—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1637
lz4 security update
13 May 2021
===========================================================================
AusCERT Security Bulletin Summary
———————————
Product: lz4
Publisher: Debian
Operating System: Debian GNU/Linux
Linux variants
Impact/Access: Denial of Service — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3520
Original Bulletin:
https://www.debian.org/lts/security/2021/dla-2657
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running lz4 check for an updated version of the software for their
operating system.
– ————————–BEGIN INCLUDED TEXT——————–
– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
– – ————————————————————————-
Debian LTS Advisory DLA-2657-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
May 12, 2021 https://wiki.debian.org/LTS
– – ————————————————————————-
Package : lz4
Version : 0.0~r131-2+deb9u1
CVE ID : CVE-2021-3520
Debian Bug : #987856
It was discovered that there was a potential memory corruption
vulnerability in the lz4 compression algorithm library.
For Debian 9 “Stretch”, this problem has been fixed in version
0.0~r131-2+deb9u1.
We recommend that you upgrade your lz4 packages.
For the detailed security status of lz4 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lz4
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
– —–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmCbpUUACgkQHpU+J9Qx
HlibTA/+J+ZqxYaBV0IgWDtncbxBXbP0WpMym4zrLbPKvo/w8L+77ln/O0HyPTa1
2PQC9AurTpYqHJlcs89sRDdJtsiIlcf2DnSKzNI/tqMpkJdN3JeZ0Um6zKsK5xe6
SRtJMvnDFyqnotOGjou29odHugEKdsN4Mi2zXGuf0V4LsdZQpoeeDya4fRf7c6vc
QwxtAmwcLt29+1PSEled8PggggY7P4/QAf8kMNP/HI8ucv7v/MUw9JhAiw2hqR/8
vO2zpNXgwDG0opMXvx3H+uNipVT4qPu4nwPEi37if7bU0I3DtM2d3f4E3jM4CK48
Ns/435+YC263Ibqt/nP2+LrfgChmDqRbCzjUlTrpstOyhTeE/9qSzH1sOcL4jUsS
nv0OatSJlA7llAiUOZ/NaaEX5oKV7uhYCEkJhfZItnuhr+FN2OE4y7YF2et1qtg2
xhyIlZIC5JQusIpIa1pBJy7ZA7laYeH8VdPXIw6b1DxJLICd2rg+rqMWrsoOCZS+
GyxFOz9ZceFr5sD9f033gcO4QNKE8X2J1Urp/xGtBeMZcCnF8tPDYTGKrOsmkOwV
2HLQnCgCGJ121RGeF6qjb6ECnbOgj3JNwgXKUjiUQFQM9Yww/aqq77xPiDVHz7n8
PFFw5kT5ORgIRk7/zNxcNTSUPr6TNOEA9T21994yfD9GfyP8StI=
=U50D
– —–END PGP SIGNATURE—–
– ————————–END INCLUDED TEXT——————–
You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYJxbhONLKJtyKPYoAQj5/w//SrY70w0byvDHJpXnW4UvR5+SNOuzqfCK
5cbdOO5JL+P+4dA2ayqbdeXSI0tEDlBO+NBqYHshtwjOGBJB9fpsrVAvy0MRrHBn
++gLOnG3rH0mBBCtL4UMcVX/tfOoz9YGPRUQjleIryNP+QblMqVD79ac/KBbDuPo
4SwYk0fbJajl7TKtMMWAp+RGa4+PNzZixkpnW5AJL7sIA3wZTsPsEC0akr5PMG/i
E8K7gghUsEE5zYXqxbNp4KSRWN2iLEp/x5QeNfMrFA4qhY5rshgUt+NQxxZLHLUW
kfklDId5c1mCsyXLTAMhXfxktY1kqQiXozpl2lHYVIStUIbi2yHtLW1ga2/EOw7y
a5h+UDhrgXUn9AIlswSbRkOvJmMad7vXFs/PpIosp4Ec/HYNAiCH7kjqlD5LLpSW
WJ9LbJmHn+/XheaWxHiZGbtcK1/ZemzPBVpgrZdZfHnpxBSvvIWX1HROhhMEOOq4
7uQW1ZW+EjqQtG+8WxUGqkT9JmxwDaBsTLDpmGvIfHvPzWU8cchrPTTPatPHzdJO
6vh0IuEwsbJD1XP5TLck9VWW/zOijv5Y05byA5ISfwm2bQeFElWfm2VB50Rf6/Gg
6+pjHRZsRypG+pPvQhuHpk49ZhM9N/ndkaj9ujo7ofu4R9WFsCU6jQn+Ya/866XR
hVWZ8tpTQd0=
=Yxcf
—–END PGP SIGNATURE—–
The post ESB-2021.1637 – [Linux][Debian] lz4: Denial of service – Remote/unauthenticated appeared first on Malware Devil.
https://malwaredevil.com/2021/05/13/esb-2021-1637-linuxdebian-lz4-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1637-linuxdebian-lz4-denial-of-service-remote-unauthenticated
No comments:
Post a Comment