[SECURITY] Fedora 40 Update: upx-4.2.3-1.fc40

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

CVE-2023-3978 affecting package packer for versions less than 1.9.5-3

CVE-2023-3978 affecting package packer for versions less than 1.9.5-3. A patched version of the package is available...

CVE-2023-49568 affecting package packer for versions less than 1.9.5-3

CVE-2023-49568 affecting package packer for versions less than 1.9.5-3. A patched version of the package is available...

CVE-2023-49569 affecting package packer for versions less than 1.9.5-3

CVE-2023-49569 affecting package packer for versions less than 1.9.5-3. A patched version of the package is available...

[SECURITY] Fedora 38 Update: upx-4.2.3-1.fc38

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 39 Update: upx-4.2.3-1.fc39

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

AZL-39202 CVE-2023-45288 affecting package packer for versions less than 1.10.1-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

UBUNTU-CVE-2024-3209

A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function getne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this...

UPX 安全漏洞

UPX is a free, secure, portable, scalable, high-performance executable shelling program for multiple executable formats. A security vulnerability exists in UPX version 4.2.2 and prior versions that stems from the presence of a heap-based buffer overflow issue...

New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner

Sysrv is a well-documented botnet first identified in 2020, with the main payload being a worm written in Golang. It drops a cryptominer onto infected hosts before attempting to propagate itself using various methods, including network vulnerabilities. Over the past few years, the botnet has...

CVE-2023-44487 affecting package packer for versions less than 1.8.1-14

CVE-2023-44487 affecting package packer for versions less than 1.8.1-14. A patched version of the package is available...

AZL-35901 CVE-2024-28180 affecting package packer for versions less than 1.9.5-6

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

AZL-35855 CVE-2024-28180 affecting package packer for versions less than 1.9.5-8

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

AZL-35669 CVE-2024-24786 affecting package packer for versions less than 1.9.5-3

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

AZL-35592 CVE-2024-24786 affecting package packer for versions less than 1.9.5-4

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

CVE-2022-42717 affecting package packer for versions less than 1.8.7-1

CVE-2022-42717 affecting package packer for versions less than 1.8.7-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-0475 affecting package packer for versions less than 1.8.7-1

CVE-2023-0475 affecting package packer for versions less than 1.8.7-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-45286 affecting package packer for versions less than 1.8.7-1

CVE-2023-45286 affecting package packer for versions less than 1.8.7-1. An upgraded version of the package is available that resolves this issue...

AZL-35098 CVE-2023-49569 affecting package packer for versions less than 1.9.5-1

A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootO...

AZL-35095 CVE-2023-49568 affecting package packer for versions less than 1.9.5-1

A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...