[ MDVSA-2014:181 ] dump

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:181
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : dump
 Date    : September 24, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated dump packages fix security vulnerability:
 
 An integer overflow in liblzo before 2.07 allows attackers to cause
 a denial of service or possibly code execution in applications using
 performing LZO decompression on a compressed payload from the attacker
 (CVE-2014-4607).
 
 The dump package is built with a bundled copy of minilzo, which is
 a part of liblzo containing the vulnerable code.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?nam

007 Software

[ MDVSA-2014:181 ] dump

Leave a Reply Cancel reply

Software and Security Information