Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
203
security advisoryexecution riskcompression libraryMageia 9: MGASA-2024-0363 Critical: libarchive heap-based issue
A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed. (CVE-2024-20696) . MGASA-2024-0363 - Updated libarchive packages fix security vulnerability Publication date: 13 Nov 2024 URL: https://advisories.mageia.org/MGASA-2024-0363.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-20696 A heap-based out-of-bounds write vulnerability was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed. (CVE-2024-20696) References: - https://bugs.mageia.org/show_bug.cgi?id=33757 - https://lists.debian.org/debian-security-announce/2024/msg00220.html - https://www.cve.org/CVERecord?id=CVE-2024-20696 SRPMS: - 9/core/libarchive-3.6.2-5.3.mga9 . Safety notice for Mageia: libarchive revisions tackle heap-related overflow vulnerabilities that impact operational reliability.. libarchive security advisory, heap-based vulnerability, Mageia updates, execution risk, out-of-bounds write. . Severity: Critical. LinuxSecurity.com Team
Nov 13, 2024
•Critical
Mageia
197
security advisorysoftware updatedebianDebian: DLA-2085-1 Moderate: zlib Security Issues Resolution
Several issues have been found in zlib, a compression library. They are basically about improper big-endian CRC calculation, improper left shift of negative integers and improper pointer arithmetic. . Package : zlib Version : 1:1.2.8.dfsg-2+deb8u1 CVE ID : CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 Several issues have been found in zlib, a compression library. They are basically about improper big-endian CRC calculation, improper left shift of negative integers and improper pointer arithmetic. For Debian 8 "Jessie", these problems have been fixed in version 1:1.2.8.dfsg-2+deb8u1. We recommend that you upgrade your zlib packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Update zlib Version 1:1.2.8.dfsg-2+deb8u2 to mitigate severe vulnerabilities linked to CRC calculations and pointer manipulation, enhancing overall stability.. Debian Security, zlib Update, System Upgrade. . LinuxSecurity.com Team
Jan 29, 2020
Debian LTS
89
security advisoryFedorasecurity fixFedora 27: 2017-5882331351 Moderate: OpenVPN Key-Method Security Fix
Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated `key-method 1` configuration option ([CVE-2017-12166]((Link no longer available))) From this update of, OpenVPN will use the lz4 compression library from Fedora. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-5882331351 2017-10-04 14:19:13.680314 --------------------------------------------------------------------------------Name : openvpn Product : Fedora 27 Version : 2.4.4 Release : 1.fc27 URL : Summary : A full-featured SSL VPN solution Description : OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compression. --------------------------------------------------------------------------------Update Information: Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated `key-method 1` configuration option ([CVE-2017-12166]()) From this update of, OpenVPN will use the lz4 compression library from Fedora instead of the upstream bundled library. --------------------------------------------------------------------------------References: [ 1 ] Bug #1497109 - CVE-2017-12166 openvpn: Incorrect bounds check in read_key() with 'key-method 1' https://bugzilla.redhat.com/show_bug.cgi?id=1497109 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade openvpn' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signedwith the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 04, 2017
Fedora
89
security advisoryFedora Coreperl moduleFedora Core 3: FEDORA-2005-839 Moderate: perl-Compress-Zlib Fixes
Some bug fixes so the amavis users stop complaining. =). ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-839 2005-09-06 ---------------------------------------------------------------------Product : Fedora Core 3 Name : perl-Compress-Zlib Version : 1.37 Release : 1.fc3 Summary : A module providing Perl interfaces to the zlib compression library. Description : The Compress::Zlib module provides a Perl interface to the zlib compression library. Most of the functionality provided by zlib is available in Compress::Zlib. The module can be split into two general areas of functionality, namely in-memory compression/decompression and read/write access to gzip files. ---------------------------------------------------------------------Update Information: Some bug fixes so the amavis users stop complaining. =) ---------------------------------------------------------------------* Fri Sep 2 2005 Steven Pritchard 1.37-1 - Update to 1.37 (#167471) * Thu Mar 31 2005 Joe Orton 1.34-2 - really delete the .bs file per #152536 * Thu Mar 31 2005 Joe Orton 1.34-1 - update to 1.34; synch with Dag Wieers (#152536) - BR zlib-devel (#137556) * Wed Mar 30 2005 Warren Togami - remove brp-compress * Sat Mar 19 2005 Joe Orton 1.33-7 - rebuild ---------------------------------------------------------------------This update can be downloaded from: b2e916d5f84cb22ae0c187a8c128f093 SRPMS/perl-Compress-Zlib-1.37-1.fc3.src.rpm e7f6ca908e1e6128d9dfec9583042683 x86_64/perl-Compress-Zlib-1.37-1.fc3.x86_64.rpm 472e5a19ad4c9f0e2e656d762eabc71d x86_64/debug/perl-Compress-Zlib-debuginfo-1.37-1.fc3.x86_64.rpm 3aae567df2e3291fb26f3d4ce773c660 i386/perl-Compress-Zlib-1.37-1.fc3.i386.rpm 34d6bf996afcd5a47a9c9dd5b2fabbd3 i386/debug/perl-Compress-Zlib-debuginfo-1.37-1.fc3.i386.rpm This update can also be installed with the Update Agent; you can launch the UpdateAgent with the 'up2date' command. ----------------------------------------------------------------------- fedora-announce-list mailing list
Sep 06, 2005
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!