Keeping up with the Kafka lifecycle can be challenging, with three new releases every year and only one year of community support. In this blog, get tips for planning your next Kafka
OL CVE Issue Summary :
Stack-based buffer overflow in `xmlSnprintfElements` in `valid.c`.
To exploit this, DTD validation must occur for an untrusted document or untrusted DTD.
NOTE: This is similar to CVE-2017-9047.
OL CVE Issue Summary :
Stack-based buffer overflow in `xmlSnprintfElements` in `valid.c`. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
In this case study, Catalina shares how OpenLogic helped them modernize their Hadoop-based Big Data stack and create a strategic roadmap for future updates.
When it comes to upgrading Spring, is it better to move fast or stay stable? Remaining on legacy versions is risky -- but frequent upgrades can cause instability and force your dev team to pause important product work. In this video, learn how Spring LTS can keep your application secure until you're ready to migrate.
OL CVE Issue Summary:
`cvtClump()` in rgb2ycbcr in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the `-v` option to `-1`. `_TIFFFax3fillruns()` in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.`DumpModeDecode()` could be exploited to cause denial-of-service via a crafted Tiff image. A heap-based buffer overflow in the `t2p_write_pdf()` in `tools/tiff2pdf.c`. This heap overflow could lead to various damages. For example, a crafted TIFF document can lead to an out-of-bounds read in `TIFFCleanup()`, an invalid free in `TIFFClose()` or `t2p_free()`, memory corruption in `t2p_readwrite_pdf_image()`, or a double free in `t2p_free()`. Given these possibilities, it probably could result in arbitrary code execution. This affects `TIFFReadRGBATileExt()` in `libtiff/tif_getimage.c`. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public. The identifier VDB-213549 was assigned to this vulnerability.
OL CVE Issue Summary:
`cvtClump()` in rgb2ycbcr in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the `-v` option to `-1`. `_TIFFFax3fillruns()` in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.`DumpModeDecode()` could be exploited to cause denial-of-service via a crafted Tiff image. A heap-based buffer overflow in the `t2p_write_pdf()` in `tools/tiff2pdf.c`. This heap overflow could lead to various damages. For example, a crafted TIFF document can lead to an out-of-bounds read in `TIFFCleanup()`, an invalid free in `TIFFClose()` or `t2p_free()`, memory corruption in `t2p_readwrite_pdf_image()`, or a double free in `t2p_free()`. Given these possibilities, it probably could result in arbitrary code execution. This affects `TIFFReadRGBATileExt()` in `libtiff/tif_getimage.c`. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public. The identifier VDB-213549 was assigned to this vulnerability.
`c-ares` is an asynchronous resolver library. `ares_inet_net_pton()` isvulnerable to a buffer underflow for certain IPv6 addresses, in particular`0::00:00:00/2` was found to cause an issue. `c-ares` only uses this functioninternally for configuration purposes which would require an administrator toconfigure such an address via `ares_set_sortlist()`. However, users mayexternally use `ares_inet_net_pton()` for other purposes and thus be vulnerableto more severe issues.
