5 matches found
Security update for warewulf4
This update for warewulf4 fixes the following issues: Update to version 4.6.4. Security issues fixed: CVE-2025-58058: xz: excessive memory consuption when unpacking a large number of corrupted LZMA archives bsc1248906. Other issues fixed: Convert disk booleans from wwbool to bool which allows boo...
GO-2025-3922 Memory leaks when decoding a corrupted multiple LZMA archives in github.com/ulikunitz/xz
Memory leaks when decoding a corrupted multiple LZMA archives in github.com/ulikunitz/xz...
github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives
...
CVE-2025-58058
CVE-2025-58058 — xz (Go) memory allocation issue : The xz library (Go implementation) prior to 0.5.14 can allocate the full LZMA decoding buffer immediately after reading the header, before detecting improper data prepending to the stream. The LZMA header lacks a mandatory magic/checksum to catch...
PT-2014-8957 · Docker +1 · Docker +1
Name of the Vulnerable Software and Affected Versions: Docker version 1.3.2 Description: The issue allows remote attackers to execute arbitrary code with root privileges. This can be achieved via a crafted image or build in a Dockerfile, specifically when the image or build is contained in an LZM...