OPENSUSE-SU-2019:2615-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653. - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654. - CVE-2019-1000019: Fixed an Out-Of-Bounds Read...

SUSE SLED15 / SLES15 Security Update : libarchive (SUSE-SU-2019:3093-1)

This update for libarchive fixes the following issues : Security issues fixed : CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653. CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654. CVE-2019-1000019: Fixed an Out-Of-Bounds Read...

Security update for libarchive (moderate)

openSUSE Security Update: Security update for libarchive Announcement ID: openSUSE-SU-2019:2632-1 Rating: moderate References: 1120653 1120654 1124341 1124342 1155079 Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2019-1000019 CVE-2019-1000020 CVE-2019-18408 Affected Products: openSUSE...

Security update for libarchive (moderate)

openSUSE Security Update: Security update for libarchive Announcement ID: openSUSE-SU-2019:2615-1 Rating: moderate References: 1120653 1120654 1124341 1124342 1155079 Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2019-1000019 CVE-2019-1000020 CVE-2019-18408 Affected Products: openSUSE...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libmspack Multiple Vulnerabilities (NS-SA-2019-0217)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libmspack packages installed that are affected by multiple vulnerabilities: - An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity...

SUSE-SU-2019:3093-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653. - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654. - CVE-2019-1000019: Fixed an Out-Of-Bounds Read...

SUSE-SU-2019:3092-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653. - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654. - CVE-2019-1000019: Fixed an Out-Of-Bounds Read...

CVE-2011-2897

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw...

MS10-033: Vulnerabilities in Media Decompression could allow remote code execution

Resolves vulnerabilities in Microsoft Windows that could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a website or any application that delivers web content.INTRODUCTIONMicrosoft has released security bulletin...

Command injection

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...

Fedora Update for suricata FEDORA-2019-fddfb520ec

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 29 Update: suricata-4.1.5-3.fc29

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 30 Update: suricata-4.1.5-3.fc30

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

XNU - Remote Double-Free via Data Race in IPComp Input Path

XNU - Remote Double-Free via Data Race in IPComp Input Path === Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK...

The vulnerability of the zlib_decompress_extra function in the VideoLAN VLC media player allows a hacker to access confidential data after decompression, potentially compromising the integrity of those data and causing service failures.

The vulnerability of the zlibdecompressextra function in the VideoLAN VLC media player involves its use after decompression. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...

CVE-2019-16535

Аn OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol. Eldar Zaitov of Yandex Information Security Team...

Pwning a Siemens Scalance ICS switch through ARM reversing

We’ve been working in industrial control systems security for a long time. Several of the team here used to work in OT control rooms or support SCADA environments. Whilst pen testing a ship control system, we noticed a heavy reliance on Siemens Scalance industrial ethernet switches, so bought a...

Security update for zstd (moderate)

openSUSE Security Update: Security update for zstd Announcement ID: openSUSE-SU-2019:2008-1 Rating: moderate References: 1082318 1133297 1142941 Cross-References: CVE-2019-11922 Affected Products: openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that solves one vulnerability and...

Security fix for the ALT Linux 10 package libarchive version 3.4.0-alt1

Aug. 22, 2019 Aleksei Nikiforov 3.4.0-alt1 - Updated to upstream version 3.4.0. - Fixes: + CVE-2018-1000877 Double Free vulnerability in RAR decoder + CVE-2018-1000878 Use After Free vulnerability in RAR decoder + CVE-2018-1000879 NULL Pointer Dereference vulnerability in ACL parser +...

USN-4109-1: OpenJPEG vulnerabilities

It was discovered that OpenJPEG incorrectly handled certain PGX files. An attacker could possibly use this issue to cause a denial of service or possibly remote code execution. CVE-2017-17480 It was discovered that OpenJPEG incorrectly handled certain files. An attacker could possibly use this...