corosync bug fix and enhancement update

The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software. Bug Fixes and Enhancements: corosync crash with compression enabled BZ1951049...

RLSA-2021:1702 Moderate: brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

ALSA-2021:1702 Moderate: brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

Moderate: brotli security update

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It...

Debian DLA-2657-1 : lz4 security update

It was discovered that there was a potential memory corruption vulnerability in the lz4 compression algorithm library. For Debian 9 'Stretch', this problem has been fixed in version 0.0r131-2+deb9u1. We recommend that you upgrade your lz4 packages. For the detailed security status of lz4 please...

PT-2024-11090 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.0-rc1-custom 1 Description: The issue is caused by a race condition between truncate and overwrite operations in the f2fs compress functionality. This can lead to a situation where a page is detached from t...

SSL/TLS: BREACH attack against HTTP compression

SSL/TLS connections are vulnerable to the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.117414"...

CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

DjVu has an out-of-bounds read vulnerability

DjVu an image compression technique that has evolved into one of the standard image document formats. DjVu suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to cause a program to crash...

[SECURITY] Fedora 32 Update: p7zip-16.02-20.fc32

p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very h igh compression ratio. The original version can be found at http://www.7-zip.or g/...

[SECURITY] Fedora 32 Update: openvpn-2.4.11-1.fc32

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

CVE-2021-29482

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

CVE-2021-29482

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

Format string

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

CVE-2021-29482

CVE-2021-29482 affects the Go xz library (github.com/ulikunitz/xz) used to read xz containers. The issue is in readUvarint where crafted input can cause the loop to fail to terminate, potentially enabling a denial of service. The vulnerability has been fixed in release v0.5.8; a practical workaro...

CVE-2021-29482 denial of service in github.com/ulikunitz/xz

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

CVE-2021-29482

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size o...

Unbound Infinite Loop Vulnerability

Unbound is a DNS resolver that supports validation, recursion, and caching features. An infinite loop vulnerability exists in dnamepktcopy in Unbound versions prior to 1.9.5. An attacker can exploit this vulnerability by compressing names to cause an infinite loop...

[SECURITY] Fedora 34 Update: p7zip-16.02-20.fc34

p7zip is a port of 7za.exe for Unix. 7-Zip is a file archiver with a very h igh compression ratio. The original version can be found at http://www.7-zip.or g/...

UBUNTU-CVE-2019-25041

Unbound before 1.9.5 allows an assertion failure via a compressed name in dnamepktcopy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...