Oval Definition:oval:com.redhat.rhsa:def:20140861
Revision Date:2014-07-09Version:639
Title:RHSA-2014:0861: lzo security update (Moderate)
Description:LZO is a portable lossless data compression library written in ANSI C.

  • An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code. (CVE-2014-4607)

    Red Hat would like to thank Don A. Bailey from Lab Mouse Security for reporting this issue.

    All lzo users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the lzo library must be restarted or the system rebooted.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2014-4607
    CVE-2014-4607
    RHSA-2014:0861
    RHSA-2014:0861-00
    RHSA-2014:0861-02
    Platform(s):Red Hat Enterprise Linux 6
    Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • lzo is earlier than 0:2.03-3.1.el6_5.1
  • AND lzo is signed with Red Hat redhatrelease2 key
  • lzo-devel is earlier than 0:2.03-3.1.el6_5.1
  • AND lzo-devel is signed with Red Hat redhatrelease2 key
  • lzo-minilzo is earlier than 0:2.03-3.1.el6_5.1
  • AND lzo-minilzo is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • lzo is earlier than 0:2.06-6.el7_0.2
  • AND lzo is signed with Red Hat redhatrelease2 key
  • lzo-devel is earlier than 0:2.06-6.el7_0.2
  • AND lzo-devel is signed with Red Hat redhatrelease2 key
  • lzo-minilzo is earlier than 0:2.06-6.el7_0.2
  • AND lzo-minilzo is signed with Red Hat redhatrelease2 key
    • BACK