FS#40992 - [linux-lts] CVE-2014-4608, CVE-2014-4611, LZO/LZ4 vulnerability
Attached to Project:
Arch Linux
Opened by Daniel Micay (thestinger) - Friday, 27 June 2014, 03:25 GMT
Last edited by Doug Newgard (Scimmia) - Saturday, 28 June 2014, 12:55 GMT
Opened by Daniel Micay (thestinger) - Friday, 27 June 2014, 03:25 GMT
Last edited by Doug Newgard (Scimmia) - Saturday, 28 June 2014, 12:55 GMT
|
Details
CVE-2014-4608 (LZO):
http://www.openwall.com/lists/oss-security/2014/06/26/21
CVE-2014-4611 (LZ4): http://www.openwall.com/lists/oss-security/2014/06/26/24 The LZO issue is fixed by 3.15.2 and 3.10.45. The LZ4 issue is fixed by 3.15.2, but I don't see it in the changelog for 3.10.45... Background: http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html |
This task depends upon
Closed by Doug Newgard (Scimmia)
Saturday, 28 June 2014, 12:55 GMT
Reason for closing: Fixed
Additional comments about closing: 3.15.2-1 in testing
Saturday, 28 June 2014, 12:55 GMT
Reason for closing: Fixed
Additional comments about closing: 3.15.2-1 in testing
Changing the _srcname variable to linux-3.15.2 and commenting out the upstream patch line / source file is enough.