EulerOS 2.0 SP13 : xz (EulerOS-SA-2026-2362)

According to the versions of the xz packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an...

SUSE-SU-2026:2118-1 Security update for xz

This update for xz fixes the following issue - CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280...

OPENSUSE-SU-2026:20813-1 Security update for xz

This update for xz fixes the following issue - CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280...

SUSE-SU-2026:2051-1 Security update for xz

This update for xz fixes the following issue - CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280...

openSUSE 16 Security Update : sbctl (openSUSE-SU-2026:20105-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20105-1 advisory. Changes in sbctl: - Upgrade the embedded golang.org/x/net to 0.46.0 Fixes: bsc1251399, CVE-2025-47911: various algorithms with quadratic...

TencentOS Server 4: buildah (TSSA-2025:0726)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0726 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives

...

AZL-66716 CVE-2025-58058 affecting package podman 4.1.1-26

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

AZL-66762 CVE-2025-58058 affecting package skopeo for versions less than 1.14.4-6

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

AZL-66723 CVE-2025-58058 affecting package cri-o for versions less than 1.22.3-16

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

AZL-66753 CVE-2025-58058 affecting package jx for versions less than 3.10.182-3

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

AZL-66731 CVE-2025-58058 affecting package podman for versions less than 5.6.1-2

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

AZL-66720 CVE-2025-58058 affecting package containerized-data-importer for versions less than 1.55.0-25

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

AZL-66725 CVE-2025-58058 affecting package buildah for versions less than 1.41.4-2

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

AZL-66759 CVE-2025-58058 affecting package packer for versions less than 1.9.5-10

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

AZL-66713 CVE-2025-58058 affecting package buildah 1.18.0-29

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

AZL-66747 CVE-2025-58058 affecting package containerized-data-importer for versions less than 1.57.0-16

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

AZL-66741 CVE-2025-58058 affecting package packer for versions less than 1.9.5-15

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

UBUNTU-CVE-2025-58058

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...

Linux Distros Unpatched Vulnerability : CVE-2021-29482

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format...