OESA-2024-1769 golang security update

The Go Programming Language. Security Fixes: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading t...

GSD-2022-1000217 ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()

ASoC: ops: Reject out of bounds values in sndsocputxrsx This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.99 by commit...

Debian DLA-1555-1 : libmspack security update

CVE-2018-18584 Fixing the size of the CAB block input buffer, which is too small for the maximal Quantum block, prevents an out-of-bounds write. CVE-2018-18585 Blank filenames having length zero or their 1st or 2nd byte is null should be rejected. For Debian 8 'Jessie', these problems have been...

scalarmult() vulnerable to degenerate public keys

The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...