Security Bulletin: AIX is vulnerable to denial of service due to zlib and zlibNX (CVE-2018-25032)

Summary A vulnerability in zlib and zlibNX could allow a remote attacker to cause a denial of service CVE-2018-25032. AIX uses zlib and zlibNX as part of its data compression functions. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a...

Huawei EulerOS: Security Advisory for zstd (EulerOS-SA-2022-2372)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2022-2341)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...

EulerOS Virtualization 2.9.0 : zstd (EulerOS-SA-2022-2408)

According to the versions of the zstd package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes ou...

EulerOS Virtualization 2.9.1 : zstd (EulerOS-SA-2022-2372)

According to the versions of the zstd package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes ou...

Security Bulletin: Operations Dashboard is vulnerable to multiple Golang Go vulnerabilities

Summary Operations Dashboard is vulnerable to Go vulnerabilities listed below. Vulnerability Details CVEID:CVE-2022-32189 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in Float.GobDecode and Rat GobDecode in math/big. By sending a specially-crafted message, a remot...

Fedora: Security Advisory for zlib (FEDORA-2022-0b517a5397)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: zlib-1.2.11-32.fc35

Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs...

CVE-2022-29240

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...

CVE-2022-29240 Uninitialized memory read in LZ4 decompression leads to authentication bypass in Scylla

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompressed length is correct. If user provides fake length, that is greater than the real one, part of...

Fedora: Security Advisory for zlib (FEDORA-2022-3c28ae0cd8)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: zlib-1.2.12-5.fc37

Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2022-2310)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an...

GNU Gzip, XZ Utils: Arbitrary file write

Background GNU Gzip is a popular data compression program. XZ Utils is free general-purpose data compression software with a high compression ratio. Description GNU Gzip and XZ Utils' grep helpers do not sufficiently validate certain multi-line file names. Impact In some cases, writing to arbitra...

Amazon Linux 2022 : minizip-compat, minizip-compat-devel, zlib (ALAS2022-2022-100)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-100 advisory. An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of...

In MariaDB before 10.9.2 compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure which allows local users to trigger a deadlock.

...

Fedora: Security Advisory for zlib (FEDORA-2022-b8232d1cca)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: zlib-1.2.11-33.fc36

Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs...

USN-5593-1: Zstandard vulnerability

It was discovered that Zstandard incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...

AlmaLinux 8 : curl (ALSA-2022:6159)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6159 advisory. - curl 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different...