ESB-2021.1791 – [Debian] lz4: Denial of service – Remote/unauthenticated

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1791
lz4 security update
24 May 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: lz4
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3520

Reference: ESB-2021.1748
ESB-2021.1661
ESB-2021.1637

Original Bulletin:
http://www.debian.org/security/2021/dsa-4919

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian Security Advisory DSA-4919-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 21, 2021 https://www.debian.org/security/faq
– – ————————————————————————-

Package : lz4
CVE ID : CVE-2021-3520
Debian Bug : 987856

Jasper Lievisse Adriaanse reported an integer overflow flaw in lz4, a
fast LZ compression algorithm library, resulting in memory corruption.

For the stable distribution (buster), this problem has been fixed in
version 1.8.3-1+deb10u1.

We recommend that you upgrade your lz4 packages.

For the detailed security status of lz4 please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/lz4

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

– —–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCnrLxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Qs8Q/7B2cSOJauVyaBvOcOY0CVy1C4LjzD+FMhizy/9WOnOTeSzCEstoZPN0j5
Cw1kVqvkyQvzGIy6lcOpeR9FiWGvAzdW28tWh2e7iCgRnUynIFt9o4kAYet/flNA
0t+QQbSwMgTX0mMCkcqToZxcRpnjCNmrmfu459qGw0zrKQ7uhgjA0QrcTQhVpr4p
Xj7NeCS7303ZjV5D+UwdEnYM/vGFNWSAQ0o9veWFwj4+K+AkgwzyeZL3ghAEsS2L
WFpX/cMg2WuaEQtA2y6y9UsUPh8hQLN5P6MRnmZoWWXQXrpLOkSN7/rmK1GCeHRJ
qc8V1HF6yIPYhpFt+GZJvwc/hnjRYXzvv7k4AtQCCPDTrKbAfwpiPYFdvdrXGfqi
2wy3WdoAQbnRbIujbSBw1NI75tzJm2aAgl6NZ3TrmZ1proNJzWDwvrqGNYPtn6vn
xYAZcGeH5JXmXRngfXbQLOXTapniBknaY+c6Eq/LE9WNn169hlfr/OxXwAesTycS
skKvWIr6c5pyF9ZGg6FcvWqMI/Hl6zDW1sl5dVlj/o2eQrN6i2zIlhFdSiEVU2UX
A1sE4cxEiA0eoZJBg8rdg6A9Ck4MoLuEKVz0HuYsj18+VDAtOz2bvBOLMr3EgV3k
AC2Gi1HReVMBihewrnMtiIqu1ZxYVPCkvpKvyzD1R0IxNJofLWE=
=+5P6
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYKsU3+NLKJtyKPYoAQi1qg//SlpBkcGVeRyLRhX0hi4FC+EN7Cw+jeFq
CJkcnvCCvTIOZt3ssoMusTvQ+14iZx8g6Yjq2So8W4yBG4BkYS8nMrk5IOBIQOsa
9hjx5ZdPISU/VVH5GEIAsHFpgdnDCbSXUz08zGf17ZtQe6RztcOsBxfUaz1U/pIl
MSVtE9dI3tr4alvFfnLNIuil8Th8uFQ2Pfc8Z7kElh97aElOLT6Irmat6P8YsWpM
C6kwADC2vIiRS/mVCkZf9Iq0Rem8pahvjToYIrMsw7nG7AnmHa0wBfEwR2+pRhrY
fNk4g5XY54yAHcLQtxZgiJ9OUtvJ6bkv/PLAKqDx9kV2e21no88oRVXIYGG8CQvc
5SXC19FPjblY6JJrUQ7RozLxDEx7M+h5ZVWv1QWZn8qkMpF2k9MNvb7j1timSEB3
B9Ku8y6awIiaPh5K+zp7UrxEM4x1pkmecnV6uiTcvj1W/sZOwpzhGCL6m9qe017F
+uWJoVrSfi/IlNueSf0e8OPosh1RHaxC5LnQl7ZteaU7QFVMNpJlaRBADLPvgfID
iyil+trLl5YTvknuVKsSfO94nu4CLy/wMWcK/z/xb9XrTzqV3jRcvmIy/hi2aYvn
/epdUjRVauO8/yl637ht92fZqh2rNNuPecWVEXDJRTpNRhWgRKLhJ/Syvqla4aPo
3BaU03GXuXw=
=FAxv
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.1791 – [Debian] lz4: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/05/24/esb-2021-1791-debian-lz4-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1791-debian-lz4-denial-of-service-remote-unauthenticated