SB2014072507 - Integer overflow in lzo (Alpine package)
Published: July 25, 2014
Security Bulletin ID
SB2014072507
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2014-4607)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=690b96bdd517d47619e87520408057e6a95e7396
- https://git.alpinelinux.org/aports/commit/?id=69886f376175054667fb2fbc137fadaef73693db
- https://git.alpinelinux.org/aports/commit/?id=99dc84ddd0ef087f16c1bc15051a161dd03e7f4a
- https://git.alpinelinux.org/aports/commit/?id=210db65047405fd71163ade38d7bbada529ae9de
- https://git.alpinelinux.org/aports/commit/?id=da8a329065ed375f00dc66c69cb121a99f2f3387