ALSA-2025:0925 Moderate: bzip2 security update

The bzip2 packages contain a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. Security Fixes: bzip2: bzip2: Data integrity error when decompressing with data integrity test...

XZ Utils Backdoor

The cybersecurity world got really lucky last week. An intentionally placed backdoor in XZ Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer--weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica:...

lrzip Denial of Service Vulnerability (CNVD-2022-76502)

lrzip is a compression utility. lrzip v0.651 contains a denial of service vulnerability that originates in getmagic in lrzip.c and Predictor::init function in libzpaq/libzpaq.cpp, which can be exploited by attackers to cause a denial of service impact...

gzip security update

An update is available for gzip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gzip packages contain the gzip GNU zip data compression utility. gzip is use...

Irzip Reuse After Release Vulnerability

Irzip is a compression utility that excels at compressing large files. A post-release reuse vulnerability exists in the lzmadecompressbuf function in stream.c in Irzip version 0.631, which can be exploited by an attacker to cause a denial of service via specially crafted compressed files...

Debian DLA-2573-1 : libzstd security update

It was discovered that zstd, a compression utility, was vulnerable to a race condition: it temporarily exposed, during a very short timeframe, a world-readable version of its input even if the original file had restrictive permissions. For Debian 9 stretch, this problem has been fixed in version...

[SECURITY] [DLA 2573-1] libzstd security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2573-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 20, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 4859-1] libzstd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4859-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 20, 2021 https://www.debian.org/security/faq -...

[SECURITY] Fedora 30 Update: pxz-4.999.9-19.beta.20200421git.fc30

Parallel XZ is a compression utility that takes advantage of running XZ compression simultaneously on different parts of an input file on multiple cores and processors. This significantly speeds up compression time...

Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability

This blog post was authored by Marcin Noga of Cisco Talos.IntroductionIn 2016 Talos released an advisory for CVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk through the process of...

[SECURITY] Fedora 25 Update: bzip2-1.0.6-21.fc25

Bzip2 is a freely available, patent-free, high quality data compressor. Bzip2 compresses files to within 10 to 15 percent of the capabilities of the best techniques available. However, bzip2 has the added benefit of being approximately two times faster at compression and six times faster at...

[SECURITY] Fedora 13 Update: bzip2-1.0.6-1.fc13

Bzip2 is a freely available, patent-free, high quality data compressor. Bzip2 compresses files to within 10 to 15 percent of the capabilities of the best techniques available. However, bzip2 has the added benefit of being approximately two times faster at compression and six times faster at...

FreeBSD Security Advisory (FreeBSD-SA-05:14.bzip2.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-05:14.bzip2.asc ADV FreeBSD-SA-05:14.bzip2.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft...

[SECURITY] Fedora 8 Update: bzip2-1.0.4-13.fc8

Bzip2 is a freely available, patent-free, high quality data compressor. Bzip2 compresses files to within 10 to 15 percent of the capabilities of the best techniques available. However, bzip2 has the added benefit of being approximately two times faster at compression and six times faster at...

CVE-2005-2856

Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including 1 ALZip 5.51 through 6.11, 2 Servant Salamander 2.0 and 2.5 Beta 1, 3 WinHKI 1.66 and 1.67, 4 ExtractNow 3.x, 5 Total Commander 6.53, 6 Anti-Trojan 5.5.421,...

CVE-2005-2856

Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including 1 ALZip 5.51 through 6.11, 2 Servant Salamander 2.0 and 2.5 Beta 1, 3 WinHKI 1.66 and 1.67, 4 ExtractNow 3.x, 5 Total Commander 6.53, 6 Anti-Trojan 5.5.421,...

CVE-2005-2856

CVE-2005-2856 describes a stack-based buffer overflow in the WinACE UNACEV2.DLL used by many products (e.g., ALZip, Total Commander, IZArc, BitZipper, UltimateZip, etc.). The flaw occurs when extracting an ACE archive with an overly long filename, allowing user-assisted attackers to execute arbit...

KLA10311 ACE vulnerability in multiple software

A buffer overflow was found in the WinACE compression utility, which is used in multiple products. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed ACE filename. Original advisories - Related product...

FreeBSD-SA-05:14.bzip2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:14.bzip2 Security Advisory The FreeBSD Project Topic: bzip2 denial of service and permission race vulnerabilities Category: contrib Module: contribbzip2...

FreeBSD-SA-05:11.gzip

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:11.gzip Security Advisory The FreeBSD Project Topic: gzip directory traversal and permission race vulnerabilities Category: contrib Module: gzip Announced:...