MGASA-2026-0145 Updated firefox & thunderbird packages fix security vulnerabilities

LZ4 compression library issue. CVE-2025-62813 libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CVE-2026-32776 libexpat before 2.7.5 allows an infinite loop while parsing DTD content. CVE-2026-32777 libexpat before 2.7.5 allows a NULL pointer...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2026-2708)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2708 advisory. delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related:...

EUVD-2014-4543

Malware in sbrugna...

EUVD-2014-8591

Malware in sbrugna...

EUVD-2025-32515

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at 0 and 1 will continue to write until the next multiple of 8. The buffer...

EUVD-2025-8093

Malicious code in bioql PyPI...

USN-5495-2: curl regression

USN-5495-1 fixed vulnerabilities in curl. The fix for CVE-2022-32205 miscalculated the maximum cookie size, causing a regression. This update fixes the problem. Original advisory details: Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this...

USN-5495-2 curl regression

USN-5495-1 fixed vulnerabilities in curl. The fix for CVE-2022-32205 miscalculated the maximum cookie size, causing a regression. This update fixes the problem. Original advisory details: Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this...

go-toolset:ol8 security update

delve 1.24.1-1.0.1 - Disable DWARF compression which has issues Alex Burmashev golang 1.23.9-1 - Update to Go 1.23.9 - Resolves: RHEL-94636 go-toolset 1.23.9-1 - Update to Go 1.23.9 - Resolves: RHEL-94636...

CVE-2021-43304

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopyop, ip, copyend, don’t exceed the destination buffer’s limits...

CVE-2025-27832

An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c...

CVE-2025-27832

An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c...

CVE-2024-57923 btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path

In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix availin bytes for s390 zlib HW compression path Since the input data length passed to zlibcompressfolios can be arbitrary, always setting strm.availin to a multiple of PAGESIZE may cause read-in bytes to exceed t...

CVE-2024-55628 Suricata oversized resource names utilizing DNS name compression can lead to resource starvation

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-2943)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2024-27629

An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaped and injected into a system call when certain types of compression are used...

NetScaler ns.log Files not Compressed NSCALLHOME-252

Issue : ns.log Files not Compressed root@ns cat /etc/newsyslog.conf | grep ns.log /var/log/ns.log 600 25 $D00 Z...

SUSE-SU-2022:2327-2 Security update for curl

This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service bsc1200735 - CVE-2022-32208: FTP-KRB bad message verification bsc1200737...

Security advisory: Recently reported zlib compression issue impacts Qt

zlib has recently reported that it has a security issue when deflating which could cause memory corruption if the input has many distant matches. This is reported in a bit more detail here: and has been assigned the CVE id CVE-2018-25032. This has been fixed in an update to zlib 1.2.12 This affec...