Synopsis: Moderate: lzo security update
Advisory ID: SLSA-2014:0861-2
Issue Date: 2014-07-09
CVE Numbers: CVE-2014-4607
—
An integer overflow flaw was found in the way the lzo library decompressed
certain archives compressed with the LZO algorithm. An attacker could
create a specially crafted LZO-compressed input that, when decompressed by
an application using the lzo library, would cause that application to
crash or, potentially, execute arbitrary code. (CVE-2014-4607)
For the update to take effect, all services linked to the lzo library must
be restarted or the system rebooted.
—
SL6
x86_64
lzo-2.03-3.1.el6_5.1.i686.rpm
lzo-devel-2.03-3.1.el6_5.1.i686.rpm
lzo-2.03-3.1.el6_5.1.x86_64.rpm
lzo-minilzo-2.03-3.1.el6_5.1.x86_64.rpm
lzo-devel-2.03-3.1.el6_5.1.x86_64.rpm
lzo-minilzo-2.03-3.1.el6_5.1.i686.rpm
lzo-debuginfo-2.03-3.1.el6_5.1.x86_64.rpm
lzo-debuginfo-2.03-3.1.el6_5.1.i686.rpm
i386
lzo-minilzo-2.03-3.1.el6_5.1.i686.rpm
lzo-2.03-3.1.el6_5.1.i686.rpm
lzo-devel-2.03-3.1.el6_5.1.i686.rpm
lzo-debuginfo-2.03-3.1.el6_5.1.i686.rpm
srpm
lzo-2.03-3.1.el6_5.1.src.rpm
noarch
lzo-debuginfo-2.03-3.1.el6_5.1.i686.rpm
lzo-debuginfo-2.03-3.1.el6_5.1.x86_64.rpm
– Scientific Linux Development Team
