[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607)
From: |
Kristian Fiskerstrand |
Subject: |
[bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607) |
Date: |
Fri, 27 Jun 2014 16:06:25 +0000 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 |
URL:
<http://savannah.gnu.org/bugs/?42635>
Summary: minilzo: Embedded LZO vulnerability (CVE-2014-4607)
Project: GNU GRUB
Submitted by: kristianf
Submitted on: Fri 27 Jun 2014 04:06:24 PM GMT
Category: Security
Severity: Major
Priority: 5 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release:
Release: Git master
Reproducibility: None
Planned Release: None
_______________________________________________________
Details:
Hi,
A security issue was raised[0] regarding implementation of LZO which is fixed
in Oberhumer's LZO version 2.07 and allocated CVE-2014-4607. Further it is
suggested that grub might be affected to this vulnerability by embedding a
version of the affected code (minilzo)[1]. It would be appreciated to get a
comment on the applicability and a possible fix for this issue.
References:
[0] http://seclists.org/oss-sec/2014/q2/665
[1] http://seclists.org/oss-sec/2014/q2/676
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?42635>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607),
Kristian Fiskerstrand <=