Updated eet packages fix security vulnerability
Publication date: 06 Aug 2014Modification date: 06 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4611
Description
Integer overflow in the LZ4 algorithm implementation on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation (CVE-2014-4611). The eet package bundles the LZ4 implementation and has been patched to correct this flaw.
References
SRPMS
3/core
- eet-1.7.5-2.1.mga3
4/core
- eet-1.7.10-1.1.mga4