Advisories ยป MGASA-2014-0321

Updated eet packages fix security vulnerability

Publication date: 06 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4611

Description

Integer overflow in the LZ4 algorithm implementation on 32-bit platforms might
allow context-dependent attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via a crafted Literal
Run that would be improperly handled by programs not complying with an API
limitation (CVE-2014-4611).

The eet package bundles the LZ4 implementation and has been patched to correct
this flaw.
                

References

SRPMS

4/core

3/core