[Secure-testing-team] Bug#768945: busybox lzo implementation suffers from CVE-2014-4607 flaw
Michael Tokarev
mjt at tls.msk.ru
Mon Nov 10 09:57:59 UTC 2014
Source: busybox
Version: 1:1.22.0-5
Severity: serious
Tags: security patch upstream fixed-upstream
Busybox embeds mini-lzo library implementation which suffers
from CVE-2014-4607 -- integer overflow with memory corruption
potential and a risk of (remote) code execution, see
http://www.openwall.com/lists/oss-security/2014/06/26/20 for
details.
This flaw has been fixed in busybox upstream in commit
a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3.
/mjt
More information about the Secure-testing-team
mailing list