Advisories » MGASA-2014-0321

Updated eet packages fix security vulnerability

Publication date: 06 Aug 2014
Modification date: 06 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4611

Description

Integer overflow in the LZ4 algorithm implementation on 32-bit platforms might
allow context-dependent attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via a crafted Literal
Run that would be improperly handled by programs not complying with an API
limitation (CVE-2014-4611).

The eet package bundles the LZ4 implementation and has been patched to correct
this flaw.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13786
• http://openwall.com/lists/oss-security/2014/06/26/25
• http://lists.opensuse.org/opensuse-updates/2014-07/msg00025.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4611

SRPMS

3/core

• eet-1.7.5-2.1.mga3

4/core

• eet-1.7.10-1.1.mga4