RLSA-2022:0185 Moderate: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: Incomplete deserialization class filtering in ObjectInputStream Serialization, 8264934 CVE-2022-21248 OpenJDK: Incorrect reading of TIFF files in...

OpenJDK: Excessive memory allocation in TIFF*Decompressor (ImageIO, 8274096)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

envoyproxy/envoy: denial of service when using extensions that modify request or response sizes

An out-of-bounds memory read vulnerability was found in envoyproxy/envoy. When using one of the following envoy extensions, it is possible to modify and increase the request or response body size of the following: the decompressor, json-transcoder, grpc-web, or other proprietary extensions. This...

CVE-2021-32781

An out-of-bounds memory read vulnerability was found in envoyproxy/envoy. When using one of the following envoy extensions, it is possible to modify and increase the request or response body size of the following: the decompressor, json-transcoder, grpc-web, or other proprietary extensions. This...

CVE-2021-32781 Continued processing of requests after locally generated response

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the intern...

PT-2021-19927 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.19.1 Envoy versions prior to 1.18.4 Envoy versions prior to 1.17.4 Envoy versions prior to 1.16.5 Description: Envoy is an open source L7 proxy and communication bus designed for large modern service-oriented...

UBUNTU-CVE-2019-20925

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB...

Fedora: Security Advisory for golang-github-andybalholm-brotli (FEDORA-2020-e21bd401ad)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: golang-github-andybalholm-brotli-1.0.1-1.fc31

This package is a brotli compressor and decompressor implemented in Go. It was translated from the reference implementation https://github.com/google/bro tli with the c2go tool at https://github.com/andybalholm/c2go...

[SECURITY] Fedora 32 Update: golang-github-andybalholm-brotli-1.0.1-1.fc32

This package is a brotli compressor and decompressor implemented in Go. It was translated from the reference implementation https://github.com/google/bro tli with the c2go tool at https://github.com/andybalholm/c2go...

[SECURITY] Fedora 33 Update: golang-github-andybalholm-brotli-1.0.1-1.fc33

This package is a brotli compressor and decompressor implemented in Go. It was translated from the reference implementation https://github.com/google/bro tli with the c2go tool at https://github.com/andybalholm/c2go...

Fedora: Security Advisory for golang-github-andybalholm-brotli (FEDORA-2020-22d278923a)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-15389

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice...

Double free

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice...

CVE-2020-15389

OpenJPEG up to 2.3.1 is affected by CVE-2020-15389: a use-after-free (and possible double-free) in jp2/opj_decompress.c when a directory contains a mix of valid and invalid files processed by the decompressor. The issue can crash the application or enable memory corruption; it is fixed in OpenJPE...

CVE-2020-15389

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice...

CVE-2020-15389

jp2/opjdecompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opjimagedestroy twice...

Remote Code Execution (RCE)

cups is vulnerable to remote code execution RCE. The attack exists because of LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gifreadlzw function in filter/image-gif.c in CUPS...

Huawei EulerOS: Security Advisory for libXfont (EulerOS-SA-2019-2357)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : FreeBSD -- Multiple vulnerabilities in bzip2 (3c7edc7a-f680-11e9-a87f-a4badb2f4699)

The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip21 file. bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip21 file. Impact : An attacker who can cause...