Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2014:0861
HistoryJul 09, 2014 - 12:38 p.m.

lzo security update

2014-07-0912:38:49
CentOS Project
lists.centos.org
51

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

83.8%

JSON

CentOS Errata and Security Advisory CESA-2014:0861

LZO is a portable lossless data compression library written in ANSI C.

An integer overflow flaw was found in the way the lzo library decompressed
certain archives compressed with the LZO algorithm. An attacker could
create a specially crafted LZO-compressed input that, when decompressed by
an application using the lzo library, would cause that application to crash
or, potentially, execute arbitrary code. (CVE-2014-4607)

Red Hat would like to thank Don A. Bailey from Lab Mouse Security for
reporting this issue.

All lzo users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the lzo library must be restarted or the
system rebooted.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-July/082563.html
https://lists.centos.org/pipermail/centos-announce/2014-July/082568.html

Affected packages:
lzo
lzo-devel
lzo-minilzo

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:0861

Related

openvas 49
fedora 15
nessus 46
f5 2
freebsd 1
ibm 4
prion 1
mageia 14
securityvulns 2
cve 1
cvelist 1
suse 2
oraclelinux 1
gentoo 2
amazon 1
ubuntu 1
ubuntucve 1
osv 3
veracode 1
debian 5
nvd 1
redhat 2
debiancve 1
thn 1
openvas
openvas
Debian: Security Advisory (DLA-35-1)
2023-03-08 00:00:00
Huawei EulerOS: Security Advisory for dump (EulerOS-SA-2019-1740)
2020-01-23 00:00:00
Debian: Security Advisory (DSA-2995-1)
2014-08-02 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: grub2-2.00-27.fc19
2014-12-17 04:44:56
[SECURITY] Fedora 19 Update: krfb-4.11.5-3.fc19
2014-08-16 00:28:57
[SECURITY] Fedora 20 Update: icecream-1.0.1-8.20140822git.fc20
2014-11-19 15:57:32
nessus
nessus
Mandriva Linux Security Advisory : libvncserver (MDVSA-2014:168)
2014-09-12 00:00:00
EulerOS 2.0 SP5 : dump (EulerOS-SA-2019-2139)
2019-11-12 00:00:00
F5 Networks BIG-IP : LZO vulnerability (K95698826)
2016-02-04 00:00:00
f5
f5
SOL95698826 - LZO vulnerability CVE-2014-4607
2016-02-03 00:00:00
K95698826 : LZO vulnerability CVE-2014-4607
2016-02-04 00:00:00
freebsd
freebsd
krfb -- Possible Denial of Service or code execution via integer overflow
2014-08-03 00:00:00
ibm
ibm
Security Bulletin: A busybox vulnerability affects IBM DataPower Gateways (CVE-2014-4607)
2018-06-15 07:06:27
Security Bulletin: Vulnerabilities in busybox affect IBM Security Network Protection (CVE-2014-4607, and CVE-2014-9645 )
2018-06-16 21:46:13
Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in busybox, arpwatch, apr, acpid, augeas, firefox, ctdb.
2021-12-15 07:41:22
prion
prion
Integer overflow
2020-02-12 14:15:00
mageia
mageia
Updated dump package fix CVE-2014-4607
2014-09-15 14:36:30
Updated libvncserver and remmina packages fix security vulnerability
2014-08-27 03:04:56
Updated kdenetwork4 packages fixes security vulnerability in krfb
2014-08-27 12:21:43
securityvulns
securityvulns
[ MDVSA-2014:134 ] liblzo
2014-07-22 00:00:00
liblzo integer overflow
2014-07-22 00:00:00
cve
cve
CVE-2014-4607
2020-02-12 14:15:10
cvelist
cvelist
CVE-2014-4607
2020-02-12 13:49:35
suse
suse
Security update for lzo (important)
2014-07-31 19:04:17
Security update for lzo (important)
2014-07-16 19:04:17
oraclelinux
oraclelinux
lzo security update
2014-07-09 00:00:00
gentoo
gentoo
LZO: Multiple vulnerabilities
2017-01-02 00:00:00
BusyBox: Multiple vulnerabilities
2015-03-29 00:00:00
amazon
amazon
Medium: lzo
2014-07-09 16:45:00
ubuntu
ubuntu
LZO vulnerability
2014-07-24 00:00:00
ubuntucve
ubuntucve
CVE-2014-4607
2014-07-09 00:00:00
osv
osv
lzo2 - security update
2014-08-03 00:00:00
icecream-1.3.1-3.7 on GA media
2024-06-15 00:00:00
nfdump-1.6.23-1.3 on GA media
2024-06-15 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-12-11 09:20:29
debian
debian
[SECURITY] [DSA 2995-1] lzo2 security update
2014-08-03 07:37:56
[SECURITY] [DSA 2995-1] lzo2 security update
2014-08-03 07:37:56
[DLA 35-1] lzo2 security update
2014-08-11 16:38:42
nvd
nvd
CVE-2014-4607
2020-02-12 14:15:10
redhat
redhat
(RHSA-2014:0861) Moderate: lzo security update
2014-07-09 00:00:00
(RHSA-2014:0979) Moderate: rhev-hypervisor6 security and bug fix update
2014-07-29 00:00:00
debiancve
debiancve
CVE-2014-4607
2020-02-12 14:15:10
thn
thn
20-Year Old Vulnerability in LZO Compression Algorithm Went to Planet Mars
2014-06-27 05:43:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

83.8%

JSON
Related for CESA-2014:0861
openvas49fedora15nessus46f52freebsd1ibm4prion1mageia14securityvulns2cve1cvelist1suse2oraclelinux1gentoo2amazon1ubuntu1ubuntucve1osv3veracode1debian5nvd1redhat2debiancve1thn1