[bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607)

bug-grub

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607)

From:	Vladimir Serbinenko
Subject:	[bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607)
Date:	Fri, 27 Jun 2014 16:48:35 +0000
User-agent:	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Follow-up Comment #1, bug #42635 (project grub):

May be a problem when using btrfs with lzo compression. But it's unlikely. If
attacker can write to files used by GRUB, you have a bigger problems.
In cases when signatures used (if disk replacement is a possible attack
scenario), the signatures are checked before the decompression, so not a
problem either.
Nevertheless, I'll correct the mistake, thank you for forwarding this.

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?42635>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607), Kristian Fiskerstrand, 2014/06/27
- [bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607), Vladimir Serbinenko <=

Prev by Date: [bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607)
Next by Date: [bug #42632] ZFS pool not detected when multiple pools exist
Previous by thread: [bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607)
Index(es):
- Date
- Thread