openSUSE Security Update : spectre-meltdown-checker (openSUSE-2019-2710)

This update for spectre-meltdown-checker fixes the following issues : - feat: implement TAA detection CVE-2019-11135 bsc1139073 - feat: implement MCEPSC / iTLB Multihit detection CVE-2018-12207 bsc1117665 - feat: taa: add TSXCTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub...

CVE-2019-16535

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol...

CVE-2019-16535

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol...

Integer overflow

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol...

OPENSUSE-SU-2019:2632-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653. - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654. - CVE-2019-1000019: Fixed an Out-Of-Bounds Read...

OPENSUSE-SU-2019:2615-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653. - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654. - CVE-2019-1000019: Fixed an Out-Of-Bounds Read...

SUSE SLED15 / SLES15 Security Update : libarchive (SUSE-SU-2019:3093-1)

This update for libarchive fixes the following issues : Security issues fixed : CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653. CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654. CVE-2019-1000019: Fixed an Out-Of-Bounds Read...

Security update for libarchive (moderate)

openSUSE Security Update: Security update for libarchive Announcement ID: openSUSE-SU-2019:2632-1 Rating: moderate References: 1120653 1120654 1124341 1124342 1155079 Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2019-1000019 CVE-2019-1000020 CVE-2019-18408 Affected Products: openSUSE...

Security update for libarchive (moderate)

openSUSE Security Update: Security update for libarchive Announcement ID: openSUSE-SU-2019:2615-1 Rating: moderate References: 1120653 1120654 1124341 1124342 1155079 Cross-References: CVE-2018-1000877 CVE-2018-1000878 CVE-2019-1000019 CVE-2019-1000020 CVE-2019-18408 Affected Products: openSUSE...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libmspack Multiple Vulnerabilities (NS-SA-2019-0217)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libmspack packages installed that are affected by multiple vulnerabilities: - An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity...

SUSE-SU-2019:3093-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653. - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654. - CVE-2019-1000019: Fixed an Out-Of-Bounds Read...

SUSE-SU-2019:3092-1 Security update for libarchive

This update for libarchive fixes the following issues: Security issues fixed: - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder bsc1120653. - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder bsc1120654. - CVE-2019-1000019: Fixed an Out-Of-Bounds Read...

CVE-2011-2897

gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw...

MS10-033: Vulnerabilities in Media Decompression could allow remote code execution

Resolves vulnerabilities in Microsoft Windows that could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a website or any application that delivers web content.INTRODUCTIONMicrosoft has released security bulletin...

Command injection

An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...

Fedora Update for suricata FEDORA-2019-fddfb520ec

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 29 Update: suricata-4.1.5-3.fc29

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

[SECURITY] Fedora 30 Update: suricata-4.1.5-3.fc30

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

XNU - Remote Double-Free via Data Race in IPComp Input Path

XNU - Remote Double-Free via Data Race in IPComp Input Path === Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK...

The vulnerability of the zlib_decompress_extra function in the VideoLAN VLC media player allows a hacker to access confidential data after decompression, potentially compromising the integrity of those data and causing service failures.

The vulnerability of the zlibdecompressextra function in the VideoLAN VLC media player involves its use after decompression. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...