[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607)
From: |
Vladimir Serbinenko |
Subject: |
[bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607) |
Date: |
Fri, 27 Jun 2014 16:48:35 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 |
Follow-up Comment #1, bug #42635 (project grub):
May be a problem when using btrfs with lzo compression. But it's unlikely. If
attacker can write to files used by GRUB, you have a bigger problems.
In cases when signatures used (if disk replacement is a possible attack
scenario), the signatures are checked before the decompression, so not a
problem either.
Nevertheless, I'll correct the mistake, thank you for forwarding this.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?42635>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/