Important: Red Hat Security Advisory: xz security update

An update for xz is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RLSA-2022:4991 Important: xz security update

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm LZMA, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fixes: gzip:...

ALSA-2022:4991 Important: xz security update

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm LZMA, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fixes: gzip:...

Important: xz security update

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm LZMA, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fixes: gzip:...

Important: Red Hat Security Advisory: xz security update

An update for xz is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

xz security update

An update is available for xz. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list XZ Utils is an integrated collection of user-space file compression utilities base...

Important: xz security update

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm LZMA, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fixes: gzip:...

ALSA-2022:4940 Important: xz security update

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm LZMA, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fixes: gzip:...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

Important: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

CVE-2017-9104

An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered...

CLSA-2022-1652987360 Fixed CVE-2018-25032 in rsync

CVE-2018-25032: zlib: A flaw found in zlib when compressing not decompressing certain inputs...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

zlib: A flaw found in zlib when compressing (not decompressing) certain inputs

An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large number of distant matches crafted payloads, the buffer into which the compressed or deflated data is written...

Important: Red Hat Security Advisory: gzip security update

An update for gzip is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack)

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests...

Xpdf 安全漏洞

Xpdf is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. A security vulnerability exists in Xpdf version 4.04, which stems from an excessive memory allocation when displaying well-designed input...

curl: CVE-2022-32206: HTTP compression denial of service

Summary: Curl does not prevent resource consumption when processing certain header types, but keeps on allocating more and more resources until the application terminates or the system crashes, see below. The attack vectors include at least: - Sending many Transfer-Encodingwith repeated encodings...

PT-2022-5561

Name of the Vulnerable Software and Affected Versions curl versions prior to 7.84.0 Description The issue concerns the support for "chained" HTTP compression algorithms in curl, where a server response can be compressed multiple times with different algorithms. A malicious server can exploit this...