Summary: | <app-arch/lz4-1.9.3-r1: Memory corruption due to an integer overflow (CVE-2021-3520) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Teika kazura <teika> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | amadio, mgorny |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa?] | ||
Package list: | Runtime testing required: | --- |
Description
Teika kazura
2021-05-25 11:35:45 UTC
Thanks for the report! Maintainers, please apply the patch if suitable. https://bugzilla.redhat.com/show_bug.cgi?id=1954559: "The lz4 binary itself catches the problem when it parses the header, but it seems not all library consumers do and therefore LZ4_decompress_generic() was patched." ping The patch is trivial enough, so I'll just push it straight to stable. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f063d9e1dcac596d0a15fab50c8d89c4d8a9d0e3 commit f063d9e1dcac596d0a15fab50c8d89c4d8a9d0e3 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-06-08 11:34:45 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-06-08 11:42:14 +0000 app-arch/lz4: Backport memory corruption fix (CVE-2021-3520) Bug: https://bugs.gentoo.org/791952 Signed-off-by: Michał Górny <mgorny@gentoo.org> .../lz4/files/lz4-1.9.3-negative-memmove.patch | 22 ++++++++++++++++++++++ .../lz4/{lz4-1.9.3.ebuild => lz4-1.9.3-r1.ebuild} | 4 ++++ 2 files changed, 26 insertions(+) Thank you! Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. 1.9.4 has the fix: See: https://github.com/lz4/lz4/blob/v1.9.4/lib/lz4.c#L1950 (In reply to Allen Webb from comment #13) > 1.9.4 has the fix: > > See: > https://github.com/lz4/lz4/blob/v1.9.4/lib/lz4.c#L1950 We backported it in 1.9.3-r1. |