openSUSE-SU-2019:2399-1

Опубликовано: 28 окт. 2019

Источник: suse-cvrf

Описание

Security update for lz4

This update for lz4 fixes the following issues:

CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

liblz4-1-1.8.0-lp151.3.3.1

liblz4-1-32bit-1.8.0-lp151.3.3.1

liblz4-devel-1.8.0-lp151.3.3.1

lz4-1.8.0-lp151.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WYYDWMO34OK7XA7H4QNW6VMAS3LHI33N/#WYYDWMO34OK7XA7H4QNW6VMAS3LHI33N
E-Mail link for openSUSE-SU-2019:2399-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1153936
SUSE Bug 1153936
https://www.suse.com/security/cve/CVE-2019-17543/
SUSE CVE CVE-2019-17543 page

Описание

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

Затронутые продукты

openSUSE Leap 15.1:liblz4-1-1.8.0-lp151.3.3.1

openSUSE Leap 15.1:liblz4-1-32bit-1.8.0-lp151.3.3.1

openSUSE Leap 15.1:liblz4-devel-1.8.0-lp151.3.3.1

openSUSE Leap 15.1:lz4-1.8.0-lp151.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-17543.html
CVE-2019-17543
https://bugzilla.suse.com/1153936
SUSE Bug 1153936
https://bugzilla.suse.com/1188549
SUSE Bug 1188549

openSUSE-SU-2019:2399-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-17543

Описание

Затронутые продукты

Ссылки