bug-grub
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607)

From: Kristian Fiskerstrand
Subject: [bug #42635] minilzo: Embedded LZO vulnerability (CVE-2014-4607)
Date: Fri, 27 Jun 2014 16:06:25 +0000
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 
URL:
  <http://savannah.gnu.org/bugs/?42635>

                 Summary: minilzo: Embedded LZO vulnerability (CVE-2014-4607)
                 Project: GNU GRUB
            Submitted by: kristianf
            Submitted on: Fri 27 Jun 2014 04:06:24 PM GMT
                Category: Security
                Severity: Major
                Priority: 5 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 
                 Release: Git master
         Reproducibility: None
         Planned Release: None

    _______________________________________________________

Details:

Hi, 

A security issue was raised[0] regarding implementation of LZO which is fixed
in Oberhumer's LZO version 2.07 and allocated CVE-2014-4607. Further it is
suggested that grub might be affected to this vulnerability by embedding a
version of the affected code (minilzo)[1]. It would be appreciated to get a
comment on the applicability and a possible fix for this issue. 

References: 
[0] http://seclists.org/oss-sec/2014/q2/665
[1] http://seclists.org/oss-sec/2014/q2/676




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?42635>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]