Описание
Security update for zstd
This update for zstd to version 1.4.2 fixes the following issues:
Security issues fixed:
- CVE-2019-11922: Fixed race condition in one-pass compression functions that could allow out of bounds write (boo#1142941).
Non-security issues fixed:
- Added --[no-]compress-literals CLI flag to enable or disable literal compression.
- Added new --rsyncable mode.
- Added handling of -f flag to zstdgrep.
- Added CPU load indicator for each file on -vv mode.
- Changed --no-progress flag to preserve the final summary.
- Added new command --adapt for compressed network piping of data adjusted to the perceived network conditions.
Список пакетов
openSUSE Leap 15.1
libzstd-devel-1.4.2-lp151.3.3.1
libzstd-devel-static-1.4.2-lp151.3.3.1
libzstd1-1.4.2-lp151.3.3.1
libzstd1-32bit-1.4.2-lp151.3.3.1
zstd-1.4.2-lp151.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1845-1
- SUSE Security Ratings
- SUSE Bug 1082318
- SUSE Bug 1133297
- SUSE Bug 1142941
- SUSE CVE CVE-2019-11922 page
Описание
A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.
Затронутые продукты
openSUSE Leap 15.1:libzstd-devel-1.4.2-lp151.3.3.1
openSUSE Leap 15.1:libzstd-devel-static-1.4.2-lp151.3.3.1
openSUSE Leap 15.1:libzstd1-1.4.2-lp151.3.3.1
openSUSE Leap 15.1:libzstd1-32bit-1.4.2-lp151.3.3.1
Ссылки
- CVE-2019-11922
- SUSE Bug 1142941