openSUSE-SU-2021:1825-1

Опубликовано: 10 июл. 2021

Источник: suse-cvrf

Описание

Security update for lz4

This update for lz4 fixes the following issues:

CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438).

Список пакетов

openSUSE Leap 15.3

liblz4-1-1.9.2-3.3.1

liblz4-1-32bit-1.9.2-3.3.1

liblz4-devel-1.9.2-3.3.1

lz4-1.9.2-3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MA4LQPPDXUEKHDKVDM24RJVHSV2EC67P/
E-Mail link for openSUSE-SU-2021:1825-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1185438
SUSE Bug 1185438
https://www.suse.com/security/cve/CVE-2021-3520/
SUSE CVE CVE-2021-3520 page

Описание

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.

Затронутые продукты

openSUSE Leap 15.3:liblz4-1-1.9.2-3.3.1

openSUSE Leap 15.3:liblz4-1-32bit-1.9.2-3.3.1

openSUSE Leap 15.3:liblz4-devel-1.9.2-3.3.1

openSUSE Leap 15.3:lz4-1.9.2-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3520.html
CVE-2021-3520
https://bugzilla.suse.com/1185438
SUSE Bug 1185438

openSUSE-SU-2021:1825-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-3520

Описание

Затронутые продукты

Ссылки