSA - fips: preserve operation context around FIPS...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2413)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : curl (EulerOS-SA-2022-2454)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to...

Vulnerabilities fixed in IBM Tivoli Monitoring

IBM has fixed vulnerabilities in Tivoli Monitoring. The vulnerabilities are in underlying software, such as Java Runtime, zlib and Eclipse and allow a malicious person to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in Tivoli...

XPDF 代码问题漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. A code issue vulnerability exists in XPDF version 4.04, which stems from a crash in the convertToType0 function in fofi/FoFiType1C.cc...