libwebp security update

An update is available for libwebp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libwebp packages provide a library and tools for the WebP graphics format...

USN-4968-2: LZ4 vulnerability

USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a...

USN-4968-2 lz4 vulnerability

USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a...

[SECURITY] Fedora 33 Update: upx-3.96-9.fc33

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 34 Update: upx-3.96-9.fc34

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

Fedora: Security Advisory for upx (FEDORA-2021-737766a313)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for upx (FEDORA-2021-ceb9db8de0)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of TTC and JPEG2000 parsers in VMware Workstation and the Horizon Client for Windows virtualization client software, related to information disclosure, allows attackers to gain unauthorized access to protected information.

The vulnerability of the TTC and JPEG2000 parsers in VMware Workstation’s hypervisor and VMware Horizon Client for Windows’ virtualization client systems is related to information disclosure. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

GHSA-25XM-HR59-7C27 github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)

Impact xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. Patches The problem has been fixed in release v0.5.8. Workarounds Limit the size ...

github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)

Impact xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. Patches The problem has been fixed in release v0.5.8. Workarounds Limit the size ...

SMBv3 Compression Buffer Overflow

A vulnerability exists within the Microsoft Server Message Block 3.1.1 SMBv3 protocol that can be leveraged to execute code on a vulnerable server. This remove exploit implementation leverages this flaw to execute code in the context of the kernel, finally yielding a session as NT AUTHORITY\SYSTE...

[SECURITY] [DSA 4919-1] lz4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4919-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 21, 2021 https://www.debian.org/security/faq -...

RHEL 8 : brotli (RHSA-2021:1702)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1702 advisory. Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffma...

corosync bug fix and enhancement update

The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software. Bug Fixes and Enhancements: corosync crash with compression enabled BZ1951049...

corosync bug fix and enhancement update

An update is available for corosync. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The corosync packages provide the Corosync Cluster Engine and C APIs for Roc...

RLSA-2021:1702 Moderate: brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

Moderate: brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

ALSA-2021:1702 Moderate: brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

Debian DLA-2657-1 : lz4 security update

It was discovered that there was a potential memory corruption vulnerability in the lz4 compression algorithm library. For Debian 9 'Stretch', this problem has been fixed in version 0.0r131-2+deb9u1. We recommend that you upgrade your lz4 packages. For the detailed security status of lz4 please...

PT-2024-11090 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.0-rc1-custom 1 Description: The issue is caused by a race condition between truncate and overwrite operations in the f2fs compress functionality. This can lead to a situation where a page is detached from t...