Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-11035

Опубликовано: 14 июл. 2025
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2025-11035: lz4 security update (MODERATE)

[1.8.3-5]

  • Fix a renamed variable in one of the patches
  • Since the variable was used in an assert, the regular build did not fail, but the QA builds did.
  • Related: RHEL-87362

[1.8.3-4]

  • Fix CVE-2019-17543
  • Resolves: RHEL-87362

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

lz4

1.8.3-5.el8_10

lz4-devel

1.8.3-5.el8_10

lz4-libs

1.8.3-5.el8_10

Oracle Linux x86_64

lz4

1.8.3-5.el8_10

lz4-devel

1.8.3-5.el8_10

lz4-libs

1.8.3-5.el8_10

Связанные CVE

Связанные уязвимости

CVSS3: 8.1
ubuntu
почти 6 лет назад

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

CVSS3: 8.1
redhat
около 6 лет назад

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

CVSS3: 8.1
nvd
почти 6 лет назад

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

CVSS3: 8.1
debian
почти 6 лет назад

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (rela ...

suse-cvrf
почти 6 лет назад

Security update for lz4