EulerOS Virtualization 2.10.0 : sudo (EulerOS-SA-2022-2921)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in...

Amazon Linux AMI : rsync (ALAS-2022-1640)

The version of rsync installed on the remote host is prior to 3.0.6-12.14. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1640 advisory. An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input ha...

OESA-2022-1892 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: zlib through 1.2.12 has a heap-based buffer over-read or buff...

AZL-42760 CVE-2022-37434 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...

AZL-44991 CVE-2022-37434 affecting package fltk 1.3.8-1

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call...

AZL-44919 CVE-2018-25032 affecting package gpsbabel 1.8.0-4

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...