MiracleLinux 8 : java-17-openjdk-17.0.12.0.7-2.el8 (AXSA:2024-8579:12)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8579:12 advisory. OpenJDK: RangeCheckElimination array index overflow 8323231 CVE-2024-21147 OpenJDK: potential UTF8 size overflow 8314794 CVE-2024-21131 OpenJDK:...

libsoup security update

2.62.2-2.0.7 - Backport patch for CVE-2025-4945 and CVE-2025-11021 Orabug: 38664275 2.62.2-2.0.5 - Fixes CVE-2025-2784 CVE-2025-4948 CVE-2025-32049 Orabug: 38085184 - CVE-2025-32906 CVE-2025-32911 CVE-2025-32913 CVE-2025-32914 2.62.2-2.0.3 - Fixed CVE-2024-52531 buffer overflow via UTF-8 conversi...

CVE-2025-10543

In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...

SUSE-SU-2025:20105-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285. - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292. - CVE-2024-52532: Fixed...

Important: libsoup

Issue Overview: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVE-2024-52530 GNOME libsoup...

OESA-2024-2471 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations...

CLSA-2024-1726058957 java-1.8.0-openjdk: Fix of 6 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u422-b05. That fixes following CVEs: - CVE-2024-21131: UTF8 size overflow - CVE-2024-21138: Infinite loop vunlerability in SymbolTable - CVE-2024-21140: Int overflow/underflow in Range Check Elimination RCE - CVE-2024-21144: Invalid header...

CLSA-2024-1723623068 java-1.8.0-openjdk: Fix of 6 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u422-b05. That fixes following CVEs: - CVE-2024-21131: UTF8 size overflow - CVE-2024-21138: Infinite loop vunlerability in SymbolTable - CVE-2024-21140: Int overflow/underflow in Range Check Elimination RCE - CVE-2024-21144: Invalid header...

OpenJDK: potential UTF8 size overflow (8314794)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

OpenJDK: potential UTF8 size overflow (8314794)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....