Scientific Linux alert SLSA-2014:0861-2 (lzo)


From:
    	       Pat Riehecky <riehecky@fnal.gov> 
To:
    	       <scientific-linux-errata@listserv.fnal.gov> 
Subject:
    	       Security ERRATA Moderate: lzo on SL6.x i386/srpm/x86_64 
Date:
    	       Wed, 9 Jul 2014 18:43:11 +0000
Message-ID:
    	       <20140709184311.22168.31715@slpackages.fnal.gov>
Synopsis:          Moderate: lzo security update
Advisory ID:       SLSA-2014:0861-2
Issue Date:        2014-07-09
CVE Numbers:       CVE-2014-4607
--

An integer overflow flaw was found in the way the lzo library decompressed
certain archives compressed with the LZO algorithm. An attacker could
create a specially crafted LZO-compressed input that, when decompressed by
an application using the lzo library, would cause that application to
crash or, potentially, execute arbitrary code. (CVE-2014-4607)

For the update to take effect, all services linked to the lzo library must
be restarted or the system rebooted.
--

SL6
  x86_64
    lzo-2.03-3.1.el6_5.1.i686.rpm
    lzo-devel-2.03-3.1.el6_5.1.i686.rpm
    lzo-2.03-3.1.el6_5.1.x86_64.rpm
    lzo-minilzo-2.03-3.1.el6_5.1.x86_64.rpm
    lzo-devel-2.03-3.1.el6_5.1.x86_64.rpm
    lzo-minilzo-2.03-3.1.el6_5.1.i686.rpm
    lzo-debuginfo-2.03-3.1.el6_5.1.x86_64.rpm
    lzo-debuginfo-2.03-3.1.el6_5.1.i686.rpm
  i386
    lzo-minilzo-2.03-3.1.el6_5.1.i686.rpm
    lzo-2.03-3.1.el6_5.1.i686.rpm
    lzo-devel-2.03-3.1.el6_5.1.i686.rpm
    lzo-debuginfo-2.03-3.1.el6_5.1.i686.rpm
  srpm
    lzo-2.03-3.1.el6_5.1.src.rpm
  noarch
    lzo-debuginfo-2.03-3.1.el6_5.1.i686.rpm
    lzo-debuginfo-2.03-3.1.el6_5.1.x86_64.rpm

- Scientific Linux Development Team

From:		Pat Riehecky <riehecky@fnal.gov>
To:		<scientific-linux-errata@listserv.fnal.gov>
Subject:		Security ERRATA Moderate: lzo on SL6.x i386/srpm/x86_64
Date:		Wed, 9 Jul 2014 18:43:11 +0000
Message-ID:		<20140709184311.22168.31715@slpackages.fnal.gov>