Advisories » MGASA-2021-0322

Updated zstd packages fix a security vulnerability

Publication date: 09 Jul 2021
Modification date: 08 Jul 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2021-24031

Description

In the Zstandard command-line utility prior to v1.4.1, output files were
created with default permissions. Correct file permissions (matching the input)
would only be set at completion time. Output files could therefore be readable
or writable to unintended parties (CVE-2021-24031).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=28444
• https://ubuntu.com/security/notices/USN-4760-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24031

SRPMS

7/core

• zstd-1.4.0-1.1.mga7