Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (HTTPRequestDecompressor and HTTPResponseDecompressor) both failed to detect when the decompressed body was considered complete. If trailing junk data was appended to the HTTP message body, the code would repeatedly attempt to decompress this data and fail. This would lead to an infinite loop making no forward progress, leading to livelock of the system and denial-of-service. This issue can be triggered by any attacker capable of sending a compressed HTTP message. Most commonly this is HTTP servers, as compressed HTTP messages cannot be negotiated for HTTP requests, but it is possible that users have configured decompression for HTTP requests as well. The attack is low effort, and likely to be reached without requiring any privilege or system access. The impact on availability is high: the process immediately becomes unavailable but does not immediately crash, meaning that it is possible for the process to remain in this state until an administrator intervenes or an automated circuit breaker fires. If left unchecked this issue will very slowly exhaust memory resources due to repeated buffer allocation, but the buffers are not written to and so it is possible that the processes will not terminate for quite some time. This risk can be mitigated by removing transparent HTTP message decompression. The issue is fixed by correctly detecting the termination of the compressed body as reported by zlib and refusing to decompress further data. The issue was found by Vojtech Rylko (https://github.com/vojtarylko) and reported publicly on GitHub....
vom 652.51 Punkte Another Patch Tuesday is upon, and Adobe and Microsoft have released a bevy of new security updates. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.Adobe Patches for April 2022For April, Ad
vom 645.92 Punkte It’s the second Tuesday of the month, and the last second Tuesday before Black Hat and DEFCON, which means Microsoft and Adobe have released their latest security fixes. Take a break from packing (if you’re headed to hacker summer camp) or your nor
vom 449.12 Punkte Another Patch Tuesday is here, and Adobe and Microsoft have released their latest crop of new security updates and fixes. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.Adobe Patches for
vom 430.12 Punkte It’s once again Patch Tuesday, which means the latest security updates from Adobe and Microsoft have arrived. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.Adobe Patches for
vom 427.09 Punkte Welcome to a Year 2022 wrap-up by Timothy Spann.
Best of 2022
I am responsible for spreading the good word of Apache Pulsar. I accomplish this by doing talks, meetups, articles, podcasts, videos, demos, repositories, newsletters, and other content.
NYC Area Apache Pulsar meetup has grown to over 648.https://www.meetup.com/new-york-city-apache-pulsar-m
vom 414.51 Punkte Ubuntu Security Notice USN-3415-1
13th September, 2017
tcpdump vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
Ubuntu 17.04
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
Summary
Several security issues were fixe
vom 414.51 Punkte Ubuntu Security Notice USN-3415-2
13th September, 2017
tcpdump vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
Ubuntu 12.04 LTS
Summary
Several security issues were fixed in tcpdump
Software description
tcpdump
vom 390.49 Punkte Another Patch Tuesday is upon, and Adobe and Microsoft have released a bevy of new security updates. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.Adobe Patches for September 2022 For Sep
vom 389.72 Punkte It’s once again Patch Tuesday, which means the latest security updates from Adobe and Microsoft have arrived. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.Adobe Patches for
vom 353.16 Punkte It’s the second patch Tuesday of 2022, which means the latest security updates from Adobe and Microsoft are here. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.Adobe Patches for
vom 333.84 Punkte It’s the fifth second Tuesday of 2022, which also means it’s the also the fifth Patch Tuesday of the year, and it brings with it the latest security updates from Adobe and Microsoft. This is also the last release before Pwn2Own Vancouver, which means multiple participants will be holding their breath to see if their ex
vom 333.84 Punkte It’s the fifth second Tuesday of 2022, which also means it’s the also the fifth Patch Tuesday of the year, and it brings with it the latest security updates from Adobe and Microsoft. This is also the last release before Pwn2Own Vancouver, which means multiple participants will be holding their breath to see if their ex
