Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -2 articles for you...
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianlocal threat

Debian: DSA-2074-1 Critical: Ncompress Integer Underflow Code Execution

Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2074-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Giuseppe Iuculano July 21, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : ncompress Vulnerability : integer underflow Problem type : local Debian-specific: no CVE Id : CVE-2010-0001 Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. For the stable distribution (lenny), this problem has been fixed in version 4.2.4.2-1+lenny1. For the testing (squeeze) and unstable (sid) distribution, this problem has been fixed in version 4.2.4.3-1. We recommend that you upgrade your ncompress package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 1001 540971822f1077df924611a0795d708c Size/MD5 checksum: 7958 9e1082cc4b82240e9cd76b09f93adebb Size/MD5 checksum: 32978 53421df78cc9ff311ce0392e3a729920 alpha architecture (DEC Alpha) Size/MD5 checksum: 25032 97104b799ed18dda40a495af691097e7 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 24058 ff6531d0a69fd6cffaeb66ef05bc5d53 arm architecture (ARM) Size/MD5 checksum: 23852 7157e843f9066f7d20e07a83cba0b2e1 armel architecture (ARM EABI) Size/MD5 checksum: 23740 d4323cbb9d5938850b71514f1edd5ca0 hppa architecture (HP PA RISC) Size/MD5 checksum: 25466 b276a1839ad20d5dc675a119c76e66e5 i386 architecture (Intel ia32) Size/MD5 checksum: 23076 a53008254138090e760ec7a51d551bee ia64 architecture (Intel ia64) Size/MD5 checksum: 28200 a2736fb1efd14e676ac6a2cb1ec3da46 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 24106 0b3cf882744400648ddefa54111ae540 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 24204 8c85696714487268c4bf0adb0a9d31b9 powerpc architecture (PowerPC) Size/MD5 checksum: 24476 98db6645c581ccd5cf35a8ca0ea28966 s390 architecture (IBM S/390) Size/MD5 checksum: 23944 9e40760b9cfbe73ceb6180da37175892 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 23860 a422335c694163587222691d9fa728ac These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Implementing arbitrary execution vulnerability related to integer underflow within ncompress, according to DSA-2074-1 for Debian releases.. ncompress Integer Underflow, Debian Security Advisory, Code Execution Risk. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 21, 2010 Critical Debian
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorysecurity issuegentoo

Gentoo: GLSA-200610-03 Critical: Ncompress Buffer Underflow Advisory

. This message has been released from TrendMicro Scanmail quaratiine and is safe to read. ----- Original Message Header ----- Subject: [ GLSA 200610-03 ] ncompress: Buffer Underflow From: This email address is being protected from spambots. You need JavaScript enabled to view it. To: This email address is being protected from spambots. You need JavaScript enabled to view it. Cc: This email address is being protected from spambots. You need JavaScript enabled to view it.; This email address is being protected from spambots. You need JavaScript enabled to view it.; This email address is being protected from spambots. You need JavaScript enabled to view it. ----------------------------------- . Gentoo GLSA-202310-01 notice: xcompress memory corruption vulnerability requires prompt action and remediation.. Gentoo, Ncompress, Security Advisory, Buffer Underflow. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 10, 2006 Critical Gentoo
Banner 4 1028x280 1708121825 1771600306
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorysecurity issuelow severity

Scientific Linux 40,41,42,43: CVE-2006-1168 Low Severity ncompress Issue

Updated ncompress packages that address a security issue and . Date: Wed, 13 Sep 2006 16:04:19 -0500 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: ERRATA for "ncompress" on SL 40,41,42,43 i386,x86_64 now available Comments: To: scientific The ERRATA for SL 40,41,42,43 i386 x86_64 are now available from: Synopsis: Updated ncompress packages that address a security issue and fix bugs are now available Severity: low Issued on: 2006-09-12 CVEs: CVE-2006-1168 SRPMS ncompress-4.2.4-43.rhel4.src.rpm i386 ncompress-4.2.4-43.rhel4.i386.rpm x86_64 ncompress-4.2.4-43.rhel4.x86_64.rpm --Connie Sieh --Troy Dawson . Revamped ncompress distributions for Scientific Linux, addressing vulnerabilities and enhancing performance comprehensively.. Scientific Linux,ncompress update,security errata,linux security. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Sep 13, 2006 Low Scientific Linux
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorybug fixlow severity

Scientific Linux: 2006-1168 Low Severity: Ncompress Security Fix

Updated ncompress packages that address a security issue and . Date: Wed, 13 Sep 2006 15:03:34 -0500 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: ERRATA "ncompress" for SL 301,302,303,304,305,307 i386,x86_64 now available Comments: To: scientific The following ERRATA for SL 301,302,303,304,305,307 i386,x86_64 are now available from: Synopsis: Updated ncompress packages that address a security issue and fix bugs are now available Severity: low Issued on: 2006-09-12 CVEs: CVE-2006-1168 SRPMS ncompress-4.2.4-39.rhel3.src.rpm i386 ncompress-4.2.4-39.rhel3.i386.rpm x86_64 ncompress-4.2.4-39.rhel3.x86_64.rpm -Connie Sieh -Troy Dawson . Enhanced ncompress modules resolve a vulnerability impacting Scientific Linux versions. Risk categorization is minimal.. ncompress packages, scientific linux, security patches, low severity, software updates. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Sep 13, 2006 Low Scientific Linux
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian: DSA 1149-1 Critical: Ncompress Buffer Underflow Risk

Tavis Ormandy from the Google Security Team discovered a missing boundary check in ncompress, the original Lempel-Ziv compress and uncompress programs, which allows a specially crafted datastream to underflow a buffer with attacker controlled data.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1149-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze August 10th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : ncompress Vulnerability : buffer underflow Problem type : local (remote) Debian-specific: no CVE ID : CVE-2006-1168 Tavis Ormandy from the Google Security Team discovered a missing boundary check in ncompress, the original Lempel-Ziv compress and uncompress programs, which allows a specially crafted datastream to underflow a buffer with attacker controlled data. For the stable distribution (sarge) this problem has been fixed in version 4.2.4-15sarge2. For the unstable distribution (sid) this problem has been fixed in version 4.2.4-15sarge2. We recommend that you upgrade your ncompress package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 591 8fa14e666180e8a37491dcd33114dbff Size/MD5 checksum: 8124 1b7aa0d3079f334202df5d1c77e0f9bf Size/MD5 checksum: 31765 7ef0d51aee53b6cd5c6aefe637491281 Alpha architecture: Size/MD5 checksum: 24370 72b955790079338f98afd62c49644897 AMD64 architecture: Size/MD5 checksum: 22924 58d6732c316a9317171c97e74e2cbe44 ARM architecture: Size/MD5 checksum: 22522 3ec1cfdab5e4811ca5246a11b94b244d Intel IA-32 architecture: Size/MD5 checksum: 22158 a875189b26255c72ad2ec532c23eef05 Intel IA-64 architecture: Size/MD5 checksum: 26442 ef71240d1b7b4a699b5f817a46f7ead9 HP Precision architecture: Size/MD5 checksum: 24484 51c63bab7d53aa3392e268aec4d271ab Motorola 680x0 architecture: Size/MD5 checksum: 21536 2cf5bbb67a3f32db857c75a2d352f47a Big endian MIPS architecture: Size/MD5 checksum: 23878 a71db49787837da587552030045c73c1 Little endian MIPS architecture: Size/MD5 checksum: 23822 22ad68863b79b4bdf5302141be22deb6 PowerPC architecture: Size/MD5 checksum: 22912 bafe112da108e4b66d64342b55ac4a47 IBM S/390 architecture: Size/MD5 checksum: 22958 a8f180c5182ab1040746e66dfa99a6e1 Sun Sparc architecture: Size/MD5 checksum: 22532 db6aed643f82c6a0c0bdfded603d97be These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Advisory DSA 1149-1 http://www.debian.org/security/ Martin Schulze August 10th, 2006. tavis, ormandy, google, security, missing, boundary, check, ncompress. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 10, 2006 Critical Debian
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatbuffer overflow

Red Hat Enterprise Linux 2.1: Critical Buffer Overflow in Ncompress Alert

An updated ncompress package that fixes a buffer overflow and problem in the handling of files larger than 2 GB is now available.. --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated ncompress package fixes security issue and bug. Advisory ID: RHSA-2004:536-01 Advisory URL: https://access.redhat.com/errata/RHSA-2004:536.html Issue date: 2004-12-13 Updated on: 2004-12-13 Product: Red Hat Enterprise Linux CVE Names: CAN-2001-1413 ---------------------------------------------------------------------1. Summary: An updated ncompress package that fixes a buffer overflow and problem in the handling of files larger than 2 GB is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: The ncompress package contains the compress and uncompress file compression and decompression utilities, which are compatible with the original UNIX compress utility (.Z file extensions). A bug in the way ncompress handles long filenames has been discovered. ncompress versions 4.2.4 and earlier contain a stack based buffer overflow when handling very long filenames. It is possible that an attacker could execute arbitrary code on a victims machine by tricking the user into decompressing a carefully crafted filename. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2001-1413 to this issue. This updated ncompress package also fixes a problem in the handling of files larger than 2 GB. All users of ncompress should upgrade to this updated package, which contains fixes for these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to yoursystem have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 126776 - [RHEL2.1] compress does not work if the file size is greater than 2GB 136661 - CAN-2001-1413 Stack-based buffer overflow in the comprexx function 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: 514bcc89bdd8d5a71fc5d01ce2f2ac61 ncompress-4.2.4-37.src.rpm i386: b3cd3462d6a09d8d7d14c4e7b2744923 ncompress-4.2.4-37.i386.rpm ia64: 36338acd3f00f119ed4b50fe2c67663d ncompress-4.2.4-37.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: 514bcc89bdd8d5a71fc5d01ce2f2ac61 ncompress-4.2.4-37.src.rpm ia64: 36338acd3f00f119ed4b50fe2c67663d ncompress-4.2.4-37.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: 514bcc89bdd8d5a71fc5d01ce2f2ac61 ncompress-4.2.4-37.src.rpm i386: b3cd3462d6a09d8d7d14c4e7b2744923 ncompress-4.2.4-37.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: 514bcc89bdd8d5a71fc5d01ce2f2ac61 ncompress-4.2.4-37.src.rpm i386: b3cd3462d6a09d8d7d14c4e7b2744923 ncompress-4.2.4-37.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from 7. References: http://www.kb.cert.org/vuls/id/176363 https://www.cve.org/CVERecord?id=CAN-2001-1413 8. Contact: The Red Hat security contact is . More contact details at Copyright 2004 Red Hat, Inc. . Explore the revamped ncompress toolkit released by Red Hat, which tackles concerns related to buffer overflow vulnerabilities and file management mishaps.. buffer overflow fix, Red Hat security,ncompress update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 14, 2004 Critical Red Hat
Banner 4 1028x280 1708121825 1771600306
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorycritical issuegentoo

Gentoo: 200410-08 Critical: Ncompress Buffer Overflow Issue

compress and uncompress, which could be used by daemon programs, contain a buffer overflow that could lead to remote execution of arbitrary code with the rights of the daemon process. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200410-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ncompress: Buffer overflow Date: October 09, 2004 Bugs: #66251 ID: 200410-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= compress and uncompress, which could be used by daemon programs, contain a buffer overflow that could lead to remote execution of arbitrary code with the rights of the daemon process. Background ========= ncompress is a utility handling compression and decompression of Lempel-Ziv archives, compatible with the original *nix compress and uncompress utilities (.Z extensions). Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-arch/ncompress = 4.2.4-r1 Description ========== compress and uncompress do not properly check bounds on command line options, including the filename. Large parameters would trigger a buffer overflow. Impact ===== By supplying a carefully crafted filename or other option, an attacker could execute arbitrary code on the system. A local attacker could only execute code with his own rights, but since compress and uncompress are called by various daemon programs, this might also allow a remote attacker to execute code with the rights of the daemon making use of ncompress. Workaround ========= There is no knownworkaround at this time. Resolution ========= All ncompress users should upgrade to the latest version: # emerge sync # emerge -pv "> =app-arch/ncompress-4.2.4-r1" # emerge "> =app-arch/ncompress-4.2.4-r1" References ========= [ 1 ] US-CERT Vulnerability Note VU#176363 http://www.kb.cert.org/vuls/id/176363 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200410-08 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/1.0/ . Gentoo GLSA 202310-01 outlines a stack overflow in bzip2 impacting system daemons. Immediate update advised for safeguarding systems.. ncompress security,Gentoo advisory,buffer overflow fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 09, 2004 Critical Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here