[SECURITY] Fedora 36 Update: zlib-1.2.11-32.fc36

Zlib is a general-purpose, patent-free, lossless data compression library which is used by many different programs...

xz security update

CentOS Errata and Security Advisory CESA-2022:5052 An update for xz is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stac...

GSD-2022-1004626 f2fs: attach inline_data after setting compression

f2fs: attach inlinedata after setting compression This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.127 by commit...

Fedora: Security Advisory for go-bindata (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-snappy-0.0.2-7.fc36

Implementation of the Snappy compression format for Go...

CVE-2022-23001

When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...

CVE-2022-23001

When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...

CVE-2022-23002 Point Compression/Decompression of NIST P-256 points with X coordinate of zero

When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an...

CVE-2022-23001

The CVE-2022-23001 entry concerns the Western Digital Sweet B library, which implements public-key elliptic-curve cryptography (NIST P-256 and SECG secp256k1). The vulnerability stems from selecting the wrong sign bit during compression or decompression of elliptic-curve points. An attacker with ...

Western Digital Sweet B 安全漏洞

Western Digital Sweet B is a library from Western Digital, Inc. that implements public key elliptic curve cryptography ECC using NIST P-256 and SECG secp256k1 curves. A security vulnerability exists in the Western Digital Sweet B library that arises from the use of incorrect sign bit selection wh...

OESA-2022-1762 gdk-pixbuf2 security update

gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites. Security Fixes: A flaw was found in gdk-pixbuf in versions before...

curl < 7.84.0 supports "chained" HTTP compression algorithms meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb" makingcurl end up spending enormous amounts of allocated heap memory or trying toand returning out of memory errors.

...

CLSA-2022-1658171690 Fixed CVE-2016-10012 in openssh

CVE-2016-10012: re-remove pre-authentication compression and potentially unsecure shared memory manager used by zlib - Move not yet valid timestamps for certs to 2030-2040 range, make sure all tests are passed and add %check unset DISPLAY section...

CLSA-2022-1658171011 Fixed CVE-2016-10012 in openssh

CVE-2016-10012: re-remove pre-authentication compression and potentially unsecure shared memory manager used by zlib - Move not yet valid timestamps for certs to 2030-2040 range, make sure all tests are passed and add %check unset DISPLAY section...

Fixed CVE-2016-10012 in openssh

CVE-2016-10012: re-remove pre-authentication compression and potentially unsecure shared memory manager used by zlib - Move not yet valid timestamps for certs to 2030-2040 range, make sure all tests are passed and add %check unset DISPLAY section...

[SECURITY] Fedora 35 Update: golang-github-ulikunitz-xz-0.5.10-4.fc35

This Go language package supports the reading and writing of xz compressed streams. It includes also a gxz command for compressing and decompressing dat a. The package is completely written in Go and doesn't have any dependency on an y C code...

[SECURITY] Fedora 35 Update: golang-github-snappy-0.0.2-6.fc35

Implementation of the Snappy compression format for Go...

[SECURITY] Fedora 35 Update: golang-github-pierrec-lz4-4.1.3-5.fc35

Package lz4 implements reading and writing lz4 compressed data a frame, as specified in http://fastcompression.blogspot.com/2013/04/lz4-streaming-format-final.html. This package is compatible with the LZ4 frame format although the block level compression and decompression functions are exposed an...

[SECURITY] Fedora 36 Update: go-bindata-3.0.7-22.gita0ff256.fc36

A small utility which generates Go code from any file This tool converts any file into managable Go source code. Useful for embedding binary data into a go program. The file data is optionally gzip compressed before being converted to a raw byte slice...