Gentoo Linux Security Advisory 202406-4 - A vulnerability has been discovered in LZ4, which can lead to memory corruption. Versions greater than or equal to 1.9.3-r1 are affected.
5a00e99e4ec518f24201acea96a1dcb4d6db6416194728731ef2a786a76bf4efRed Hat Security Advisory 2024-3527-03 - Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Issues addressed include buffer overflow, denial of service, integer overflow, memory leak, and resource exhaustion vulnerabilities.
f7976b8e170be546f0ae90244875124b0d4dbae1498c74c776b4c1380ae64a0dRed Hat Security Advisory 2022-6407-01 - A minor version update is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section. Issues addressed include denial of service, information leakage, integer overflow, and resource exhaustion vulnerabilities.
cc86bb2ed063a9b8609ef6960b486d0a7bff3be7ef9e7f5716ccc3523480f3edRed Hat Security Advisory 2022-5606-01 - Red Hat Integration Camel Extensions for Quarkus 2.7 is now available. Issues addressed include denial of service, information leakage, integer overflow, and privilege escalation vulnerabilities.
dc00a749e0b4c6ee427da00d44b03fca53eed4fa1eb09b83c101256de02ba0a5Red Hat Security Advisory 2022-1345-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.1.0 serves as a replacement for Red Hat AMQ Streams 2.0.1, and includes security and bug fixes, and enhancements. Issues addressed include HTTP request smuggling and integer overflow vulnerabilities.
ad7d0a5ea3bd59034ab1fa1bef28c21800f686847ce75f83e41e3e7a012f895fRed Hat Security Advisory 2021-3361-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a memory exhaustion vulnerability.
fa8792e889cba4980e5e69cc42c59e3108310c2072dfb34fffb0c3a8644d9099Red Hat Security Advisory 2021-3229-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a memory exhaustion vulnerability.
855f8fa5e01d305ef13937df9247a604cc0ed4b9b9ccdef5d43c215066cd4f69Red Hat Security Advisory 2021-3024-01 - Red Hat OpenShift distributed tracing is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a denial of service vulnerability.
1c8f6df36ae49d885688d7f147871495821ee391dfed98793abf0c2fb210ca0cRed Hat Security Advisory 2021-2575-01 - The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limits on multicore systems. Issues addressed include an integer overflow vulnerability.
56200e1297739d51f029479c4df5d861c1dec1d8099410e52b614d7cacdcb6d9Ubuntu Security Notice 4968-2 - USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
82af8b5f2df1dbee5f397fdec283ce1312ffcfd090e73923701d2913c7d88366Debian Linux Security Advisory 4919-1 - Jasper Lievisse Adriaanse reported an integer overflow flaw in lz4, a fast LZ compression algorithm library, resulting in memory corruption.
41bb61b640cc01e826c9c253f58731d34427a40e6f793f86f7d008054e749c91Ubuntu Security Notice 4968-1 - It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code.
836e6f2c1fadbf1f7e75b0617c9bff905779ac807e186968f98c72a2f7cf62a7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed