[slackware-security] curl

New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-7.84.0-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Set-Cookie denial of service. HTTP...

CVE-2022-32206

A vulnerability was found in curl. This issue occurs because the number of acceptable "links" in the "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. This flaw leads to a denial of service, either by mistake or by a...

Ubuntu: Security Advisory (USN-5495-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2022-179-01)

The version of curl installed on the remote host is prior to 7.84.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-179-01 advisory. - When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the...

USN-5495-1: curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. CVE-2022-32205 Harry Sintonen discovered that curl incorrectly handled certain HTTP...

USN-5495-1 curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. CVE-2022-32205 Harry Sintonen discovered that curl incorrectly handled certain HTTP...

HTTP compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited...

CURL-CVE-2022-32206 HTTP compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited...

Internet Bug Bounty: CVE-2022-32206: HTTP compression denial of service

curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited...

CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

curl 资源管理错误漏洞

curl is a tool for transferring data from or to a server. A resource management error vulnerability exists in curl versions 7.57.0 through 7.83.1, which stems from the lack of a limit on the number of links in the chained HTTP compression algorithm supported by curl. An attacker exploiting this...

lrzip Denial of Service Vulnerability (CNVD-2022-76502)

lrzip is a compression utility. lrzip v0.651 contains a denial of service vulnerability that originates in getmagic in lrzip.c and Predictor::init function in libzpaq/libzpaq.cpp, which can be exploited by attackers to cause a denial of service impact...

FreeBSD : cURL -- Multiple vulnerabilities (ae5722a6-f5f0-11ec-856e-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ae5722a6-f5f0-11ec-856e-d4c9ef517024 advisory. - When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : curl vulnerabilities (USN-5495-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5495-1 advisory. Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a...

UBUNTU-CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

[SECURITY] Fedora 35 Update: ntfs-3g-system-compression-1.0-9.fc35

System compression, also known as "Compact OS", is a Windows feature that allows rarely modified files to be compressed using the XPRESS or LZX compression formats. It is not built directly into NTFS but rather is implemented using reparse points. This feature appeared in Windows 10 and it appear...

EulerOS 2.0 SP8 : zstd (EulerOS-SA-2022-1957)

According to the versions of the zstd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if...

Fedora: Security Advisory for ntfs-3g-system-compression (FEDORA-2022-13bc8c91b0)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: ntfs-3g-system-compression-1.0-9.fc36

System compression, also known as "Compact OS", is a Windows feature that allows rarely modified files to be compressed using the XPRESS or LZX compression formats. It is not built directly into NTFS but rather is implemented using reparse points. This feature appeared in Windows 10 and it appear...

Important: Red Hat Security Advisory: xz security update

An update for xz is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...