openSUSE-SU-2021:0760-1

Опубликовано: 22 мая 2021

Источник: suse-cvrf

Описание

Security update for lz4

This update for lz4 fixes the following issues:

CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.2

liblz4-1-1.8.0-lp152.5.3.1

liblz4-1-32bit-1.8.0-lp152.5.3.1

liblz4-devel-1.8.0-lp152.5.3.1

lz4-1.8.0-lp152.5.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Y6JSYGHG2J4E7C5MDUDUDEILIMZKTM7H/
E-Mail link for openSUSE-SU-2021:0760-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1185438
SUSE Bug 1185438
https://www.suse.com/security/cve/CVE-2021-3520/
SUSE CVE CVE-2021-3520 page

Описание

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.

Затронутые продукты

openSUSE Leap 15.2:liblz4-1-1.8.0-lp152.5.3.1

openSUSE Leap 15.2:liblz4-1-32bit-1.8.0-lp152.5.3.1

openSUSE Leap 15.2:liblz4-devel-1.8.0-lp152.5.3.1

openSUSE Leap 15.2:lz4-1.8.0-lp152.5.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3520.html
CVE-2021-3520
https://bugzilla.suse.com/1185438
SUSE Bug 1185438

openSUSE-SU-2021:0760-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-3520

Описание

Затронутые продукты

Ссылки