Alerts This Week
Warning Icon 1 474
Alerts This Week
Warning Icon 1 474

openSUSE: 2019:1952-1 Moderate: zstd Buffer Overflow Issue

opensuse
Calendar Grey August 19, 2019
Dist Opensuse Esm H88
Explore the recent Fedora Security Patch tackling severe zlib vulnerabilities for improved security.
An update that solves one vulnerability and has two fixes is now available.

Description

This update for zstd fixes the following issues:

- Update to version 1.4.2:

* bug: Fix bug in zstd-0.5 decoder by @terrelln (#1696)

* bug: Fix seekable decompression in-memory API by @iburinoc (#1695)

* bug: Close minor memory leak in CLI by @LeeYoung624 (#1701)

* misc: Validate blocks are smaller than size limit by @vivekmig (#1685)

* misc: Restructure source files by @ephiepark (#1679)

- Update to version 1.4.1:

* bug: Fix data corruption in niche use cases by @terrelln (#1659)

* bug: Fuzz legacy modes, fix uncovered bugs by @terrelln (#1593, #1594,

#1595)

* bug: Fix out of bounds read by @terrelln (#1590)

* perf: Improve decode speed by ~7% @mgrice (#1668)

* perf: Slightly improved compression ratio of level 3 and 4

(ZSTD_dfast) by @cyan4973 (#1681)

* perf: Slightly faster compression speed when re-using a context by

@cyan4973 (#1658)

* perf: Improve compression ratio for small windowLog by...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate buffer overflow openSUSE zstd

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1952=1

Package List

- openSUSE Leap 15.0 (x86_64):

libzstd-devel-1.4.2-lp150.2.3.1

libzstd-devel-static-1.4.2-lp150.2.3.1

libzstd1-1.4.2-lp150.2.3.1

libzstd1-debuginfo-1.4.2-lp150.2.3.1

zstd-1.4.2-lp150.2.3.1

zstd-debuginfo-1.4.2-lp150.2.3.1

zstd-debugsource-1.4.2-lp150.2.3.1

References

https://www.suse.com/security/cve/CVE-2019-11922.html

https://bugzilla.suse.com/1082318

https://bugzilla.suse.com/1133297

https://bugzilla.suse.com/1142941

--

Announcement ID: openSUSE-SU-2019:1952-1
Rating: moderate
Affected Products: openSUSE Leap 15.0 le.

Topics%20covered

Topics Covered

security advisory moderate buffer overflow openSUSE zstd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here