| Revision Date: | 2014-07-03 | Version: | 1 | | Title: | CVE-2014-4611 on Ubuntu 18.04 LTS (bionic) - medium. | | Description: | Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715. Don Bailey and Ludvig Strigeus discovered an integer overflow in the Linux kernel's implementation of the LZ4 decompression algorithm, when used by code not complying with API limitations. An attacker could exploit this flaw to cause a denial of service (memory corruption) or possibly other unspecified impact.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2014-4611
| | Platform(s): | Ubuntu 18.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 18.04 LTS (bionic) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in bionic is not affected (note: '4.13.0-16.19').
OR NOT While related to the CVE in some way, the 'linux-aws' package in bionic is not affected (note: '4.15.0-1001.1').
OR NOT While related to the CVE in some way, the 'linux-azure' package in bionic is not affected (note: '4.15.0-1002.2').
OR NOT While related to the CVE in some way, the 'linux-azure-edge' package in bionic is not affected (note: '4.15.0-1002.2').
OR NOT While related to the CVE in some way, the 'linux-gcp' package in bionic is not affected (note: '4.15.0-1001.1').
OR NOT While related to the CVE in some way, the 'linux-gcp-edge' package in bionic is not affected (note: '4.18.0-1004.5~18.04.1').
OR NOT While related to the CVE in some way, the 'linux-gke' package in bionic is not affected.
OR NOT While related to the CVE in some way, the 'linux-hwe' package in bionic is not affected (note: '4.18.0-13.14~18.04.1').
OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in bionic is not affected (note: '5.0.0-8.9~18.04.1').
OR NOT While related to the CVE in some way, the 'linux-kvm' package in bionic is not affected (note: '4.15.0-1002.2').
OR NOT While related to the CVE in some way, the 'linux-oem' package in bionic is not affected (note: '4.15.0-1002.3').
OR NOT While related to the CVE in some way, the 'linux-oracle' package in bionic is not affected (note: '4.15.0-1007.9').
OR NOT While related to the CVE in some way, the 'linux-raspi2' package in bionic is not affected (note: '4.13.0-1005.5').
OR NOT While related to the CVE in some way, the 'linux-snapdragon' package in bionic is not affected (note: '4.4.0-1077.82').
OR NOT While related to the CVE in some way, the 'lz4' package in bionic is not affected (note: '0.0~r118-1').
|
|